fixed bugs

2025-03-19 19:56:58 +02:00
parent 1488d7db16
commit 32d64f3637
14 changed files with 173 additions and 98 deletions
--- a/servers/auth_utils.go
+++ b/servers/auth_utils.go
@@ -0,0 +1,36 @@
+package servers
+
+import (
+	"git.acooldomain.co/server-manager/backend/auth"
+	"git.acooldomain.co/server-manager/backend/models"
+	"github.com/gin-gonic/gin"
+)
+
+func (con ServersApi) ServerAuthorized(permissions models.Permission) func(*gin.Context) {
+	return func(ctx *gin.Context) {
+		claimsPointer, exists := ctx.Get("claims")
+		if !exists {
+			ctx.AbortWithStatus(403)
+			return
+		}
+
+		claims := claimsPointer.(*auth.AuthClaims)
+
+		serverId := ctx.Param("server_id")
+		if serverId == "" {
+			return
+		}
+
+		userPermissions, err := con.ServerAuthorization.GetPermissions(ctx, claims.Username, serverId)
+		if err != nil {
+			return
+		}
+
+		if userPermissions&permissions == permissions || userPermissions&models.Admin == models.Admin {
+			ctx.Set(auth.AuthorizedParam, true)
+			return
+		}
+
+		return
+	}
+}
--- a/servers/browsers.go
+++ b/servers/browsers.go
@@ -51,6 +51,6 @@ func LoadBrowsersGroup(group *gin.RouterGroup, config models.GlobalConfig) {
 		InstanceManager:     instanceManager,
 	}

-	group.GET("", auth.AuthorizedTo(0), connection.GetBrowsers)
-	group.POST("/:server_id/stop", auth.AuthorizedTo(models.Browse), connection.ServerAuthorized(models.Browse), connection.StopBrowser)
+	group.GET("", auth.AuthorizedTo(0), auth.AuthorizationEnforcer(), connection.GetBrowsers)
+	group.POST("/:server_id/stop", auth.AuthorizedTo(models.Browse), connection.ServerAuthorized(models.Browse), auth.AuthorizationEnforcer(), connection.StopBrowser)
 }
--- a/servers/images.go
+++ b/servers/images.go
@@ -70,5 +70,5 @@ func LoadeImagesGroup(group *gin.RouterGroup, config models.GlobalConfig) {
 		InstanceManager:     instanceManager,
 	}

-	group.GET("", auth.AuthorizedTo(0), connection.GetImages)
+	group.GET("", auth.AuthorizedTo(0), auth.AuthorizationEnforcer(), connection.GetImages)
 }
--- a/servers/servers.go
+++ b/servers/servers.go
@@ -64,37 +64,6 @@ type CreateServerRequest struct {
 	Nickname       string        `json:"Nickname"`
 }

-func (con ServersApi) ServerAuthorized(permissions models.Permission) func(*gin.Context) {
-	return func(ctx *gin.Context) {
-		claimsPointer, exists := ctx.Get("claims")
-		if !exists {
-			ctx.AbortWithStatus(403)
-			return
-		}
-
-		claims := claimsPointer.(*auth.AuthClaims)
-
-		serverId := ctx.Param("server_id")
-		if serverId == "" {
-			ctx.AbortWithStatus(403)
-			return
-		}
-
-		userPermissions, err := con.ServerAuthorization.GetPermissions(ctx, claims.Username, serverId)
-		if err != nil {
-			ctx.AbortWithError(500, err)
-			return
-		}
-
-		if userPermissions&permissions == permissions || userPermissions&models.Admin == models.Admin {
-			return
-		}
-
-		ctx.AbortWithStatus(403)
-		return
-	}
-}
-
 func (con ServersApi) CreateServer(ctx *gin.Context) {
 	claims, exists := ctx.Get("claims")
 	if !exists {
@@ -168,6 +137,11 @@ func (con ServersApi) StartServer(ctx *gin.Context) {
 	}

 	instanceServer, err := con.InstanceManager.GetServer(ctx, serverId)
+	if err != nil {
+		ctx.AbortWithError(500, err)
+		return
+	}
+
 	if instanceServer.Running {
 		ctx.Status(200)
 		return
@@ -176,6 +150,7 @@ func (con ServersApi) StartServer(ctx *gin.Context) {
 	server, err := con.ServersDbHandler.GetServer(ctx, serverId)
 	if err != nil {
 		ctx.AbortWithError(500, err)
+		return
 	}

 	err = con.InstanceManager.StartServer(
@@ -558,15 +533,15 @@ func LoadGroup(group *gin.RouterGroup, config models.GlobalConfig) {
 		InstanceManager:     instanceManager,
 	}

