func main() { r := gin.Default() r.Use(cors.CORS()) // verified the csrf token from the request r.Use(csrf.Verify()) r.GET("/status", status.StatusController) r.NoRoute(c.ErrorController) // requires mod perms admin := r.Group("/") admin.Use(validate.ValidateParams()) admin.Use(user.Auth(true)) admin.Use(user.Protect()) admin.GET("/statistics/:ib", c.StatisticsController) admin.GET("/log/board/:ib/:page", c.BoardLogController) admin.GET("/log/mod/:ib/:page", c.ModLogController) admin.DELETE("/tag/:ib/:id", c.DeleteTagController) admin.DELETE("/imagetag/:ib/:image/:tag", c.DeleteImageTagController) admin.DELETE("/thread/:ib/:id", c.DeleteThreadController) admin.DELETE("/post/:ib/:thread/:id", c.DeletePostController) admin.POST("/tag/:ib", c.UpdateTagController) admin.POST("/sticky/:ib/:thread", c.StickyThreadController) admin.POST("/close/:ib/:thread", c.CloseThreadController) admin.POST("/ban/ip/:ib/:thread/:post", c.BanIPController) admin.POST("/ban/file/:ib/:thread/:post", c.BanFileController) admin.POST("/user/resetpassword/:ib", c.ResetPasswordController) //admin.DELETE("/thread/:id", c.PurgeThreadController) //admin.DELETE("/post/:thread/:id", c.PurgePostController) //admin.DELETE("/flushcache", c.DeleteCacheController) s := &http.Server{ Addr: fmt.Sprintf("%s:%d", local.Settings.Admin.Host, local.Settings.Admin.Port), Handler: r, } gracehttp.Serve(s) }
func TestProtect(t *testing.T) { var err error Secret = "secret" mock, err := db.NewTestDb() assert.NoError(t, err, "An error was not expected") gin.SetMode(gin.ReleaseMode) router := gin.New() router.Use(validate.ValidateParams()) router.Use(Auth(true)) router.Use(Protect()) router.GET("/important/:ib", func(c *gin.Context) { c.String(200, "OK") return }) first := performRequest(router, "GET", "/important/1") assert.Equal(t, first.Code, 403, "HTTP request code should match") user := DefaultUser() user.SetID(2) user.SetAuthenticated() user.hash, err = HashPassword("testpassword") if assert.NoError(t, err, "An error was not expected") { assert.NotNil(t, user.hash, "password should be returned") } assert.True(t, user.ComparePassword("testpassword"), "Password should validate") token, err := user.CreateToken() if assert.NoError(t, err, "An error was not expected") { assert.NotEmpty(t, token, "token should be returned") } firstrows := sqlmock.NewRows([]string{"role"}).AddRow(1) mock.ExpectQuery(`SELECT COALESCE`).WillReturnRows(firstrows) second := performJWTCookieRequest(router, "GET", "/important/1", token) assert.Equal(t, second.Code, 403, "HTTP request code should match") secondrows := sqlmock.NewRows([]string{"role"}).AddRow(3) mock.ExpectQuery(`SELECT COALESCE`).WillReturnRows(secondrows) third := performJWTCookieRequest(router, "GET", "/important/1", token) assert.Equal(t, third.Code, 200, "HTTP request code should match") assert.NoError(t, mock.ExpectationsWereMet(), "An error was not expected") }