From 519f6438b511c0baa8caa67586b3caf2990097e5 Mon Sep 17 00:00:00 2001 From: Andrea Fazzi Date: Wed, 4 Dec 2019 10:11:18 +0100 Subject: [PATCH] Working on authorization --- compose/sql/oef_dev.sql | 201 ++++++++++++++++++++++++++++++++ handlers/handlers.go | 32 ++++- i18n/i18n.go | 3 + main.go | 2 +- renderer/renderer.go | 25 ++-- templates/layout/error.html.tpl | 11 ++ 6 files changed, 261 insertions(+), 13 deletions(-) create mode 100644 compose/sql/oef_dev.sql diff --git a/compose/sql/oef_dev.sql b/compose/sql/oef_dev.sql new file mode 100644 index 00000000..f8afeccb --- /dev/null +++ b/compose/sql/oef_dev.sql @@ -0,0 +1,201 @@ +-- MariaDB dump 10.17 Distrib 10.4.8-MariaDB, for debian-linux-gnu (x86_64) +-- +-- Host: localhost Database: oef_test +-- ------------------------------------------------------ +-- Server version 10.4.8-MariaDB-1:10.4.8+maria~bionic + +/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */; +/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */; +/*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */; +/*!40101 SET NAMES utf8mb4 */; +/*!40103 SET @OLD_TIME_ZONE=@@TIME_ZONE */; +/*!40103 SET TIME_ZONE='+00:00' */; +/*!40014 SET @OLD_UNIQUE_CHECKS=@@UNIQUE_CHECKS, UNIQUE_CHECKS=0 */; +/*!40014 SET @OLD_FOREIGN_KEY_CHECKS=@@FOREIGN_KEY_CHECKS, FOREIGN_KEY_CHECKS=0 */; +/*!40101 SET @OLD_SQL_MODE=@@SQL_MODE, SQL_MODE='NO_AUTO_VALUE_ON_ZERO' */; +/*!40111 SET @OLD_SQL_NOTES=@@SQL_NOTES, SQL_NOTES=0 */; + +-- +-- Table structure for table `answers` +-- + +DROP TABLE IF EXISTS `answers`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `answers` ( + `id` int(10) unsigned NOT NULL AUTO_INCREMENT, + `created_at` timestamp NULL DEFAULT NULL, + `updated_at` timestamp NULL DEFAULT NULL, + `deleted_at` timestamp NULL DEFAULT NULL, + `text` varchar(255) DEFAULT NULL, + `correct` tinyint(1) DEFAULT NULL, + `question_id` int(10) unsigned DEFAULT NULL, + PRIMARY KEY (`id`), + KEY `idx_answers_deleted_at` (`deleted_at`) +) ENGINE=InnoDB AUTO_INCREMENT=13 DEFAULT CHARSET=latin1; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `answers` +-- + +LOCK TABLES `answers` WRITE; +/*!40000 ALTER TABLE `answers` DISABLE KEYS */; +INSERT INTO `answers` VALUES (1,'2019-11-13 15:44:39','2019-11-13 15:44:39',NULL,'la quantità di moneta che viene richiesta dalle imprese sotto forma di prestiti richiesti al sistema bancario',0,1),(2,'2019-11-14 11:48:06','2019-11-14 11:48:06',NULL,'la quantità di moneta richiesta dalla Banca Centrale quando mette in vendita dei titoli per ridurre la moneta in circolazione',0,1),(3,'2019-11-14 11:48:28','2019-11-14 11:48:28',NULL,'la quantità di moneta richiesta dalle famiglie per mantenere in forma liquida i loro risparmi',0,1),(4,'2019-11-14 11:49:05','2019-11-14 12:21:09',NULL,'la quantità di moneta richiesta dai soggetti del sistema economico per transazioni, per ragioni speculative o prudenziali o per altri motivi',1,1),(5,'2019-11-15 10:17:49','2019-11-15 10:17:49',NULL,'elevata differenziazione dei prodotti offerti',0,2),(6,'2019-11-15 10:18:14','2019-11-15 10:18:53',NULL,'trasparenza delle informazioni',1,2),(7,'2019-11-15 10:18:29','2019-11-15 10:18:29',NULL,'presenza di un solo consumatore',0,2),(8,'2019-11-15 10:18:44','2019-11-15 10:18:44',NULL,'presenza di un numero limitato di grandi produttori',0,2),(9,'2019-11-15 10:23:11','2019-11-15 10:23:11',NULL,'un ciclo