Admin panel upgrade server updates (#54)

* Changes for testing * Updating server code to allow unlinking discord IDs as needed * Fixed some debug issues commented out code * Updating server to allow updated admin panel functionality * Updated some commentted out code * Updated missed / * Updated to allow for a single query to the db with multiple columns, and a conversion to allow string outputs instead of sql.NullStrings * Deleted .bak files and .vs folder as per Walker's discord message * Added logic to check server to make sure usename exists for discord linking and unlinking * Changes to allow linking and unlinking of google Id from DB * Removed .vs folder * Reverted dev code * PR comments * Updates from Pancake's comments
pagefaultgames · Oct 17, 2024 · 4304969 · 4304969
1 parent b2aa37b
commit 4304969
Show file tree

Hide file tree

Showing 6 changed files with 387 additions and 3 deletions.
diff --git a/.gitignore b/.gitignore
@@ -14,3 +14,5 @@ secret.key
 *.ipr
 *.iws
 .vscode/launch.json
+
+/.vs
diff --git a/api/common.go b/api/common.go
@@ -68,7 +68,11 @@ func Init(mux *http.ServeMux) error {
 	mux.HandleFunc("/auth/{provider}/logout", handleProviderLogout)
 
 	// admin
-	mux.HandleFunc("POST /admin/account/discord-link", handleAdminDiscordLink)
+	mux.HandleFunc("POST /admin/account/discordLink", handleAdminDiscordLink)
+	mux.HandleFunc("POST /admin/account/discordUnlink", handleAdminDiscordUnlink)
+	mux.HandleFunc("POST /admin/account/googleLink", handleAdminGoogleLink)
+	mux.HandleFunc("POST /admin/account/googleUnlink", handleAdminGoogleUnlink)
+	mux.HandleFunc("GET /admin/account/adminSearch", handleAdminSearch)
 
 	return nil
 }

diff --git a/api/endpoints.go b/api/endpoints.go
@@ -693,13 +693,257 @@ func handleAdminDiscordLink(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	err = db.AddDiscordIdByUsername(r.Form.Get("discordId"), r.Form.Get("username"))
+	username := r.Form.Get("username")
+	discordId := r.Form.Get("discordId")
+
+	// this does a quick call to make sure the username exists on the server before allowing the rest of the code to run
+	// this calls error value 404 (StatusNotFound) if there's no data; this means the username does not exist in the server
+	_, err = db.CheckUsernameExists(username)
+	if err != nil {
+		httpError(w, r, fmt.Errorf("username does not exist on the server"), http.StatusNotFound)
+		return
+	}
+
+	userUuid, err := db.FetchUUIDFromUsername(username)
+	if err != nil {
+		httpError(w, r, err, http.StatusInternalServerError)
+		return
+	}
+
+	err = db.AddDiscordIdByUUID(discordId, userUuid)
 	if err != nil {
 		httpError(w, r, err, http.StatusInternalServerError)
 		return
 	}
 
