whitelist에서 email과 platform을 모두 비교

2023-07-07 15:32:54 +09:00
parent 5abb3fd2b7
commit 22ec115b35
4 changed files with 11 additions and 65 deletions
--- a/core/api.go
+++ b/core/api.go
@ -74,40 +74,8 @@ func (fd *FileDocumentDesc) Save() error {
 	return err
 }

-func (caller apiCaller) isAdmin() bool {
-	if *devflag {
-		return true
-	}
-
-	v, ok := caller.userinfo["email"]
-	if !ok {
-		logger.Println("isVaidUser failed. email is missing :", caller.userinfo)
-		return false
-	}
-
-	email := v.(string)
-	if _, ok := caller.globalAdmins[email]; ok {
-		return true
-	}
-
-	return caller.mg.service().isAdmin(email)
-}
-
-func (caller apiCaller) isAdminOrValidToken() bool {
-	if caller.isAdmin() {
-		return true
-	}
-
-	return caller.mg.service().isValidToken(caller.apiToken)
-}
-
 func (caller apiCaller) filesAPI(w http.ResponseWriter, r *http.Request) error {
 	if r.Method == "GET" {
-		// if !caller.isAdminOrValidToken() {
-		// 	w.WriteHeader(http.StatusUnauthorized)
-		// 	return nil
-		// }
-
 		allfiles, err := caller.mg.mongoClient.All(CollectionFile, options.Find().SetProjection(bson.M{
 			"contents": 0,
 		}).SetReturnKey(false))
@ -126,11 +94,6 @@ func (caller apiCaller) filesAPI(w http.ResponseWriter, r *http.Request) error {
 			return nil
 		}

-		// if !caller.isAdminOrValidToken() {
-		// 	w.WriteHeader(http.StatusUnauthorized)
-		// 	return nil
-		// }
-
 		_, err := caller.mg.mongoClient.Delete(CollectionFile, bson.M{
 			"key": key,
 		})
@ -208,7 +171,6 @@ func (caller apiCaller) uploadAPI(w http.ResponseWriter, r *http.Request) error

 func (caller apiCaller) whitelistAPI(w http.ResponseWriter, r *http.Request) error {
 	mg := caller.mg
-	queryvals := r.URL.Query()
 	if r.Method == "GET" {
 		// if !caller.isAdminOrValidToken() {
 		// 	logger.Println("whitelistAPI failed. not vaild user :", r.Method, caller.userinfo)
@ -256,7 +218,7 @@ func (caller apiCaller) whitelistAPI(w http.ResponseWriter, r *http.Request) err
 			return err
 		}
 	} else if r.Method == "DELETE" {
-		id := queryvals.Get("id")
+		id := r.FormValue("id")
 		if len(id) == 0 {
 			return errors.New("id param is missing")
 		}
--- a/core/maingate.go
+++ b/core/maingate.go
@ -429,7 +429,7 @@ func (mg *Maingate) prepare(context context.Context) (err error) {
 	return nil
 }

-func whitelistKey(email string) string {
+func whitelistKey(email string, platform string) string {
 	if strings.HasPrefix(email, "*@") {
 		// 도메인 전체 허용
 		return email[2:]
--- a/core/service.go
+++ b/core/service.go
@ -27,8 +27,6 @@ type blockinfo struct {
 	Reason string             `bson:"reason" json:"reason"`
 }

-type whitelistMemberTag = string
-
 type whitelistmember struct {
 	Email    string             `bson:"email" json:"email"`
 	Platform string             `bson:"platform" json:"platform"`
@ -53,7 +51,7 @@ type usertokeninfo struct {
 func (wl *whitelist) init(total []whitelistmember) {
 	all := make(map[string]*whitelistmember)
 	for _, member := range total {
-		all[whitelistKey(member.Email)] = &member
+		all[whitelistKey(member.Email, member.Platform)] = &member
 	}
 	atomic.StorePointer(&wl.emailptr, unsafe.Pointer(&all))
 }
@ -66,11 +64,11 @@ func addToUnsafePointer(to *unsafe.Pointer, m *whitelistmember) {
 	for k, v := range *src {
 		next[k] = v
 	}
-	next[whitelistKey(m.Email)] = m
+	next[whitelistKey(m.Email, m.Platform)] = m
 	atomic.StorePointer(to, unsafe.Pointer(&next))
 }

-func removeFromUnsafePointer(from *unsafe.Pointer, email string) {
+func removeFromUnsafePointer(from *unsafe.Pointer, email string, platform string) {
 	ptr := atomic.LoadPointer(from)
 	src := (*map[string]*whitelistmember)(ptr)

@ -78,7 +76,7 @@ func removeFromUnsafePointer(from *unsafe.Pointer, email string) {
 	for k, v := range *src {
 		next[k] = v
 	}
-	delete(next, whitelistKey(email))
+	delete(next, whitelistKey(email, platform))
 	atomic.StorePointer(from, unsafe.Pointer(&next))
 }

@ -86,18 +84,16 @@ func (wl *whitelist) add(m *whitelistmember) {
 	addToUnsafePointer(&wl.emailptr, m)
 }

-func (wl *whitelist) remove(email string) {
-	removeFromUnsafePointer(&wl.emailptr, email)
+func (wl *whitelist) remove(email string, platform string) {
+	removeFromUnsafePointer(&wl.emailptr, email, platform)
 }

 func (wl *whitelist) isMember(email string, platform string) bool {
 	ptr := atomic.LoadPointer(&wl.emailptr)
 	src := *(*map[string]*whitelistmember)(ptr)

-	if member, exists := src[whitelistKey(email)]; exists {
-		return member.Platform == platform
-	}
-	return false
+	_, exists := src[whitelistKey(email, platform)]
+	return exists
 }

 type DivisionStateName string
@ -559,18 +555,6 @@ func (sh *serviceDescription) linkinfo(w http.ResponseWriter, r *http.Request) {

 }

-func (sh *serviceDescription) isAdmin(email string) bool {
-	ptr := atomic.LoadPointer(&sh.admins)
-	admins := *(*[]string)(ptr)
-
-	for _, a := range admins {
-		if a == email {
-			return true
-		}
-	}
-	return false
-}
-
 func (sh *serviceDescription) authorize(w http.ResponseWriter, r *http.Request) {
 	defer func() {
 		s := recover()
--- a/core/watch.go
+++ b/core/watch.go
@ -112,7 +112,7 @@ func (mg *Maingate) watchWhitelistCollection(parentctx context.Context) {
 				case "update":
 					if data.Member.Expired != 0 {
 						logger.Println("whitelist member is removed :", *data.Member)
-						mg.service().wl.remove(data.Member.Email)
+						mg.service().wl.remove(data.Member.Email, data.Member.Platform)
 					} else {
 						logger.Println("whitelist member is updated :", *data.Member)
 						mg.service().wl.add(data.Member)