fix: Add admin middleware and update user route

peterxcli · Feb 26, 2024 · 04a94f9 · 04a94f9
1 parent 7b92f8c
commit 04a94f9
Show file tree

Hide file tree

Showing 3 changed files with 28 additions and 4 deletions.
diff --git a/pkg/middleware/admin.go b/pkg/middleware/admin.go
@@ -0,0 +1,24 @@
+package middleware
+
+import (
+	"net/http"
+
+	"gorm.io/gorm"
+
+	"bikefest/pkg/model"
+
+	"github.com/gin-gonic/gin"
+)
+
+func AdminMiddleware(db *gorm.DB) gin.HandlerFunc {
+	return func(c *gin.Context) {
+		api_key := c.Query("api_key")
+		if api_key != "peter12345" {
+			c.AbortWithStatusJSON(http.StatusUnauthorized, model.Response{
+				Msg: "還敢偷看歐？",
+			})
+			return
+		}
+		c.Next()
+	}
+}
diff --git a/pkg/router/event_route.go b/pkg/router/event_route.go
@@ -8,13 +8,13 @@ import (
 
 func RegisterEventRouter(app *bootstrap.Application, controller *controller.EventController) {
 	r := app.Engine.Group("/events")
-	authMiddleware := middleware.AuthMiddleware(app.Env.JWT.AccessTokenSecret, app.Cache)
+	// authMiddleware := middleware.AuthMiddleware(app.Env.JWT.AccessTokenSecret, app.Cache)
 
 	r.GET("", controller.GetAllEvent)
 	//r.GET("/user", authMiddleware, controller.GetUserEvent)
 	r.GET("/:id", controller.GetEventByID)
 	//r.POST("", controller.SubscribeEvent)
-	r.PUT("/:id", authMiddleware, controller.UpdateEvent)
-	r.GET("/test-store-all", controller.StoreAllEvent)
+	// r.PUT("/:id", authMiddleware, controller.UpdateEvent)
+	r.GET("/test-store-all", middleware.AdminMiddleware(app.Conn), controller.StoreAllEvent)
 	//r.DELETE("/:event_id", controller.DeleteEvent)
 }
diff --git a/pkg/router/user_route.go b/pkg/router/user_route.go
@@ -13,7 +13,7 @@ func RegisterUserRoutes(app *bootstrap.Application, controller *controller.UserC
 	r.GET("/profile", authMiddleware, controller.Profile)
 	r.GET("/:user_id", controller.GetUserByID)
 	r.POST("/refresh_token", authMiddleware, controller.RefreshToken)
-	r.GET("", controller.GetUsers)
+	r.GET("", middleware.AdminMiddleware(app.Conn), controller.GetUsers)
 	r.POST("/logout", authMiddleware, controller.Logout)
 	r.GET("/login/:user_id", controller.FakeLogin)
 	r.POST("/register", controller.FakeRegister)