chat/server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

check rights

Browse Source
This commit is contained in:
BENEDEK László 2025-06-11 19:27:51 +02:00
parent bd0539cff5
commit d33df6d65a
5 changed files with 89 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
api/chat.go
View File

@ -23,9 +23,7 @@ var upgrader = websocket.Upgrader{
} }
func listAvailableChannels(c *gin.Context) { func listAvailableChannels(c *gin.Context) {
token, _ := c.Get(SESSION_COOKIE) channels, err := chatController.ListAvailableChannels(c.GetInt(USER_ID))
channels, err := chatController.ListAvailableChannels(token.(string))
if err != nil { if err != nil {
sendError(c, err) sendError(c, err)
return return
@ -73,9 +71,7 @@ func getMessages(c *gin.Context) {
} }
} }
fmt.Println(from, limit) messages, msgErr := chatController.GetMessages(c.GetInt(USER_ID), id, from, limit)
messages, msgErr := chatController.GetMessages(id, from, limit)
if msgErr != nil { if msgErr != nil {
sendError(c, msgErr) sendError(c, msgErr)
return return
@ -88,8 +84,6 @@ func getMessages(c *gin.Context) {
} }
func sendMessage(c *gin.Context) { func sendMessage(c *gin.Context) {
token, _ := c.Get(SESSION_COOKIE)
message := model.Message{} message := model.Message{}
if err := c.Bind(&message); err != nil { if err := c.Bind(&message); err != nil {
c.JSON(http.StatusBadRequest, gin.H{ c.JSON(http.StatusBadRequest, gin.H{
@ -98,7 +92,7 @@ func sendMessage(c *gin.Context) {
return return
} }
err := chatController.SendMessage(token.(string), message.Channel, message.Content) err := chatController.SendMessage(c.GetInt(USER_ID), message.Channel, message.Content)
if err != nil { if err != nil {
fmt.Println(err.Error()) fmt.Println(err.Error())
@ -112,7 +106,6 @@ func sendMessage(c *gin.Context) {
} }
func subscribeToChannel(c *gin.Context) { func subscribeToChannel(c *gin.Context) {
// TODO: check if the user has right to subscribe to the given channel
id, err := strconv.Atoi(c.Param(CHANNEL_ID)) id, err := strconv.Atoi(c.Param(CHANNEL_ID))
if err != nil { if err != nil {
c.JSON(http.StatusBadRequest, gin.H{ c.JSON(http.StatusBadRequest, gin.H{
@ -128,7 +121,7 @@ func subscribeToChannel(c *gin.Context) {
} }
defer conn.Close() defer conn.Close()
messages, chanErr := chatController.SubscribeToChannel(c, id) messages, chanErr := chatController.SubscribeToChannel(c, id, c.GetInt(USER_ID))
for { for {
select { select {

8
api/endpoints.go
View File

@ -35,6 +35,11 @@ func initControlles() *util.ChatError {
return err return err
} }
rightDAO, err := dao.GetRightDAO()
if err != nil {
return err
}
notifcationDAO, err := dao.GetNotificationDAO() notifcationDAO, err := dao.GetNotificationDAO()
if err != nil { if err != nil {
return err return err
@ -47,7 +52,8 @@ func initControlles() *util.ChatError {
sessionDAO, sessionDAO,
messageDAO, messageDAO,
notifcationDAO, notifcationDAO,
userDAO) userDAO,
rightDAO)
return nil return nil
} }