-	log.Printf("%s: %s added discord id %s to username %s", r.URL.Path, userDiscordId, r.Form.Get("discordId"), r.Form.Get("username"))
+	log.Printf("%s: %s added discord id %s to username %s", r.URL.Path, userDiscordId, discordId, username)
+
+	w.WriteHeader(http.StatusOK)
+}
+
+func handleAdminDiscordUnlink(w http.ResponseWriter, r *http.Request) {
+	err := r.ParseForm()
+	if err != nil {
+		httpError(w, r, fmt.Errorf("failed to parse request form: %s", err), http.StatusBadRequest)
+		return
+	}
+
+	uuid, err := uuidFromRequest(r)
+	if err != nil {
+		httpError(w, r, err, http.StatusUnauthorized)
+		return
+	}
+
+	userDiscordId, err := db.FetchDiscordIdByUUID(uuid)
+	if err != nil {
+		httpError(w, r, err, http.StatusUnauthorized)
+		return
+	}
+
+	hasRole, err := account.IsUserDiscordAdmin(userDiscordId, account.DiscordGuildID)
+	if !hasRole || err != nil {
+		httpError(w, r, fmt.Errorf("user does not have the required role"), http.StatusForbidden)
+		return
+	}
+
+	username := r.Form.Get("username")
+	discordId := r.Form.Get("discordId")
+
+	switch {
+		case username != "":
+			log.Printf("Username given, removing discordId")
+			// this does a quick call to make sure the username exists on the server before allowing the rest of the code to run
+			// this calls error value 404 (StatusNotFound) if there's no data; this means the username does not exist in the server
+			_, err = db.CheckUsernameExists(username)
+			if err != nil {
+				httpError(w, r, fmt.Errorf("username does not exist on the server"), http.StatusNotFound)
+				return
+			}
+
+			userUuid, err := db.FetchUUIDFromUsername(username)
+			if err != nil {
+				httpError(w, r, err, http.StatusInternalServerError)
+				return
+			}
+
+			err = db.RemoveDiscordIdByUUID(userUuid)
+			if err != nil {
+				httpError(w, r, err, http.StatusInternalServerError)
+				return
+			}
+		case discordId != "":
+			log.Printf("DiscordID given, removing discordId")
+			err = db.RemoveDiscordIdByDiscordId(discordId)
+			if err != nil {
+				httpError(w, r, err, http.StatusInternalServerError)
+				return
+			}
+	}
+
+	log.Printf("%s: %s removed discord id %s from username %s", userDiscordId, r.URL.Path, r.Form.Get("discordId"), r.Form.Get("username"))
 
