Skip to content
Open
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
36 changes: 30 additions & 6 deletions backend/WebUI/api_webui.go
Original file line number Diff line number Diff line change
Expand Up @@ -422,6 +422,17 @@ func GetTenantId(c *gin.Context) (string, error) {
return claims["tenantId"].(string), nil
}

func CheckProfileAuth(c *gin.Context) bool {
tokenStr := c.GetHeader("Token")
_, err := ParseJWT(tokenStr)
if err != nil {
logger.ProcLog.Errorln(err.Error())
c.JSON(http.StatusBadRequest, gin.H{"cause": "Illegal Token"})
return false
}
return true
}

// Tenant
func GetTenants(c *gin.Context) {
setCorsHeader(c)
Expand Down Expand Up @@ -1914,6 +1925,10 @@ func DeleteProfile(c *gin.Context) {
setCorsHeader(c)
logger.ProcLog.Infoln("Delete One Profile Data")

if !CheckProfileAuth(c) {
return
}

profileName := c.Param("profileName")
pf, err := mongoapi.RestfulAPIGetOne(profileDataColl, bson.M{"profileName": profileName})
if err != nil {
Expand All @@ -1937,6 +1952,11 @@ func DeleteProfile(c *gin.Context) {
func DeleteMultipleProfiles(c *gin.Context) {
setCorsHeader(c)
logger.ProcLog.Infoln("Delete Multiple Profiles")

if !CheckProfileAuth(c) {
return
}

var profileDatas []*Profile
if err := c.ShouldBindJSON(&profileDatas); err != nil {
logger.ProcLog.Errorf("DeleteMultipleProfiles err: %+v", err)
Expand Down Expand Up @@ -1986,6 +2006,10 @@ func GetProfile(c *gin.Context) {
setCorsHeader(c)
logger.ProcLog.Infoln("Get One Profile Data")

if !CheckProfileAuth(c) {
return
}

profileName := c.Param("profileName")

profile, err := mongoapi.RestfulAPIGetOne(profileDataColl, bson.M{"profileName": profileName})
Expand All @@ -2009,16 +2033,12 @@ func PostProfile(c *gin.Context) {
setCorsHeader(c)
logger.ProcLog.Infoln("Post One Profile Data")

tokenStr := c.GetHeader("Token")
_, err := ParseJWT(tokenStr)
if err != nil {
logger.ProcLog.Errorln(err.Error())
c.JSON(http.StatusBadRequest, gin.H{"cause": "Illegal Token"})
if !CheckProfileAuth(c) {
return
}

var profile Profile
if err = c.ShouldBindJSON(&profile); err != nil {
if err := c.ShouldBindJSON(&profile); err != nil {
logger.ProcLog.Errorf("PostProfile err: %+v", err)
c.JSON(http.StatusBadRequest, gin.H{"cause": "JSON format incorrect"})
return
Expand Down Expand Up @@ -2056,6 +2076,10 @@ func PutProfile(c *gin.Context) {
setCorsHeader(c)
logger.ProcLog.Infoln("Put One Profile Data")

if !CheckProfileAuth(c) {
return
}

profileName := c.Param("profileName")

var profile Profile
Expand Down
Loading