From d3332f530fa05b567d2a3087ec8897eef5f19fdb Mon Sep 17 00:00:00 2001
From: mountain <mountain@action2quare.com>
Date: Fri, 23 Jun 2023 17:58:41 +0900
Subject: [PATCH] =?UTF-8?q?noauth=EC=99=80=20devflag=20=EB=B6=84=EB=A6=AC?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 core/api.go      | 39 ++++++++++++++++------------
 core/maingate.go | 67 ++++++++++++++++++++++--------------------------
 core/service.go  |  4 +++
 3 files changed, 57 insertions(+), 53 deletions(-)

diff --git a/core/api.go b/core/api.go
index 6c3fc1f..57ee09f 100644
--- a/core/api.go
+++ b/core/api.go
@@ -75,7 +75,7 @@ func (fd *fileDocumentDesc) save() error {
 }
 
 func (caller apiCaller) isAdmin() bool {
-	if *noauth {
+	if *devflag {
 		return true
 	}
 
@@ -359,14 +359,17 @@ var errApiTokenMissing = errors.New("mg-x-api-token is missing")
 
 func (caller apiCaller) configAPI(w http.ResponseWriter, r *http.Request) error {
 	mg := caller.mg
-	apitoken := r.Header.Get("MG-X-API-TOKEN")
-	if len(apitoken) == 0 {
-		return errApiTokenMissing
-	}
 
-	apitokenObj, _ := primitive.ObjectIDFromHex(apitoken)
-	if !mg.service().isValidToken(apitokenObj) {
-		return fmt.Errorf("mg-x-api-token is not valid : %s", apitoken)
+	if !*devflag {
+		apitoken := r.Header.Get("MG-X-API-TOKEN")
+		if len(apitoken) == 0 {
+			return errApiTokenMissing
+		}
+
+		apitokenObj, _ := primitive.ObjectIDFromHex(apitoken)
+		if !mg.service().isValidToken(apitokenObj) {
+			return fmt.Errorf("mg-x-api-token is not valid : %s", apitoken)
+		}
 	}
 
 	return nil
@@ -394,7 +397,7 @@ func (mg *Maingate) api(w http.ResponseWriter, r *http.Request) {
 
 	var userinfo map[string]any
 
-	if !*noauth {
+	if !*devflag {
 		authheader := r.Header.Get("Authorization")
 		if len(authheader) == 0 {
 			logger.Println("Authorization header is not valid :", authheader)
@@ -437,16 +440,18 @@ func (mg *Maingate) api(w http.ResponseWriter, r *http.Request) {
 		}
 	}
 
-	apiToken := r.Header.Get("MG-X-API-TOKEN")
 	var apiTokenObj primitive.ObjectID
-	if len(apiToken) > 0 {
-		obj, err := primitive.ObjectIDFromHex(apiToken)
-		if err != nil {
-			logger.Error(err)
-			w.WriteHeader(http.StatusBadRequest)
-			return
+	if !*devflag {
+		apiToken := r.Header.Get("MG-X-API-TOKEN")
+		if len(apiToken) > 0 {
+			obj, err := primitive.ObjectIDFromHex(apiToken)
+			if err != nil {
+				logger.Error(err)
+				w.WriteHeader(http.StatusBadRequest)
+				return
+			}
+			apiTokenObj = obj
 		}
-		apiTokenObj = obj
 	}
 
 	logger.Println("api call :", r.URL.Path, r.Method, r.URL.Query(), userinfo)
diff --git a/core/maingate.go b/core/maingate.go
index 71b3646..04ed098 100644
--- a/core/maingate.go
+++ b/core/maingate.go
@@ -433,40 +433,7 @@ func whitelistKey(email string) string {
 
 func (mg *Maingate) RegisterHandlers(ctx context.Context, serveMux *http.ServeMux, prefix string) error {
 	var allServices []*serviceDescription
-
-	if *noauth {
-		host, _ := os.Hostname()
-		addrs, err := net.InterfaceAddrs()
-		if err != nil {
-			return err
-		}
-		ipaddr := "127.0.0.1"
-		for _, addr := range addrs {
-			if ipnet, ok := addr.(*net.IPNet); ok && !ipnet.IP.IsLoopback() {
-				if ipnet.IP.To4() != nil && ipnet.IP.IsPrivate() {
-					ipaddr = ipnet.IP.String()
-				}
-			}
-		}
-
-		empty := serviceDescription{
-			ServiceDescriptionSummary: ServiceDescriptionSummary{
-				ServiceCode: "000000000000",
-			},
-			Divisions: map[string]*Division{
-				host: {
-					DivisionForUser: DivisionForUser{
-						Priority: 0,
-						State:    DivisionState_FullOpen,
-					},
-
-					Url: fmt.Sprintf("http://%s/warehouse", ipaddr),
-				},
-			},
-		}
-		empty.prepare(mg)
-		allServices = append(allServices, &empty)
-	} else if err := mg.mongoClient.AllAs(CollectionService, &allServices, options.Find().SetReturnKey(false)); err != nil {
+	if err := mg.mongoClient.AllAs(CollectionService, &allServices, options.Find().SetReturnKey(false)); err != nil {
 		return err
 	}
 
@@ -481,6 +448,34 @@ func (mg *Maingate) RegisterHandlers(ctx context.Context, serveMux *http.ServeMu
 				Id: primitive.NewObjectID(),
 			},
 		}
+
+		if *devflag {
+			host, _ := os.Hostname()
+			addrs, err := net.InterfaceAddrs()
+			if err != nil {
+				return err
+			}
+			ipaddr := "127.0.0.1"
+			for _, addr := range addrs {
+				if ipnet, ok := addr.(*net.IPNet); ok && !ipnet.IP.IsLoopback() {
+					if ipnet.IP.To4() != nil && ipnet.IP.IsPrivate() {
+						ipaddr = ipnet.IP.String()
+					}
+				}
+			}
+
+			empty.Divisions = map[string]*Division{
+				host: {
+					DivisionForUser: DivisionForUser{
+						Priority: 0,
+						State:    DivisionState_FullOpen,
+					},
+
+					Url: fmt.Sprintf("http://%s/warehouse", ipaddr),
+				},
+			}
+		}
+
 		empty.prepare(mg)
 		atomic.StorePointer(&mg.serviceptr, unsafe.Pointer(&empty))
 
@@ -513,7 +508,7 @@ func (mg *Maingate) RegisterHandlers(ctx context.Context, serveMux *http.ServeMu
 			}
 		}()
 
-		if !*noauth {
+		if !*devflag {
 			apitoken := r.Header.Get("MG-X-API-TOKEN")
 			if len(apitoken) == 0 {
 				logger.Println("MG-X-API-TOKEN is missing")
@@ -600,7 +595,7 @@ func (mg *Maingate) query(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	if !*noauth {
+	if !*devflag {
 		apitoken := r.Header.Get("MG-X-API-TOKEN")
 		if len(apitoken) == 0 {
 			logger.Println("MG-X-API-TOKEN is missing")
diff --git a/core/service.go b/core/service.go
index 06809a5..de2796b 100644
--- a/core/service.go
+++ b/core/service.go
@@ -156,6 +156,10 @@ type serviceDescription struct {
 }
 
 func (sh *serviceDescription) isValidToken(apiToken primitive.ObjectID) bool {
+	if *devflag {
+		return true
+	}
+
 	if apiToken.IsZero() {
 		return false
 	}