 	w.WriteHeader(http.StatusOK)
 }
+
+func handleAdminGoogleLink(w http.ResponseWriter, r *http.Request) {
+	err := r.ParseForm()
+	if err != nil {
+		httpError(w, r, fmt.Errorf("failed to parse request form: %s", err), http.StatusBadRequest)
+		return
+	}
+
+	uuid, err := uuidFromRequest(r)
+	if err != nil {
+		httpError(w, r, err, http.StatusUnauthorized)
+		return
+	}
+
+	userDiscordId, err := db.FetchDiscordIdByUUID(uuid)
+	if err != nil {
+		httpError(w, r, err, http.StatusUnauthorized)
+		return
+	}
+
+	hasRole, err := account.IsUserDiscordAdmin(userDiscordId, account.DiscordGuildID)
+	if !hasRole || err != nil {
+		httpError(w, r, fmt.Errorf("user does not have the required role"), http.StatusForbidden)
+		return
+	}
+
+	username := r.Form.Get("username")
+	googleId := r.Form.Get("googleId")
+
+	// this does a quick call to make sure the username exists on the server before allowing the rest of the code to run
+	// this calls error value 404 (StatusNotFound) if there's no data; this means the username does not exist in the server
+	_, err = db.CheckUsernameExists(username)
+	if err != nil {
+		httpError(w, r, fmt.Errorf("username does not exist on the server"), http.StatusNotFound)
+		return
+	}
+
+	userUuid, err := db.FetchUUIDFromUsername(username)
+	if err != nil {
+		httpError(w, r, err, http.StatusInternalServerError)
+		return
+	}
+
+	err = db.AddGoogleIdByUUID(googleId, userUuid)
+	if err != nil {
+		httpError(w, r, err, http.StatusInternalServerError)
+		return
+	}
+
+	log.Printf("%s: %s added google id %s to username %s", r.URL.Path, userDiscordId, googleId, username)
+
+	w.WriteHeader(http.StatusOK)
+}
+
+func handleAdminGoogleUnlink(w http.ResponseWriter, r *http.Request) {
+	err := r.ParseForm()
+	if err != nil {
+		httpError(w, r, fmt.Errorf("failed to parse request form: %s", err), http.StatusBadRequest)
+		return
+	}
+
+	uuid, err := uuidFromRequest(r)
+	if err != nil {
+		httpError(w, r, err, http.StatusUnauthorized)
+		return
+	}
+
+	userDiscordId, err := db.FetchDiscordIdByUUID(uuid)
+	if err != nil {
+		httpError(w, r, err, http.StatusUnauthorized)
+		return
+	}
+
+	hasRole, err := account.IsUserDiscordAdmin(userDiscordId, account.DiscordGuildID)
+	if !hasRole || err != nil {
+		httpError(w, r, fmt.Errorf("user does not have the required role"), http.StatusForbidden)
+		return
+	}
+
+	username := r.Form.Get("username")
+	googleId := r.Form.Get("googleId")
+
+	switch {
+		case username != "":
+			log.Printf("Username given, removing googleId")
+			// this does a quick call to make sure the username exists on the server before allowing the rest of the code to run
+			// this calls error value 404 (StatusNotFound) if there's no data; this means the username does not exist in the server
+			_, err = db.CheckUsernameExists(username)
+			if err != nil {
+				httpError(w, r, fmt.Errorf("username does not exist on the server"), http.StatusNotFound)
+				return
+			}
+
+			userUuid, err := db.FetchUUIDFromUsername(username)
+			if err != nil {
+				httpError(w, r, err, http.StatusInternalServerError)
+				return
+			}
+
+			err = db.RemoveGoogleIdByUUID(userUuid)
+			if err != nil {
+				httpError(w, r, err, http.StatusInternalServerError)
+				return
+			}
+		case googleId != "":
+			log.Printf("DiscordID given, removing googleId")
+			err = db.RemoveGoogleIdByDiscordId(googleId)
+			if err != nil {
+				httpError(w, r, err, http.StatusInternalServerError)
+				return
+			}
+	}
+
+	log.Printf("%s: %s removed google id %s from username %s", userDiscordId, r.URL.Path, r.Form.Get("googleId"), r.Form.Get("username"))
+
+	w.WriteHeader(http.StatusOK)
+}
+
+func handleAdminSearch(w http.ResponseWriter, r *http.Request) {
+	err := r.ParseForm()
+	if err != nil {
+		httpError(w, r, fmt.Errorf("failed to parse request form: %s", err), http.StatusBadRequest)
+		return
+	}
+
+	uuid, err := uuidFromRequest(r)
+	if err != nil {
+		httpError(w, r, err, http.StatusUnauthorized)
+		return
+	}
+
+	userDiscordId, err := db.FetchDiscordIdByUUID(uuid)
+	if err != nil {
+		httpError(w, r, err, http.StatusUnauthorized)
+		return
+	}
+
+	hasRole, err := account.IsUserDiscordAdmin(userDiscordId, account.DiscordGuildID)
+	if !hasRole || err != nil {
+		httpError(w, r, fmt.Errorf("user does not have the required role"), http.StatusForbidden)
+		return
+	}
+
+	username := r.Form.Get("username")
+
+	// this does a quick call to make sure the username exists on the server before allowing the rest of the code to run
+	// this calls error value 404 (StatusNotFound) if there's no data; this means the username does not exist in the server
+	_, err = db.CheckUsernameExists(username)
+	if err != nil {
+		httpError(w, r, fmt.Errorf("username does not exist on the server"), http.StatusNotFound)
+		return
+	}
+
+	// this does a single call that does a query for multiple columns from our database and makes an object out of it, which is returned to us
+	adminSearchResult, err := db.FetchAdminDetailsByUsername(username)
+	if err != nil {
+		httpError(w, r, err, http.StatusInternalServerError)
+		return
+	}
+
+	writeJSON(w, r, adminSearchResult)
+	log.Printf("%s: %s searched for username %s", userDiscordId, r.URL.Path, username)
+}
diff --git a/beta.env b/beta.env
@@ -0,0 +1,13 @@
+VITE_BYPASS_LOGIN=0
+VITE_BYPASS_TUTORIAL=0
+VITE_SERVER_URL=http://{serverIP}:8001
+VITE_DISCORD_CLIENT_ID=1248062921129459756
+VITE_GOOGLE_CLIENT_ID=955345393540-2k6lfftf0fdnb0krqmpthjnqavfvvf73.apps.googleusercontent.com
+VITE_I18N_DEBUG=1
+debug=true
+dbaddr=db
+dbuser=pokerogue
+dbpass=pokerogue
+dbname=pokeroguedb 
+gameurl=http://{devMachineIP}:8000 
+callbackurl=http://{serverIP}:8001
-Original file line number
+Diff line change
@@ Expand Up / @@ -14,3 +14,5 @@ secret.key @@
     *.ipr
     *.iws
     .vscode/launch.json
+    /.vs