Move admin.go this is a storage task, updated routes to use proection
This commit is contained in:
@@ -9,19 +9,19 @@ import (
|
|||||||
)
|
)
|
||||||
|
|
||||||
func SetupAdminRoutes(mux *http.ServeMux, db *sql.DB) {
|
func SetupAdminRoutes(mux *http.ServeMux, db *sql.DB) {
|
||||||
mux.HandleFunc("/admin/access", middleware.AdminOnly(db, admin.AdminAccessLogHandler(db)))
|
mux.HandleFunc("/admin/access", middleware.Protected(admin.AdminAccessLogHandler(db)))
|
||||||
mux.HandleFunc("/admin/audit", middleware.AdminOnly(db, admin.AuditLogHandler(db)))
|
mux.HandleFunc("/admin/audit", middleware.Protected(admin.AuditLogHandler(db)))
|
||||||
mux.HandleFunc("/admin/dashboard", middleware.AdminOnly(db, admin.AdminDashboardHandler(db)))
|
mux.HandleFunc("/admin/dashboard", middleware.Protected(admin.AdminDashboardHandler(db)))
|
||||||
mux.HandleFunc("/admin/triggers", middleware.AdminOnly(db, admin.AdminTriggersHandler(db)))
|
mux.HandleFunc("/admin/triggers", middleware.Protected(admin.AdminTriggersHandler(db)))
|
||||||
|
|
||||||
// Draw management
|
// Draw management
|
||||||
mux.HandleFunc("/admin/draws", middleware.AdminOnly(db, admin.ListDrawsHandler(db)))
|
mux.HandleFunc("/admin/draws", middleware.Protected(admin.ListDrawsHandler(db)))
|
||||||
// mux.HandleFunc("/admin/draws/new", middleware.AdminOnly(db, admin.RenderNewDrawForm(db)))
|
// mux.HandleFunc("/admin/draws/new", middleware.AdminOnly(db, admin.RenderNewDrawForm(db)))
|
||||||
// mux.HandleFunc("/admin/draws/submit", middleware.AdminOnly(db, admin.CreateDrawHandler(db)))
|
// mux.HandleFunc("/admin/draws/submit", middleware.AdminOnly(db, admin.CreateDrawHandler(db)))
|
||||||
mux.HandleFunc("/admin/draws/modify", middleware.AdminOnly(db, admin.ModifyDrawHandler(db)))
|
mux.HandleFunc("/admin/draws/modify", middleware.Protected(admin.ModifyDrawHandler(db)))
|
||||||
mux.HandleFunc("/admin/draws/delete", middleware.AdminOnly(db, admin.DeleteDrawHandler(db)))
|
mux.HandleFunc("/admin/draws/delete", middleware.Protected(admin.DeleteDrawHandler(db)))
|
||||||
|
|
||||||
// Prize management
|
// Prize management
|
||||||
mux.HandleFunc("/admin/draws/prizes/add", middleware.AdminOnly(db, admin.AddPrizesHandler(db)))
|
mux.HandleFunc("/admin/draws/prizes/add", middleware.Protected(admin.AddPrizesHandler(db)))
|
||||||
mux.HandleFunc("/admin/draws/prizes/modify", middleware.AdminOnly(db, admin.ModifyPrizesHandler(db)))
|
mux.HandleFunc("/admin/draws/prizes/modify", middleware.Protected(admin.ModifyPrizesHandler(db)))
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -1,14 +1,16 @@
|
|||||||
package middleware
|
package storage
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"database/sql"
|
"database/sql"
|
||||||
"log"
|
"log"
|
||||||
"net/http"
|
"net/http"
|
||||||
|
|
||||||
"synlotto-website/helpers"
|
"synlotto-website/helpers"
|
||||||
|
"synlotto-website/middleware"
|
||||||
)
|
)
|
||||||
|
|
||||||
func AdminOnly(db *sql.DB, next http.HandlerFunc) http.HandlerFunc {
|
func AdminOnly(db *sql.DB, next http.HandlerFunc) http.HandlerFunc {
|
||||||
return Auth(true)(func(w http.ResponseWriter, r *http.Request) {
|
return middleware.Auth(true)(func(w http.ResponseWriter, r *http.Request) {
|
||||||
userID, ok := helpers.GetCurrentUserID(r)
|
userID, ok := helpers.GetCurrentUserID(r)
|
||||||
if !ok || !helpers.IsAdmin(db, userID) {
|
if !ok || !helpers.IsAdmin(db, userID) {
|
||||||
log.Printf("⛔️ Unauthorized admin attempt: user_id=%v, IP=%s, Path=%s", userID, r.RemoteAddr, r.URL.Path)
|
log.Printf("⛔️ Unauthorized admin attempt: user_id=%v, IP=%s, Path=%s", userID, r.RemoteAddr, r.URL.Path)
|
||||||
Reference in New Issue
Block a user