economico',0,3),(10,'2019-11-15 10:23:24','2019-11-15 10:23:35',NULL,'l\'attività di trasformazione materiale di beni e servizi (input) in altri (output) al fine di accrescerne l\'utilità',1,3),(11,'2019-11-15 10:23:47','2019-11-15 10:23:47',NULL,'l\'insieme dei beni di produzione',0,3),(12,'2019-11-15 10:23:59','2019-11-15 10:23:59',NULL,'il risultato del lavoro dei dipendenti dell\'impresa',0,3); +/*!40000 ALTER TABLE `answers` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `contests` +-- + +DROP TABLE IF EXISTS `contests`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `contests` ( + `id` int(10) unsigned NOT NULL AUTO_INCREMENT, + `created_at` timestamp NULL DEFAULT NULL, + `updated_at` timestamp NULL DEFAULT NULL, + `deleted_at` timestamp NULL DEFAULT NULL, + `name` varchar(255) DEFAULT NULL, + `category` varchar(255) DEFAULT NULL, + `start_date` timestamp NULL DEFAULT NULL, + `end_date` timestamp NULL DEFAULT NULL, + `start_time` timestamp NULL DEFAULT NULL, + `end_time` timestamp NULL DEFAULT NULL, + `date` timestamp NULL DEFAULT NULL, + PRIMARY KEY (`id`), + KEY `idx_contests_deleted_at` (`deleted_at`) +) ENGINE=InnoDB AUTO_INCREMENT=3 DEFAULT CHARSET=latin1; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `contests` +-- + +LOCK TABLES `contests` WRITE; +/*!40000 ALTER TABLE `contests` DISABLE KEYS */; +INSERT INTO `contests` VALUES (1,'2019-11-14 10:02:17','2019-11-18 15:57:14',NULL,'Regionale JUNIOR','','0000-00-00 00:00:00','0000-00-00 00:00:00','2020-04-01 10:00:00','2020-04-01 11:00:00','2020-04-01 10:00:00'),(2,'2019-11-15 10:15:57','2019-11-18 15:58:55',NULL,'Test Diagnostico','',NULL,NULL,'2019-11-15 13:00:00','2019-11-15 14:00:00','2019-11-15 13:00:00'); +/*!40000 ALTER TABLE `contests` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `participants` +-- + +DROP TABLE IF EXISTS `participants`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `participants` ( + `id` int(10) unsigned NOT NULL AUTO_INCREMENT, + `created_at` timestamp NULL DEFAULT NULL, + `updated_at` timestamp NULL DEFAULT NULL, + `deleted_at` timestamp NULL DEFAULT NULL, + `firstname` varchar(255) DEFAULT NULL, + `lastname` varchar(255) DEFAULT NULL, + `username` varchar(255) DEFAULT NULL, + `password` varchar(255) DEFAULT NULL, + PRIMARY KEY (`id`), + KEY `idx_participants_deleted_at` (`deleted_at`) +) ENGINE=InnoDB AUTO_INCREMENT=5 DEFAULT CHARSET=latin1; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `participants` +-- + +LOCK TABLES `participants` WRITE; +/*!40000 ALTER TABLE `participants` DISABLE KEYS */; +INSERT INTO `participants` VALUES (1,'2019-11-15 10:02:46','2019-11-18 15:58:55',NULL,'Mario','Rossi','mario.rossi','EqAs1z7M'),(2,'2019-11-18 12:00:07','2019-11-18 15:57:14',NULL,'Luigi','BIANCHI','luigi.bianchi','FpWJj89n'),(3,'2019-11-18 12:01:55','2019-11-18 12:12:26',NULL,'Francesco','VERDI','francesco.verdi','MiJ9Ig4L'),(4,'2019-11-18 15:57:36','2019-11-18 15:57:36',NULL,'Franco','neri','franco.neri','YtGGU28p'); +/*!40000 ALTER TABLE `participants` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `questions` +-- + +DROP TABLE IF EXISTS `questions`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `questions` ( + `id` int(10) unsigned NOT NULL AUTO_INCREMENT, + `created_at` timestamp NULL DEFAULT NULL, + `updated_at` timestamp NULL DEFAULT NULL, + `deleted_at` timestamp NULL DEFAULT