From c6178e9cd306d8b4fd0dbbd481a5f8c6473f3a1e Mon Sep 17 00:00:00 2001 From: itsscb Date: Mon, 2 Oct 2023 23:32:16 +0200 Subject: [PATCH] Add BlockSession (#66) --- Makefile | 4 +-- bff/api/server.go | 1 + bff/api/session.go | 55 ++++++++++++++++++++++++++++++++++++++ bff/db/mock/store.go | 14 ++++++++++ bff/db/query/session.sql | 8 +++++- bff/db/sqlc/querier.go | 1 + bff/db/sqlc/session.sql.go | 12 +++++++++ 7 files changed, 92 insertions(+), 3 deletions(-) diff --git a/Makefile b/Makefile index 72bdbc3..de49886 100644 --- a/Makefile +++ b/Makefile @@ -41,7 +41,7 @@ dropdb: docker exec -it postgres dropdb df sqlc: - sqlc generate + cd bff && sqlc generate && cd .. sqlcinit: sqlc init @@ -56,6 +56,6 @@ server: cd bff && go run main.go && cd .. mock: - mockgen -package mockdb -destination bff/db/mock/store.go github.com/itsscb/df/bff/db/sqlc Store + cd bff && mockgen -package mockdb -destination db/mock/store.go github.com/itsscb/df/bff/db/sqlc Store && cd .. .PHONY: postgres migratenew createdb dropdb migrateup migratedown sqlc sqlcinit test server backend_build backend backend-stop reset_docker diff --git a/bff/api/server.go b/bff/api/server.go index 9a09d5c..5521740 100644 --- a/bff/api/server.go +++ b/bff/api/server.go @@ -63,6 +63,7 @@ func NewServer(config util.Config, store db.Store) (*Server, error) { authRoutes.PUT("/accounts/privacy", server.updateAccountPrivacy) authRoutes.GET("/accounts/:id", server.getAccount) authRoutes.GET("/accounts", server.listAccounts) + authRoutes.POST("/sessions", server.blockSession) server.router = router return server, nil diff --git a/bff/api/session.go b/bff/api/session.go index 805cefc..f270d21 100644 --- a/bff/api/session.go +++ b/bff/api/session.go @@ -9,6 +9,7 @@ import ( "github.com/gin-gonic/gin" "github.com/google/uuid" db "github.com/itsscb/df/bff/db/sqlc" + "github.com/itsscb/df/bff/token" "github.com/itsscb/df/bff/util" ) @@ -91,3 +92,57 @@ func (server *Server) loginAccount(ctx *gin.Context) { } ctx.JSON(http.StatusOK, rsp) } + +type blockSessionRequest struct { + ID uuid.UUID `json:"session_id"` +} + +func (server *Server) blockSession(ctx *gin.Context) { + var req blockSessionRequest + if err := ctx.ShouldBindJSON(&req); err != nil { + ctx.JSON(http.StatusBadRequest, errorResponse(err)) + return + } + + authorizationPayload, ok := ctx.Get(authorizationPayloadKey) + if !ok { + ctx.JSON(http.StatusUnauthorized, nil) + return + } + + payload := authorizationPayload.(*token.Payload) + + session, err := server.store.GetSession(ctx, req.ID) + if err != nil { + if errors.Is(err, sql.ErrNoRows) { + ctx.JSON(http.StatusUnauthorized, errorResponse(errors.New("unauthorized"))) + return + } + ctx.JSON(http.StatusInternalServerError, errorResponse(err)) + return + } + + if session.IsBlocked { + ctx.JSON(http.StatusAlreadyReported, errorResponse(errors.New("already blocked"))) + return + } + + if session.Email != payload.Email { + ctx.JSON(http.StatusUnauthorized, errorResponse(errors.New("unauthorized"))) + return + } + + err = server.store.BlockSession(ctx, session.ID) + if err != nil { + ctx.JSON(http.StatusInternalServerError, errorResponse(err)) + return + } + + rsp := struct { + Ok bool + }{ + Ok: true, + } + + ctx.JSON(http.StatusOK, rsp) +} diff --git a/bff/db/mock/store.go b/bff/db/mock/store.go index 9c82abf..631f792 100644 --- a/bff/db/mock/store.go +++ b/bff/db/mock/store.go @@ -40,6 +40,20 @@ func (m *MockStore) EXPECT() *MockStoreMockRecorder { return m.recorder } +// BlockSession mocks base method. +func (m *MockStore) BlockSession(arg0 context.Context, arg1 uuid.UUID) error { + m.ctrl.T.Helper() + ret := m.ctrl.Call(m, "BlockSession", arg0, arg1) + ret0, _ := ret[0].(error) + return ret0 +} + +// BlockSession indicates an expected call of BlockSession. +func (mr *MockStoreMockRecorder) BlockSession(arg0, arg1 any) *gomock.Call { + mr.mock.ctrl.T.Helper() + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "BlockSession", reflect.TypeOf((*MockStore)(nil).BlockSession), arg0, arg1) +} + // CreateAccount mocks base method. func (m *MockStore) CreateAccount(arg0 context.Context, arg1 db.CreateAccountParams) (db.Account, error) { m.ctrl.T.Helper() diff --git a/bff/db/query/session.sql b/bff/db/query/session.sql index 47d1fde..3e34026 100644 --- a/bff/db/query/session.sql +++ b/bff/db/query/session.sql @@ -13,4 +13,10 @@ INSERT INTO sessions ( -- name: GetSession :one SELECT * FROM sessions -WHERE id = $1 LIMIT 1; \ No newline at end of file +WHERE id = $1 LIMIT 1; + +-- name: BlockSession :exec +UPDATE sessions +SET + "is_blocked" = true +WHERE "id" = sqlc.arg(id); \ No newline at end of file diff --git a/bff/db/sqlc/querier.go b/bff/db/sqlc/querier.go index 55ce165..714b78b 100644 --- a/bff/db/sqlc/querier.go +++ b/bff/db/sqlc/querier.go @@ -11,6 +11,7 @@ import ( ) type Querier interface { + BlockSession(ctx context.Context, id uuid.UUID) error CreateAccount(ctx context.Context, arg CreateAccountParams) (Account, error) CreateDocumentMail(ctx context.Context, arg CreateDocumentMailParams) (Document, error) CreateDocumentUpload(ctx context.Context, arg CreateDocumentUploadParams) (Document, error) diff --git a/bff/db/sqlc/session.sql.go b/bff/db/sqlc/session.sql.go index daace93..f607ed2 100644 --- a/bff/db/sqlc/session.sql.go +++ b/bff/db/sqlc/session.sql.go @@ -12,6 +12,18 @@ import ( "github.com/google/uuid" ) +const blockSession = `-- name: BlockSession :exec +UPDATE sessions +SET + "is_blocked" = true +WHERE "id" = $1 +` + +func (q *Queries) BlockSession(ctx context.Context, id uuid.UUID) error { + _, err := q.db.ExecContext(ctx, blockSession, id) + return err +} + const createSession = `-- name: CreateSession :one INSERT INTO sessions ( id,