-	group.POST("/:server_id/start", auth.AuthorizedTo(models.Start), connection.ServerAuthorized(models.Start), connection.StartServer)
-	group.POST("", auth.AuthorizedTo(models.Create), connection.CreateServer)
-	group.GET("", auth.AuthorizedTo(0), connection.GetServers)
-	group.POST("/:server_id/stop", auth.AuthorizedTo(models.Stop), connection.ServerAuthorized(models.Stop), connection.StopServer)
-	group.DELETE("/:server_id", auth.AuthorizedTo(models.Delete), connection.ServerAuthorized(models.Delete), connection.DeleteServer)
-	group.POST("/:server_id/run_command", auth.AuthorizedTo(models.RunCommand), connection.ServerAuthorized(models.RunCommand), connection.RunCommand)
-	group.GET("/:server_id/attach", auth.AuthorizedTo(models.RunCommand), connection.ServerAuthorized(models.RunCommand), connection.AttachServer)
-	group.PATCH("/:server_id", auth.AuthorizedTo(models.Admin), connection.ServerAuthorized(models.Admin), connection.UpdateServer)
-	group.POST("/:server_id/browse", auth.AuthorizedTo(models.Browse), connection.ServerAuthorized(models.Admin), connection.BrowseServer)
-	group.GET("/:server_id/permissions", auth.AuthorizedTo(models.Browse), connection.ServerAuthorized(models.Admin), connection.GetServerUserPermissions)
-	group.POST("/:server_id/permissions", auth.AuthorizedTo(models.Browse), connection.ServerAuthorized(models.Admin), connection.SetServerUserPermissions)
+	group.POST("/:server_id/start", auth.AuthorizedTo(models.Start), connection.ServerAuthorized(models.Start), auth.AuthorizationEnforcer(), connection.StartServer)
+	group.POST("", auth.AuthorizedTo(models.Create), auth.AuthorizationEnforcer(), connection.CreateServer)
+	group.GET("", connection.GetServers)
+	group.POST("/:server_id/stop", auth.AuthorizedTo(models.Stop), connection.ServerAuthorized(models.Stop), auth.AuthorizationEnforcer(), connection.StopServer)
+	group.DELETE("/:server_id", auth.AuthorizedTo(models.Delete), connection.ServerAuthorized(models.Delete), auth.AuthorizationEnforcer(), connection.DeleteServer)
+	group.POST("/:server_id/run_command", auth.AuthorizedTo(models.RunCommand), connection.ServerAuthorized(models.RunCommand), auth.AuthorizationEnforcer(), connection.RunCommand)
+	group.GET("/:server_id/attach", auth.AuthorizedTo(models.RunCommand), connection.ServerAuthorized(models.RunCommand), auth.AuthorizationEnforcer(), connection.AttachServer)
+	group.PATCH("/:server_id", auth.AuthorizedTo(models.Admin), connection.ServerAuthorized(models.Admin), auth.AuthorizationEnforcer(), connection.UpdateServer)
+	group.POST("/:server_id/browse", auth.AuthorizedTo(models.Browse), connection.ServerAuthorized(models.Admin), auth.AuthorizationEnforcer(), connection.BrowseServer)
+	group.GET("/:server_id/permissions", auth.AuthorizedTo(models.Browse), connection.ServerAuthorized(models.Admin), auth.AuthorizationEnforcer(), connection.GetServerUserPermissions)
+	group.POST("/:server_id/permissions", auth.AuthorizedTo(models.Browse), connection.ServerAuthorized(models.Admin), auth.AuthorizationEnforcer(), connection.SetServerUserPermissions)
 }