diff --git a/auth/auth.go b/auth/auth.go index 22d0b40..67bf967 100644 --- a/auth/auth.go +++ b/auth/auth.go @@ -150,8 +150,8 @@ func (con Connection) signUp(c *gin.Context) { } type SignInRequest struct { - Username string `json:"username"` - Password string `json:"password"` + Username string + Password string } func (con Connection) signIn(c *gin.Context) { @@ -186,7 +186,7 @@ func (con Connection) signIn(c *gin.Context) { return } - c.SetCookie("auth", signedToken, -1, "", "", false, false) + c.SetCookie("auth", signedToken, -1, "", "", false, true) c.IndentedJSON(http.StatusOK, signedToken) } diff --git a/servers/servers.go b/servers/servers.go index 93de825..c366395 100644 --- a/servers/servers.go +++ b/servers/servers.go @@ -793,5 +793,5 @@ func LoadGroup(group *gin.RouterGroup, mongo_client *mongo.Client, config models group.GET("/:server_id/attach", auth.AuthorizedTo(models.RunCommand, connection.serverAuthorized(models.RunCommand)), connection.AttachServer) group.PATCH("/:server_id", auth.AuthorizedTo(models.Admin, connection.serverAuthorized(models.Admin)), connection.UpdateServer) group.POST("/:server_id/browse", auth.AuthorizedTo(models.Browse, connection.serverAuthorized(models.Admin)), connection.BrowseServer) - group.POST("/:server_id/permissions", auth.AuthorizedTo(models.Browse, connection.serverAuthorized(models.Admin)), connection.GetServerUserPermissions) + group.GET("/:server_id/permissions", auth.AuthorizedTo(models.Browse, connection.serverAuthorized(models.Admin)), connection.GetServerUserPermissions) } diff --git a/users/users.go b/users/users.go index 922ec14..9d40378 100644 --- a/users/users.go +++ b/users/users.go @@ -34,6 +34,25 @@ func (con Connection) GetUsers(c *gin.Context) { c.IndentedJSON(http.StatusOK, response) } +type UserResponse struct { + Username string + Permissions models.Permission + Email string +} + +func (con Connection) GetUser(c *gin.Context) { + claims, exists := c.Get("claims") + if !exists { + c.AbortWithStatus(505) + return + } + + c.IndentedJSON(http.StatusOK, UserResponse{ + Username: claims.(*auth.AuthClaims).Username, + Permissions: claims.(*auth.AuthClaims).Permissions, + }) +} + type InviteUser struct { Email string `json:"Email"` Permissions models.Permission `json:"Permissions"` @@ -60,5 +79,6 @@ func (con Connection) InviteUser(c *gin.Context) { func LoadGroup(group *gin.RouterGroup, client *mongo.Client, config models.GlobalConfig) { connection := Connection{connection: client} group.GET("/", auth.AuthorizedTo(0), connection.GetUsers) + group.GET("/@me", auth.AuthorizedTo(0), connection.GetUser) group.POST("/", auth.AuthorizedTo(models.Admin), connection.InviteUser) }