NULL, + `text` varchar(255) DEFAULT NULL, + `contest_id` int(10) unsigned DEFAULT NULL, + PRIMARY KEY (`id`), + KEY `idx_questions_deleted_at` (`deleted_at`) +) ENGINE=InnoDB AUTO_INCREMENT=4 DEFAULT CHARSET=latin1; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `questions` +-- + +LOCK TABLES `questions` WRITE; +/*!40000 ALTER TABLE `questions` DISABLE KEYS */; +INSERT INTO `questions` VALUES (1,'2019-11-13 14:45:17','2019-11-14 12:21:09',NULL,'Cosa si intende per domanda di moneta?',1),(2,'2019-11-15 10:17:24','2019-11-15 10:18:53',NULL,'È una caratteristica della concorrenza perfetta',2),(3,'2019-11-15 10:21:14','2019-11-15 10:23:35',NULL,'La produzione è',2); +/*!40000 ALTER TABLE `questions` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `responses` +-- + +DROP TABLE IF EXISTS `responses`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `responses` ( + `id` int(10) unsigned NOT NULL AUTO_INCREMENT, + `created_at` timestamp NULL DEFAULT NULL, + `updated_at` timestamp NULL DEFAULT NULL, + `deleted_at` timestamp NULL DEFAULT NULL, + PRIMARY KEY (`id`), + KEY `idx_responses_deleted_at` (`deleted_at`) +) ENGINE=InnoDB DEFAULT CHARSET=latin1; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `responses` +-- + +LOCK TABLES `responses` WRITE; +/*!40000 ALTER TABLE `responses` DISABLE KEYS */; +/*!40000 ALTER TABLE `responses` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `subscriptions` +-- + +DROP TABLE IF EXISTS `subscriptions`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `subscriptions` ( + `participant_id` int(10) unsigned NOT NULL, + `contest_id` int(10) unsigned NOT NULL, + PRIMARY KEY (`participant_id`,`contest_id`) +) ENGINE=InnoDB DEFAULT CHARSET=latin1; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `subscriptions` +-- + +LOCK TABLES `subscriptions` WRITE; +/*!40000 ALTER TABLE `subscriptions` DISABLE KEYS */; +INSERT INTO `subscriptions` VALUES (1,2),(2,1),(2,2),(3,2); +/*!40000 ALTER TABLE `subscriptions` ENABLE KEYS */; +UNLOCK TABLES; +/*!40103 SET TIME_ZONE=@OLD_TIME_ZONE */; + +/*!40101 SET SQL_MODE=@OLD_SQL_MODE */; +/*!40014 SET FOREIGN_KEY_CHECKS=@OLD_FOREIGN_KEY_CHECKS */; +/*!40014 SET UNIQUE_CHECKS=@OLD_UNIQUE_CHECKS */; +/*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */; +/*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */; +/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */; +/*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */; + +-- Dump completed on 2019-11-18 16:05:30 diff --git a/handlers/handlers.go b/handlers/handlers.go index 4e052db6..a00f4713 100644 --- a/handlers/handlers.go +++ b/handlers/handlers.go @@ -13,6 +13,8 @@ import ( "strconv" "strings" + "git.andreafazzi.eu/andrea/oef/config" + "git.andreafazzi.eu/andrea/oef/i18n" "git.andreafazzi.eu/andrea/oef/orm" "git.andreafazzi.eu/andrea/oef/renderer" @@ -177,6 +179,19 @@ func recoverHandler(next http.Handler) http.Handler { return http.HandlerFunc(fn) } +func setFlashMessage(w http.ResponseWriter, r *http.Request, key string) error { + session, err := store.Get(r, "flash-session") + if err != nil { + return err + } + session.AddFlash(i18n.FlashMessages[key][config.Config.Language]) + err = session.Save(r, w) + if err != nil { + return err + } + return nil +} + func get(w http.ResponseWriter, r *http.Request, model string, pattern PathPattern) { format := r.URL.Query().Get("format") getFn, err := orm.GetFunc(pattern.Path(model)) @@ -184,11 +199,20 @@ func get(w http.ResponseWriter, r *http.Request, model string, pattern PathPatte log.Println("Error:", err) respondWithError(w, r, err) } else { - data, err := getFn(mux.Vars(r), w, r) - if err != nil { - renderer.Render[format](w, r, err) + claims := r.Context().Value("user").