package apis import ( "clortho/lib/db" "clortho/lib/keys" "github.com/gin-gonic/gin" "net/http" "strconv" ) type keyRequest struct { Content string `json:"content" binding:"required"` Name string `json:"name" binding:"required"` UserID uint `json:"userId" binding:"required"` } func InitKeysEndpoints(r *gin.RouterGroup) { group := r.Group("/keys") group.Use(LoggedInMiddleware()) group.GET("/", getKeys) group.GET("/:id", getKey) group.POST("/", AdminMiddleware(), createKey) group.PUT("/:id", AdminMiddleware(), updateKey) group.DELETE("/:id", AdminMiddleware(), deleteKey) // Endpoints for user keys r.GET("/users/:userId/keys", getUserKeys) r.POST("/users/:userId/keys", AdminMiddleware(), createUserKey) } // KeyOwnerOrAdminMiddleware checks if the current user is the owner of the key or an admin func KeyOwnerOrAdminMiddleware() gin.HandlerFunc { return func(c *gin.Context) { // Get the current user from the session sessionInterface, _ := c.Get("session") session := sessionInterface.(*db.UserSession) userID := session.User.ID // Get the key ID from the URL parameter keyID, err := strconv.ParseUint(c.Param("id"), 10, 32) if err != nil { c.JSON(http.StatusBadRequest, gin.H{"error": "Invalid key ID"}) c.Abort() return } // Check if the user can access the key canAccess, err := keys.CanAccessKey(userID, uint(keyID)) if err != nil { c.JSON(http.StatusNotFound, gin.H{"error": "Key not found"}) c.Abort() return } if !canAccess { c.JSON(http.StatusForbidden, gin.H{"error": "You don't have permission to access this key"}) c.Abort() return } c.Next() } } func getKeys(c *gin.Context) { // Get the current user from the session sessionInterface, _ := c.Get("session") session := sessionInterface.(*db.UserSession) // If the user is an admin, return all keys if session.User.Admin { keyList := keys.GetKeys() c.JSON(http.StatusOK, keyList) return } // Otherwise, return only the user's keys keyList := keys.GetKeysByUser(session.User.ID) c.JSON(http.StatusOK, keyList) } func getUserKeys(c *gin.Context) { // Get the current user from the session sessionInterface, _ := c.Get("session") session := sessionInterface.(*db.UserSession) // Get the user ID from the URL parameter userID, err := strconv.ParseUint(c.Param("userId"), 10, 32) if err != nil { c.JSON(http.StatusBadRequest, gin.H{"error": "Invalid user ID"}) return } // If the user is not an admin and not the owner, return forbidden if !session.User.Admin && session.User.ID != uint(userID) { c.JSON(http.StatusForbidden, gin.H{"error": "You don't have permission to access these keys"}) return } // Get the keys for the specified user keyList := keys.GetKeysByUser(uint(userID)) c.JSON(http.StatusOK, keyList) } func getKey(c *gin.Context) { // Use the KeyOwnerOrAdminMiddleware to check access KeyOwnerOrAdminMiddleware()(c) if c.IsAborted() { return } // Get the key ID from the URL parameter keyID, _ := strconv.ParseUint(c.Param("id"), 10, 32) // Get the key key, err := keys.GetKey(uint(keyID)) if err != nil { c.JSON(http.StatusNotFound, gin.H{"error": "Key not found"}) return } c.JSON(http.StatusOK, key) } func createKey(c *gin.Context) { var req keyRequest if err := c.BindJSON(&req); err != nil { c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()}) return } // Create the key key, err := keys.CreateKey(req.UserID, req.Name, req.Content) if err != nil { c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()}) return } c.JSON(http.StatusCreated, key) } func updateKey(c *gin.Context) { // Use the KeyOwnerOrAdminMiddleware to check access KeyOwnerOrAdminMiddleware()(c) if c.IsAborted() { return } // Get the key ID from the URL parameter keyID, _ := strconv.ParseUint(c.Param("id"), 10, 32) var req keyRequest if err := c.BindJSON(&req); err != nil { c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()}) return } // Update the key key, err := keys.UpdateKey(uint(keyID), req.Name, req.Content) if err != nil { c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()}) return } c.JSON(http.StatusOK, key) } func deleteKey(c *gin.Context) { // Use the KeyOwnerOrAdminMiddleware to check access KeyOwnerOrAdminMiddleware()(c) if c.IsAborted() { return } // Get the key ID from the URL parameter keyID, _ := strconv.ParseUint(c.Param("id"), 10, 32) // Delete the key err := keys.DeleteKey(uint(keyID)) if err != nil { c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()}) return } c.JSON(http.StatusOK, gin.H{"message": "Key deleted successfully"}) } // createUserKey creates a new key for a specific user func createUserKey(c *gin.Context) { // Get the user ID from the URL parameter userID, err := strconv.ParseUint(c.Param("userId"), 10, 32) if err != nil { c.JSON(http.StatusBadRequest, gin.H{"error": "Invalid user ID"}) return } // Parse the request body var req struct { Content string `json:"content" binding:"required"` Name string `json:"name" binding:"required"` } if err := c.BindJSON(&req); err != nil { c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()}) return } // Create the key key, err := keys.CreateKey(uint(userID), req.Name, req.Content) if err != nil { c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()}) return } c.JSON(http.StatusCreated, key) }