-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathcomponentsApi.go
More file actions
81 lines (69 loc) · 2.22 KB
/
componentsApi.go
File metadata and controls
81 lines (69 loc) · 2.22 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
package main
import (
"html"
"github.com/SUASecLab/workadventure_admin_extensions/extensions"
"go.mongodb.org/mongo-driver/bson"
"go.mongodb.org/mongo-driver/mongo/options"
"fmt"
"log"
"net/http"
"strconv"
)
func handleAPIRequest(w http.ResponseWriter, r *http.Request) {
userToken := r.URL.Query().Get("token")
nr := r.URL.Query().Get("nr")
components := r.URL.Query().Get("components")
// escape input
userToken = html.EscapeString(userToken)
nr = html.EscapeString(nr)
components = html.EscapeString(components)
// find out whether user is allowed to change the components
decision, err := extensions.GetAuthDecision("http://" + sidecarUrl +
"/auth?token=" + userToken + "&service=updateComponents")
if err != nil {
w.WriteHeader(http.StatusInternalServerError)
errorMsg := "Error while checking if user is allowed to update components"
fmt.Fprintf(w, "%s", errorMsg)
log.Println(errorMsg, err)
return
}
if !decision.Allowed {
w.WriteHeader(http.StatusForbidden)
fmt.Fprintf(w, "You are not allowed to update the components")
log.Println("Forbidden access attempt on request API")
return
}
nrVal, err := strconv.Atoi(nr)
if err != nil {
w.WriteHeader(http.StatusNotFound)
fmt.Fprintf(w, "Invalid workplace number")
log.Println("Invalid workplace number provided")
return
}
ctx, cancel, client, collection, success := connectToCollection(w)
defer cancel()
defer client.Disconnect(ctx)
if !success {
w.WriteHeader(http.StatusInternalServerError)
log.Println("Could not connect to collection")
return
}
opts := options.Update().SetUpsert(true)
filter := bson.D{{Key: "nr", Value: nrVal}}
update := bson.D{{Key: "$set",
Value: bson.D{{Key: "components", Value: components}}}}
result, err := collection.UpdateOne(ctx, filter, update, opts)
if err != nil {
w.WriteHeader(http.StatusInternalServerError)
log.Println("Could not update database:", err)
fmt.Fprintln(w, "Could not update database")
return
}
if result.UpsertedCount == 1 {
fmt.Fprintln(w, "Inserted workplace description")
} else if result.ModifiedCount == 1 {
fmt.Fprintln(w, "Updated workplace description")
} else {
fmt.Fprintln(w, "Did not update workplace description. Are you sure the components changed?")
}
}