(*jwt.Token).Claims.(jwt.MapClaims) + + role := claims["role"].(string) + if role == "participant" { + setFlashMessage(w, r, "notAuthorized") + renderer.Render[format](w, r, fmt.Errorf("%s", "Errore")) } else { - renderer.Render[format](w, r, data, r.URL.Query()) + + data, err := getFn(mux.Vars(r), w, r) + if err != nil { + renderer.Render[format](w, r, err) + } else { + renderer.Render[format](w, r, data, r.URL.Query()) + } } } diff --git a/i18n/i18n.go b/i18n/i18n.go index 53481b95..7e17f4b8 100644 --- a/i18n/i18n.go +++ b/i18n/i18n.go @@ -8,5 +8,8 @@ var ( "schoolExists": map[string]string{ "it": "Una scuola con questo codice meccanografico è già presente nella base dati!", }, + "notAuthorized": map[string]string{ + "it": "L'utente non dispone delle autorizzazioni necessarie a visualizzare questa pagina.", + }, } ) diff --git a/main.go b/main.go index 97e70b92..c7fea16b 100644 --- a/main.go +++ b/main.go @@ -18,7 +18,7 @@ import ( const ( MaxNumRetries = 20 - RetryTimeInterval = 5 + RetryTimeInterval = 10 ) var ( diff --git a/renderer/renderer.go b/renderer/renderer.go index 18f94187..0361e8ec 100644 --- a/renderer/renderer.go +++ b/renderer/renderer.go @@ -236,15 +236,30 @@ func (rend *HTMLRenderer) writeError(w http.ResponseWriter, r *http.Request, dat log.Println(data.(*htmlTemplateData).Data.(error)) w.Header().Set("Content-Type", "text/html; charset=utf-8") - e := t.ExecuteTemplate(w, "error", data) + e := t.ExecuteTemplate(w, "base", data) if e != nil { panic(e) } } func (rend *HTMLRenderer) Render(w http.ResponseWriter, r *http.Request, data interface{}, options ...url.Values) { + var claims jwt.MapClaims + + if r.Context().Value("user") != nil { + claims = r.Context().Value("user").(*jwt.Token).Claims.(jwt.MapClaims) + } + if data != nil && isErrorType(data) { - rend.writeError(w, r, &htmlTemplateData{data.(error), nil, nil, nil}) + session, err := store.Get(r, "flash-session") + if err != nil { + rend.writeError(w, r, &htmlTemplateData{err, nil, nil, nil}) + } + fm := session.Flashes() + err = session.Save(r, w) + if err != nil { + rend.writeError(w, r, &htmlTemplateData{err, nil, nil, nil}) + } + rend.writeError(w, r, &htmlTemplateData{data.(error), nil, claims, fm}) } else { t, ok := rend.templates[options[0]["tpl_content"][0]] if !ok { @@ -252,12 +267,6 @@ func (rend *HTMLRenderer) Render(w http.ResponseWriter, r *http.Request, data in rend.writeError(w, r, &htmlTemplateData{err, nil, nil, nil}) } - var claims jwt.MapClaims - - if r.Context().Value("user") != nil { - claims = r.Context().Value("user").(*jwt.Token).Claims.(jwt.MapClaims) - } - w.Header().Set("Content-Type", "text/html; charset=utf-8") session, err := store.Get(r, "flash-session") diff --git a/templates/layout/error.html.tpl b/templates/layout/error.html.tpl index 66f5932a..7cefbd41 100644 --- a/templates/layout/error.html.tpl +++ b/templates/layout/error.html.tpl @@ -21,6 +21,17 @@ + {{if .FlashMessages}} + {{range $message := .FlashMessages}} + + {{end}} + {{end}} +
{{ template "content" . }}