func main() {
r := gin.Default()
r.Use(cors.CORS())
// verified the csrf token from the request
r.Use(csrf.Verify())
r.GET("/status", status.StatusController)
r.NoRoute(c.ErrorController)
// requires mod perms
admin := r.Group("/")
admin.Use(validate.ValidateParams())
admin.Use(user.Auth(true))
admin.Use(user.Protect())
admin.GET("/statistics/:ib", c.StatisticsController)
admin.GET("/log/board/:ib/:page", c.BoardLogController)
admin.GET("/log/mod/:ib/:page", c.ModLogController)
admin.DELETE("/tag/:ib/:id", c.DeleteTagController)
admin.DELETE("/imagetag/:ib/:image/:tag", c.DeleteImageTagController)
admin.DELETE("/thread/:ib/:id", c.DeleteThreadController)
admin.DELETE("/post/:ib/:thread/:id", c.DeletePostController)
admin.POST("/tag/:ib", c.UpdateTagController)
admin.POST("/sticky/:ib/:thread", c.StickyThreadController)
admin.POST("/close/:ib/:thread", c.CloseThreadController)
admin.POST("/ban/ip/:ib/:thread/:post", c.BanIPController)
admin.POST("/ban/file/:ib/:thread/:post", c.BanFileController)
admin.POST("/user/resetpassword/:ib", c.ResetPasswordController)
//admin.DELETE("/thread/:id", c.PurgeThreadController)
//admin.DELETE("/post/:thread/:id", c.PurgePostController)
//admin.DELETE("/flushcache", c.DeleteCacheController)
s := &http.Server{
Addr: fmt.Sprintf("%s:%d", local.Settings.Admin.Host, local.Settings.Admin.Port),
Handler: r,
}
gracehttp.Serve(s)
}
func TestProtect(t *testing.T) {
var err error
Secret = "secret"
mock, err := db.NewTestDb()
assert.NoError(t, err, "An error was not expected")
gin.SetMode(gin.ReleaseMode)
router := gin.New()
router.Use(validate.ValidateParams())
router.Use(Auth(true))
router.Use(Protect())
router.GET("/important/:ib", func(c *gin.Context) {
c.String(200, "OK")
return
})
first := performRequest(router, "GET", "/important/1")
assert.Equal(t, first.Code, 403, "HTTP request code should match")
user := DefaultUser()
user.SetID(2)
user.SetAuthenticated()
user.hash, err = HashPassword("testpassword")
if assert.NoError(t, err, "An error was not expected") {
assert.NotNil(t, user.hash, "password should be returned")
}
assert.True(t, user.ComparePassword("testpassword"), "Password should validate")
token, err := user.CreateToken()
if assert.NoError(t, err, "An error was not expected") {
assert.NotEmpty(t, token, "token should be returned")
}
firstrows := sqlmock.NewRows([]string{"role"}).AddRow(1)
mock.ExpectQuery(`SELECT COALESCE`).WillReturnRows(firstrows)
second := performJWTCookieRequest(router, "GET", "/important/1", token)
assert.Equal(t, second.Code, 403, "HTTP request code should match")
secondrows := sqlmock.NewRows([]string{"role"}).AddRow(3)
mock.ExpectQuery(`SELECT COALESCE`).WillReturnRows(secondrows)
third := performJWTCookieRequest(router, "GET", "/important/1", token)
assert.Equal(t, third.Code, 200, "HTTP request code should match")
assert.NoError(t, mock.ExpectationsWereMet(), "An error was not expected")
}