From 372fcc995efc80a52c71b163bdf5463b924e9a34 Mon Sep 17 00:00:00 2001 From: elraphty Date: Wed, 8 Jan 2025 10:35:45 +0100 Subject: [PATCH 1/3] feat: added public key check for bounty creation --- handlers/bounty.go | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/handlers/bounty.go b/handlers/bounty.go index 3f7f823f5..b8712bb85 100644 --- a/handlers/bounty.go +++ b/handlers/bounty.go @@ -202,6 +202,19 @@ func (h *bountyHandler) CreateOrEditBounty(w http.ResponseWriter, r *http.Reques ctx := r.Context() pubKeyFromAuth, _ := ctx.Value(auth.ContextKey).(string) + // return 401 if pubKeyFromAuth is empty + if pubKeyFromAuth == "" { + w.WriteHeader(http.StatusUnauthorized) + return + } + + // check if use exists + user := h.db.GetPersonByPubkey(pubKeyFromAuth) + if user.OwnerPubKey == "" { + w.WriteHeader(http.StatusUnauthorized) + return + } + bounty := db.NewBounty{} body, err := io.ReadAll(r.Body) r.Body.Close() From 7b873b5026d004f9a0a6fa8735724ebd91709d51 Mon Sep 17 00:00:00 2001 From: elraphty Date: Wed, 8 Jan 2025 10:52:22 +0100 Subject: [PATCH 2/3] added real user for bounty creation --- handlers/bounty_test.go | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/handlers/bounty_test.go b/handlers/bounty_test.go index aa728d079..e1fc7fa39 100644 --- a/handlers/bounty_test.go +++ b/handlers/bounty_test.go @@ -126,12 +126,15 @@ func TestCreateOrEditBounty(t *testing.T) { teardownSuite := SetupSuite(t) defer teardownSuite(t) + // create user + db.TestDB.CreateOrEditPerson(bountyOwner) + existingBounty := db.NewBounty{ Type: "coding", Title: "existing bounty", Description: "existing bounty description", WorkspaceUuid: "work-1", - OwnerID: "first-user", + OwnerID: bountyOwner.OwnerPubKey, Price: 2000, } @@ -143,7 +146,7 @@ func TestCreateOrEditBounty(t *testing.T) { Title: "new bounty", Description: "new bounty description", WorkspaceUuid: "work-1", - OwnerID: "test-key", + OwnerID: bountyOwner.OwnerPubKey, Price: 1500, } @@ -152,10 +155,11 @@ func TestCreateOrEditBounty(t *testing.T) { Title: "new bounty", Description: "failed bounty description", WorkspaceUuid: "work-1", + OwnerID: bountyOwner.OwnerPubKey, Price: 1500, } - ctx := context.WithValue(context.Background(), auth.ContextKey, "test-key") + ctx := context.WithValue(context.Background(), auth.ContextKey, bountyOwner.OwnerPubKey) mockClient := mocks.NewHttpClient(t) mockUserHasManageBountyRolesTrue := func(pubKeyFromAuth string, uuid string) bool { return true From 258b00e10d255aeb2d9bd450a4ea2234ca8ebd1f Mon Sep 17 00:00:00 2001 From: elraphty Date: Wed, 8 Jan 2025 11:06:42 +0100 Subject: [PATCH 3/3] fix: bounty test --- handlers/bounty_test.go | 1 - 1 file changed, 1 deletion(-) diff --git a/handlers/bounty_test.go b/handlers/bounty_test.go index e1fc7fa39..4f872a201 100644 --- a/handlers/bounty_test.go +++ b/handlers/bounty_test.go @@ -151,7 +151,6 @@ func TestCreateOrEditBounty(t *testing.T) { } failedBounty := db.NewBounty{ - Type: "coding", Title: "new bounty", Description: "failed bounty description", WorkspaceUuid: "work-1",