HTWK/htwkalender
1
1
Fork 0
mirror of https://gitlab.dit.htwk-leipzig.de/htwk-software/htwkalender.git synced 2025-08-02 17:59:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

feat:#74 added security and refactored api endpoint

Browse Source
This commit is contained in:
masterElmar
2023-11-20 17:10:52 +01:00
parent ef9247c300
commit 426e25bf3e
5 changed files with 27 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
backend/model/moduleModel.go
View File

@@ -1,10 +1,10 @@
package model package model
type Module struct { type Module struct {
UUID string `json:"uuid"` UUID string `json:"uuid" db:"uuid"`
Name string `json:"name"` Name string `json:"name" db:"Name"`
Prof string `json:"prof"` Prof string `json:"prof" db:"Prof"`
Course string `json:"course"` Course string `json:"course" db:"course"`
Semester string `json:"semester"` Semester string `json:"semester" db:"semester"`
Events Events `json:"events"` Events Events `json:"events"`
} }

18
backend/service/addRoute.go
View File

@@ -1,7 +1,6 @@
package service package service
import ( import (
"htwkalender/model"
"htwkalender/service/events" "htwkalender/service/events"
"htwkalender/service/fetch" "htwkalender/service/fetch"
"htwkalender/service/ical" "htwkalender/service/ical"
@@ -26,6 +25,7 @@ func AddRoutes(app *pocketbase.PocketBase) {
}, },
Middlewares: []echo.MiddlewareFunc{ Middlewares: []echo.MiddlewareFunc{
apis.ActivityLogger(app), apis.ActivityLogger(app),
apis.RequireAdminAuth(),
}, },
}) })
if err != nil { if err != nil {
@@ -61,6 +61,7 @@ func AddRoutes(app *pocketbase.PocketBase) {
}, },
Middlewares: []echo.MiddlewareFunc{ Middlewares: []echo.MiddlewareFunc{
apis.ActivityLogger(app), apis.ActivityLogger(app),
apis.RequireAdminAuth(),
}, },
}) })
if err != nil { if err != nil {
@@ -212,18 +213,11 @@ func AddRoutes(app *pocketbase.PocketBase) {
app.OnBeforeServe().Add(func(e *core.ServeEvent) error { app.OnBeforeServe().Add(func(e *core.ServeEvent) error {
_, err := e.Router.AddRoute(echo.Route{ _, err := e.Router.AddRoute(echo.Route{
Method: http.MethodPost, Method: http.MethodGet,
Path: "/api/module", Path: "/api/module",
Handler: func(c echo.Context) error { Handler: func(c echo.Context) error {
requestModule := c.QueryParam("uuid")
var requestModule model.Module module, err := events.GetModuleByUUID(app, requestModule)
if err := c.Bind(&requestModule); err != nil {
return apis.NewBadRequestError("Failed to read request body", err)
}
module, err := events.GetModuleByName(app, requestModule)
if err != nil { if err != nil {
return c.JSON(400, err) return c.JSON(400, err)
} else { } else {
@@ -286,7 +280,7 @@ func AddRoutes(app *pocketbase.PocketBase) {
app.OnBeforeServe().Add(func(e *core.ServeEvent) error { app.OnBeforeServe().Add(func(e *core.ServeEvent) error {
_, err := e.Router.AddRoute(echo.Route{ _, err := e.Router.AddRoute(echo.Route{
Method: http.MethodGet, Method: http.MethodGet,
Path: "/api/feed/migrate", Path: "/api/feeds/migrate",
Handler: func(c echo.Context) error { Handler: func(c echo.Context) error {
err := ical.MigrateFeedJson(app) err := ical.MigrateFeedJson(app)

12
backend/service/db/dbEvents.go
View File

@@ -196,6 +196,18 @@ func DeleteAllEvents(app *pocketbase.PocketBase) error {
return nil return nil
} }
func FindModuleByUUID(app *pocketbase.PocketBase, uuid string) (model.Module, error) {
var module model.Module
err := app.Dao().DB().Select("*").From("events").Where(dbx.NewExp("uuid = {:uuid}", dbx.Params{"uuid": uuid})).One(&module)
if err != nil {
print("Error while getting events from database: ", err)
return model.Module{}, err
}
return module, nil
}
func FindAllEventsByModule(app *pocketbase.PocketBase, module model.Module) (model.Events, error) { func FindAllEventsByModule(app *pocketbase.PocketBase, module model.Module) (model.Events, error) {
var events model.Events var events model.Events

7
backend/service/events/eventService.go
View File

@@ -42,11 +42,8 @@ func GetAllModulesDistinct(app *pocketbase.PocketBase, c echo.Context) error {
} }
} }
// GetModuleByName returns a module by its name func GetModuleByUUID(app *pocketbase.PocketBase, uuid string) (model.Module, error) {
// If the module does not exist, an error is returned module, err := db.FindModuleByUUID(app, uuid)
// If the module exists, the module is returned
// Module is a struct that exists in database as events
func GetModuleByName(app *pocketbase.PocketBase, module model.Module) (model.Module, error) {
events, err := db.FindAllEventsByModule(app, module) events, err := db.FindAllEventsByModule(app, module)
if err != nil || len(events) == 0 { if err != nil || len(events) == 0 {

9
frontend/src/api/fetchModule.ts
View File

@@ -1,13 +1,8 @@
import { Module } from "../model/module"; import { Module } from "../model/module";
export async function fetchModule(module: Module): Promise<Module> { export async function fetchModule(module: Module): Promise<Module> {
const request = new Request("/api/module", { // request to the backend on /api/module with query parameters name as the module name
method: "POST", const request = new Request("/api/module?uuid=" + module.uuid);
headers: {
"Content-Type": "application/json",
},
body: JSON.stringify(module),
});
return await fetch(request) return await fetch(request)
.then((response) => { .then((response) => {