diff --git a/pkg/middleware/admin.go b/pkg/middleware/admin.go new file mode 100644 index 0000000..0014c62 --- /dev/null +++ b/pkg/middleware/admin.go @@ -0,0 +1,24 @@ +package middleware + +import ( + "net/http" + + "gorm.io/gorm" + + "bikefest/pkg/model" + + "github.com/gin-gonic/gin" +) + +func AdminMiddleware(db *gorm.DB) gin.HandlerFunc { + return func(c *gin.Context) { + api_key := c.Query("api_key") + if api_key != "peter12345" { + c.AbortWithStatusJSON(http.StatusUnauthorized, model.Response{ + Msg: "還敢偷看歐?", + }) + return + } + c.Next() + } +} diff --git a/pkg/router/event_route.go b/pkg/router/event_route.go index 88a2a0c..db018b5 100644 --- a/pkg/router/event_route.go +++ b/pkg/router/event_route.go @@ -8,13 +8,13 @@ import ( func RegisterEventRouter(app *bootstrap.Application, controller *controller.EventController) { r := app.Engine.Group("/events") - authMiddleware := middleware.AuthMiddleware(app.Env.JWT.AccessTokenSecret, app.Cache) + // authMiddleware := middleware.AuthMiddleware(app.Env.JWT.AccessTokenSecret, app.Cache) r.GET("", controller.GetAllEvent) //r.GET("/user", authMiddleware, controller.GetUserEvent) r.GET("/:id", controller.GetEventByID) //r.POST("", controller.SubscribeEvent) - r.PUT("/:id", authMiddleware, controller.UpdateEvent) - r.GET("/test-store-all", controller.StoreAllEvent) + // r.PUT("/:id", authMiddleware, controller.UpdateEvent) + r.GET("/test-store-all", middleware.AdminMiddleware(app.Conn), controller.StoreAllEvent) //r.DELETE("/:event_id", controller.DeleteEvent) } diff --git a/pkg/router/user_route.go b/pkg/router/user_route.go index f6f5473..9cc6c60 100644 --- a/pkg/router/user_route.go +++ b/pkg/router/user_route.go @@ -13,7 +13,7 @@ func RegisterUserRoutes(app *bootstrap.Application, controller *controller.UserC r.GET("/profile", authMiddleware, controller.Profile) r.GET("/:user_id", controller.GetUserByID) r.POST("/refresh_token", authMiddleware, controller.RefreshToken) - r.GET("", controller.GetUsers) + r.GET("", middleware.AdminMiddleware(app.Conn), controller.GetUsers) r.POST("/logout", authMiddleware, controller.Logout) r.GET("/login/:user_id", controller.FakeLogin) r.POST("/register", controller.FakeRegister)