qowevisa/fin-check-api
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add handling and securing info from different users

Browse Source
This commit is contained in:
qowevisa 2024-08-03 09:15:52 +03:00
parent aa985e6715
commit 52ce4a181b
1 changed files with 20 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
handlers/card.go
View File

@ -18,10 +18,25 @@ import (
// @Param card path int true "id" // @Param card path int true "id"
// @Success 200 {object} types.DbCard // @Success 200 {object} types.DbCard
// @Failure 400 {object} types.ErrorResponse // @Failure 400 {object} types.ErrorResponse
// @Failure 401 {object} types.ErrorResponse
// @Failure 500 {object} types.ErrorResponse // @Failure 500 {object} types.ErrorResponse
// @Security ApiKeyAuth // @Security ApiKeyAuth
// @Router /card/:id [get] // @Router /card/:id [get]
func CardGetId(c *gin.Context) { func CardGetId(c *gin.Context) {
userIDAny, exists := c.Get("UserID")
if !exists {
c.JSON(500, types.ErrorResponse{Message: "Internal error 001"})
return
}
var userID uint
if userIDVal, ok := userIDAny.(uint); !ok {
c.JSON(500, types.ErrorResponse{Message: "Internal error 002"})
return
} else {
userID = userIDVal
}
idStr := c.Param("id") idStr := c.Param("id")
var id uint var id uint
if idVal, err := strconv.ParseUint(idStr, 10, 32); err != nil { if idVal, err := strconv.ParseUint(idStr, 10, 32); err != nil {
@ -41,6 +56,11 @@ func CardGetId(c *gin.Context) {
c.JSON(500, types.ErrorResponse{Message: "DAFUQ003"}) c.JSON(500, types.ErrorResponse{Message: "DAFUQ003"})
return return
} }
if dbCard.UserID != userID {
c.JSON(401, types.ErrorResponse{Message: "This card.id is not yours, you sneaky."})
return
}
card := types.DbCard{ card := types.DbCard{
Name: dbCard.Name, Name: dbCard.Name,
Value: dbCard.Value, Value: dbCard.Value,