From 9a1ef00618554425d63d30e8f5b0d133d1244b8c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?B=C3=A1lint=20R=C3=A9thelyi?= <rethelyibalint@gmail.com>
Date: Wed, 25 Aug 2021 22:21:03 +0200
Subject: [PATCH] add admin middleware

---
 admin/admin.go  | 23 ++++++++++++++++++++---
 k8s/apply.sh    |  1 +
 k8s/values.yaml |  2 +-
 main.go         |  2 +-
 4 files changed, 23 insertions(+), 5 deletions(-)

diff --git a/admin/admin.go b/admin/admin.go
index 7e03783..7634ef5 100644
--- a/admin/admin.go
+++ b/admin/admin.go
@@ -10,7 +10,8 @@ import (
 
 var adminTemplate *template.Template
 var balanceTemplate *template.Template
-var Router = http.NewServeMux()
+var router = http.NewServeMux()
+var Handler = adminMW(router)
 
 type Between struct {
 	User     *homepage.User
@@ -35,14 +36,30 @@ func init() {
 		panic(err)
 	}
 
-	Router.HandleFunc("/balance/", balance)
-	Router.HandleFunc("/", handler)
+	router.HandleFunc("/balance/", balance)
+	router.HandleFunc("/", handler)
+}
+
+func adminMW(h http.Handler) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		admin, err := homepage.GetUserInfoBySession(r)
+		if err != nil {
+			helpers.Logger.Println(err)
+			return
+		}
+		if admin.IsAdmin {
+			h.ServeHTTP(w, r)
+		} else {
+			w.WriteHeader(http.StatusForbidden)
+		}
+	})
 }
 
 func handler(w http.ResponseWriter, r *http.Request) {
 	if r.Method == http.MethodGet {
 		admin, err := homepage.GetUserInfoBySession(r)
 		if err != nil {
+			helpers.Logger.Println(err)
 			return
 		}
 		er := adminTemplate.Execute(w, admin)
diff --git a/k8s/apply.sh b/k8s/apply.sh
index 71da4ca..19d0aea 100755
--- a/k8s/apply.sh
+++ b/k8s/apply.sh
@@ -5,3 +5,4 @@ source secret.env
 set +o allexport
 
 envsubst < values.yaml | helm upgrade --install --wait becskasszasch . -n apps --values -
+
diff --git a/k8s/values.yaml b/k8s/values.yaml
index 2a23e46..5225ef6 100644
--- a/k8s/values.yaml
+++ b/k8s/values.yaml
@@ -7,5 +7,5 @@ POSTGRES: "${POSTGRES}"
 POSTGRES_PASS: "${POSTGRES_PASS}"
 POSTGRES_USER: "${POSTGRES_USER}"
 POSTGRES_DB: "${POSTGRES_DB}"
-Tag: "v1.6.2"
+Tag: "v1.6.3"
 REGISTRY_CONF: "${REGISTRY_CONF}"
diff --git a/main.go b/main.go
index ab4e2b1..1250afe 100644
--- a/main.go
+++ b/main.go
@@ -38,7 +38,7 @@ func main() {
 	//mux.HandleFunc("/topup/api/", topup.PayPalHandler)
 	mux.Handle("/metrics", promhttp.Handler())
 	mux.Handle("/metrics/", promhttp.Handler())
-	mux.Handle("/admin/", http.StripPrefix("/admin", admin.Router))
+	mux.Handle("/admin/", http.StripPrefix("/admin", admin.Handler))
 	mux.HandleFunc("/history/", history.Handler)
 	mux.HandleFunc("/", homepage.Handler)
 	//mux.HandleFunc("/new/", homepage.NewHandler)
-- 
GitLab