Beispiel #1
0
func main() {
	r := gin.Default()

	r.Use(cors.CORS())
	// verified the csrf token from the request
	r.Use(csrf.Verify())

	r.GET("/status", status.StatusController)
	r.NoRoute(c.ErrorController)

	// requires mod perms
	admin := r.Group("/")

	admin.Use(validate.ValidateParams())
	admin.Use(user.Auth(true))
	admin.Use(user.Protect())

	admin.GET("/statistics/:ib", c.StatisticsController)
	admin.GET("/log/board/:ib/:page", c.BoardLogController)
	admin.GET("/log/mod/:ib/:page", c.ModLogController)

	admin.DELETE("/tag/:ib/:id", c.DeleteTagController)
	admin.DELETE("/imagetag/:ib/:image/:tag", c.DeleteImageTagController)
	admin.DELETE("/thread/:ib/:id", c.DeleteThreadController)
	admin.DELETE("/post/:ib/:thread/:id", c.DeletePostController)

	admin.POST("/tag/:ib", c.UpdateTagController)
	admin.POST("/sticky/:ib/:thread", c.StickyThreadController)
	admin.POST("/close/:ib/:thread", c.CloseThreadController)
	admin.POST("/ban/ip/:ib/:thread/:post", c.BanIPController)
	admin.POST("/ban/file/:ib/:thread/:post", c.BanFileController)
	admin.POST("/user/resetpassword/:ib", c.ResetPasswordController)

	//admin.DELETE("/thread/:id", c.PurgeThreadController)
	//admin.DELETE("/post/:thread/:id", c.PurgePostController)
	//admin.DELETE("/flushcache", c.DeleteCacheController)

	s := &http.Server{
		Addr:    fmt.Sprintf("%s:%d", local.Settings.Admin.Host, local.Settings.Admin.Port),
		Handler: r,
	}

	gracehttp.Serve(s)

}
Beispiel #2
0
func TestProtect(t *testing.T) {

	var err error

	Secret = "secret"

	mock, err := db.NewTestDb()
	assert.NoError(t, err, "An error was not expected")

	gin.SetMode(gin.ReleaseMode)

	router := gin.New()

	router.Use(validate.ValidateParams())
	router.Use(Auth(true))
	router.Use(Protect())

	router.GET("/important/:ib", func(c *gin.Context) {
		c.String(200, "OK")
		return
	})

	first := performRequest(router, "GET", "/important/1")

	assert.Equal(t, first.Code, 403, "HTTP request code should match")

	user := DefaultUser()
	user.SetID(2)
	user.SetAuthenticated()

	user.hash, err = HashPassword("testpassword")
	if assert.NoError(t, err, "An error was not expected") {
		assert.NotNil(t, user.hash, "password should be returned")
	}

	assert.True(t, user.ComparePassword("testpassword"), "Password should validate")

	token, err := user.CreateToken()
	if assert.NoError(t, err, "An error was not expected") {
		assert.NotEmpty(t, token, "token should be returned")
	}

	firstrows := sqlmock.NewRows([]string{"role"}).AddRow(1)

	mock.ExpectQuery(`SELECT COALESCE`).WillReturnRows(firstrows)

	second := performJWTCookieRequest(router, "GET", "/important/1", token)

	assert.Equal(t, second.Code, 403, "HTTP request code should match")

	secondrows := sqlmock.NewRows([]string{"role"}).AddRow(3)

	mock.ExpectQuery(`SELECT COALESCE`).WillReturnRows(secondrows)

	third := performJWTCookieRequest(router, "GET", "/important/1", token)

	assert.Equal(t, third.Code, 200, "HTTP request code should match")

	assert.NoError(t, mock.ExpectationsWereMet(), "An error was not expected")

}