85
controller/ChatController.go
View File

@ -15,33 +15,64 @@ type ChatController struct {
messageDAO dao.IMessageDAO messageDAO dao.IMessageDAO
notifcationDAO dao.INotificationDAO notifcationDAO dao.INotificationDAO
userDAO dao.IUserDAO userDAO dao.IUserDAO
rightDAO dao.IRightDAO
} }
func (c ChatController) ListAvailableChannels(token string) ([]model.Channel, *util.ChatError) { func (c ChatController) ListAvailableChannels(userID int) ([]model.Channel, *util.ChatError) {
userID, err := c.sessionDAO.Get(token) return c.channelDAO.ListAvailableChannels(userID)
}
func (c ChatController) GetMessages(userID int, channel int, from time.Time, limit int) ([]model.Message, *util.ChatError) {
rights, err := c.rightDAO.ListUserRigths(model.User{ID: userID})
if err != nil { if err != nil {
return nil, err return nil, err
} }
return c.channelDAO.ListAvailableChannels(userID) right, ok := rights[channel]
} if !ok {
return nil, &util.ChatError{Message: "", Code: util.SEND_NOT_AUTHORIZED}
}
switch right {
case model.RightWrite:
return nil, &util.ChatError{Message: "", Code: util.SEND_NOT_AUTHORIZED}
case model.RightReadWrite:
break
case model.RightAdmin:
break
case model.RightRead:
break
}
func (c ChatController) GetMessages(channel int, from time.Time, limit int) ([]model.Message, *util.ChatError) {
return c.messageDAO.List(model.Channel{ID: channel}, from, limit) return c.messageDAO.List(model.Channel{ID: channel}, from, limit)
} }
func (c ChatController) SendMessage(token string, channel int, content string) *util.ChatError { func (c ChatController) SendMessage(userID int, channel int, content string) *util.ChatError {
sender_id, err := c.sessionDAO.Get(token) user, err := c.userDAO.Read(model.User{ID: userID})
if err != nil { if err != nil {
return err return err
} }
user, err := c.userDAO.Read(model.User{ID: sender_id}) rights, err := c.rightDAO.ListUserRigths(user)
if err != nil { if err != nil {
return err return err
} }
// TODO: check if user has right to send message in the given channel right, ok := rights[channel]
if !ok {
return &util.ChatError{Message: "", Code: util.SEND_NOT_AUTHORIZED}
}
switch right {
case model.RightWrite:
break
case model.RightReadWrite:
break
case model.RightAdmin:
break
case model.RightRead:
return &util.ChatError{Message: "", Code: util.SEND_NOT_AUTHORIZED}
}
message := model.Message{ message := model.Message{
SenderID: user.ID, SenderID: user.ID,
@ -59,8 +90,36 @@ func (c ChatController) SendMessage(token string, channel int, content string) *
return c.notifcationDAO.SendMessage(message) return c.notifcationDAO.SendMessage(message)
} }
func (c ChatController) SubscribeToChannel(ctx context.Context, id int) (<-chan model.Message, <-chan *util.ChatError) { func (c ChatController) SubscribeToChannel(ctx context.Context, channel int, userID int) (<-chan model.Message, <-chan *util.ChatError) {
return c.notifcationDAO.SubscribeToChannel(ctx, id)
rights, err := c.rightDAO.ListUserRigths(model.User{ID: userID})
if err != nil {
errs := make(chan *util.ChatError, 1)
errs <- err
return nil, errs
}
right, ok := rights[channel]
if !ok {
errs := make(chan *util.ChatError, 1)
errs <- &util.ChatError{Message: "", Code: util.SEND_NOT_AUTHORIZED}
return nil, errs
}
switch right {
case model.RightWrite:
errs := make(chan *util.ChatError, 1)
errs <- &util.ChatError{Message: "", Code: util.SEND_NOT_AUTHORIZED}
return nil, errs
case model.RightReadWrite:
break
case model.RightAdmin:
break
case model.RightRead:
break
}
return c.notifcationDAO.SubscribeToChannel(ctx, channel)
} }
func MakeChatController( func MakeChatController(
@ -68,13 +127,15 @@ func MakeChatController(
sessionDAO dao.ISessionDAO, sessionDAO dao.ISessionDAO,
messageDAO dao.IMessageDAO, messageDAO dao.IMessageDAO,
notificationDAO dao.INotificationDAO, notificationDAO dao.INotificationDAO,
userDAO dao.IUserDAO) ChatController { userDAO dao.IUserDAO,
rightDAO dao.IRightDAO) ChatController {
controller := ChatController{ controller := ChatController{
channelDAO: channelDAO, channelDAO: channelDAO,
sessionDAO: sessionDAO, sessionDAO: sessionDAO,
messageDAO: messageDAO, messageDAO: messageDAO,
notifcationDAO: notificationDAO, notifcationDAO: notificationDAO,
userDAO: userDAO, userDAO: userDAO,
rightDAO: rightDAO,
} }
return controller return controller
} }

2
dao/postgres/ChannelDAO.go
View File

@ -60,7 +60,7 @@ func (d ChannelDAOPG) List() ([]model.Channel, *util.ChatError) {
// ListAvailableChannels returns channels that the given user has access to // ListAvailableChannels returns channels that the given user has access to
func (d ChannelDAOPG) ListAvailableChannels(userID int) ([]model.Channel, *util.ChatError) { func (d ChannelDAOPG) ListAvailableChannels(userID int) ([]model.Channel, *util.ChatError) {
rows, err := d.db.Queryx(`select "channel_id" as "id", "channel_name" as "name", "channel_description" as "description" from "user_rigths_per_channel" where "user_id" = $1 order by "id"`, userID) rows, err := d.db.Queryx(`select "channel_id" as "id", "channel_name" as "name", "channel_description" as "description", "rights" from "user_rigths_per_channel" where "user_id" = $1 order by "id"`, userID)
if err != nil { if err != nil {
return nil, util.MakeError(err, util.DATABASE_QUERY_FAULT) return nil, util.MakeError(err, util.DATABASE_QUERY_FAULT)
} }

4
util/errors.go
View File

@ -18,6 +18,8 @@ const (
USERNAME_TOO_SHORT USERNAME_TOO_SHORT
PASSWORD_TOO_SHORT PASSWORD_TOO_SHORT
PASSWORDS_DONT_MATCH PASSWORDS_DONT_MATCH
SEND_NOT_AUTHORIZED
READ_NOT_AUTHORIZED
NOT_LOGGED_IN NOT_LOGGED_IN
) )
@ -31,6 +33,8 @@ var codeToMessage = map[ChatErrorCode]string{
USERNAME_TOO_SHORT: "username is too short", USERNAME_TOO_SHORT: "username is too short",
PASSWORD_TOO_SHORT: "password is too short", PASSWORD_TOO_SHORT: "password is too short",
PASSWORDS_DONT_MATCH: "passwords do not match", PASSWORDS_DONT_MATCH: "passwords do not match",
SEND_NOT_AUTHORIZED: "not authorized to send messages in this channel",
READ_NOT_AUTHORIZED: "not authorized to read messages in this channel",
NOT_LOGGED_IN: "not logged in", NOT_LOGGED_IN: "not logged in",
} }