gravitl/netmaker
1
1
Fork 0
mirror of https://github.com/gravitl/netmaker.git synced 2025-09-07 21:54:54 +08:00
Code Issues Projects Releases Packages Wiki Activity

add checks to user update processing

Browse source
This commit is contained in:
Matthew R Kasun 2023-03-30 15:10:17 -04:00
parent 9f5e9c1ef5
commit d82e3a9b9e
2 changed files with 29 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
controllers/user.go
View file

@ -331,7 +331,18 @@ func updateUser(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "application/json")
var params = mux.Vars(r)
// start here
jwtUser, _, isadmin, err := logic.VerifyJWS(r.Header.Get("Authorization"))
if err != nil {
logger.Log(0, "verifyJWT error", err.Error())
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
return
}
username := params["username"]
if username != jwtUser && !isadmin {
logger.Log(0, "non-admin user", jwtUser, "attempted to update user", username)
logic.ReturnErrorResponse(w, r, logic.FormatError(errors.New("not authorizied"), "unauthorized"))
return
}
user, err := logic.GetUser(username)
if err != nil {
logger.Log(0, username,
@ -354,6 +365,11 @@ func updateUser(w http.ResponseWriter, r *http.Request) {
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
return
}
if userchange.IsAdmin && !isadmin {
logger.Log(0, "non-admin user", jwtUser, "attempted get admin privilages")
logic.ReturnErrorResponse(w, r, logic.FormatError(errors.New("not authorizied"), "unauthorized"))
return
}
userchange.Networks = nil
user, err = logic.UpdateUser(&userchange, user)
if err != nil {

13
logic/jwts.go
View file

@ -3,6 +3,7 @@ package logic
import (
"errors"
"fmt"
"strings"
"time"
"github.com/golang-jwt/jwt/v4"
@ -101,6 +102,18 @@ func CreateUserJWT(username string, networks []string, isadmin bool) (response s
return "", err
}
// VerifyJWT verifies Auth Header
func VerifyJWS(bearerToken string) (username string, networks []string, isadmin bool, err error) {
token := ""
tokenSplit := strings.Split(bearerToken, " ")
if len(tokenSplit) > 1 {
token = tokenSplit[1]
} else {
return "", nil, false, errors.New("invalid auth header")
}
return VerifyUserToken(token)
}
// VerifyUserToken func will used to Verify the JWT Token while using APIS
func VerifyUserToken(tokenString string) (username string, networks []string, isadmin bool, err error) {
claims := &models.UserClaims{}