Merge pull request #9 from chrisliu1995/main

Add request verification
CloudNativeGame · Jun 19, 2023 · bbbb75a · bbbb75a
2 parents c90dfa8 + c8b9f18
commit bbbb75a
Show file tree

Hide file tree

Showing 2 changed files with 46 additions and 21 deletions.
diff --git a/pkg/resources/resource_manager_test.go b/pkg/resources/resource_manager_test.go
@@ -16,11 +16,11 @@ import (
 )
 
 var (
-	scheme = runtime.NewScheme()
+	schemeTest = runtime.NewScheme()
 )
 
 func init() {
-	utilruntime.Must(gameKruiseV1alpha1.AddToScheme(scheme))
+	utilruntime.Must(gameKruiseV1alpha1.AddToScheme(schemeTest))
 }
 
 func TestResourceManager_checkResourceMeta(t *testing.T) {
@@ -202,7 +202,7 @@ func TestResourceManager_ListResources(t *testing.T) {
 		for _, gss := range test.gssList {
 			objs = append(objs, gss)
 		}
-		c := fake.NewClientBuilder().WithScheme(scheme).WithObjects(objs...).Build()
+		c := fake.NewClientBuilder().WithScheme(schemeTest).WithObjects(objs...).Build()
 		rm := &ResourceManager{Client: c}
 		actualResources, _ := rm.ListResources(test.namespaces, test.resourcesLabels)
 		var actualNum []int
@@ -276,7 +276,7 @@ func TestResourceManager_GetResource(t *testing.T) {
 
 	for caseNum, test := range tests {
 		objs := []client.Object{test.gs}
-		c := fake.NewClientBuilder().WithScheme(scheme).WithObjects(objs...).Build()
+		c := fake.NewClientBuilder().WithScheme(schemeTest).WithObjects(objs...).Build()
 		rm := &ResourceManager{Client: c}
 		_, err := rm.GetResource(test.meta)
 		if !reflect.DeepEqual(test.isError, err != nil) {
@@ -366,7 +366,7 @@ func TestResourceManager_CreateResource(t *testing.T) {
 
 	for caseNum, test := range tests {
 		objs := []client.Object{test.gssBefore}
-		c := fake.NewClientBuilder().WithScheme(scheme).WithObjects(objs...).Build()
+		c := fake.NewClientBuilder().WithScheme(schemeTest).WithObjects(objs...).Build()
 		rm := &ResourceManager{Client: c}
 		actualMeta, err := rm.CreateResource(test.meta)
 		if err != nil {
@@ -450,7 +450,7 @@ func TestResourceManager_PauseResource(t *testing.T) {
 
 	for caseNum, test := range tests {
 		objs := []client.Object{test.gssBefore}
-		c := fake.NewClientBuilder().WithScheme(scheme).WithObjects(objs...).Build()
+		c := fake.NewClientBuilder().WithScheme(schemeTest).WithObjects(objs...).Build()
 		rm := &ResourceManager{Client: c}
 		err := rm.PauseResource(test.meta)
 

diff --git a/pkg/routers/resource.go b/pkg/routers/resource.go
@@ -24,19 +24,42 @@ func RegisterResourceRouters(router *gin.Engine, logtoConfig *client.LogtoConfig
 	})
 
 	router.GET("/resource/:namespace/:name/:id", func(ctx *gin.Context) {
-		// userInfo, err := getUserInfoFromSession(logtoConfig, ctx)
-		// sub := userInfo.Sub
-
-		// TODO add verify
-
 		name := ctx.Param("name")
 		namespace := ctx.Param("namespace")
 		id := ctx.Param("id")
 
-		rm := &resources.ResourceMeta{
-			Name:      name,
-			Namespace: namespace,
-			ID:        id,
+		session := sessions.Default(ctx)
+		logtoClient := client.NewLogtoClient(
+			logtoConfig,
+			&mem.SessionStorage{Session: session},
+		)
+
+		userInfo, err := logtoClient.FetchUserInfo()
+		if err != nil {
+			ctx.Error(err)
+		}
+		cm := userInfo.CustomData
+		key := fmt.Sprintf("%s-%s", namespace, name)
+
+		value := cm[key]
+		if value == nil {
+			ctx.String(403, "have no privilege to get the instance with ID %d", id)
+			return
+		}
+
+		rm := &resources.ResourceMeta{}
+		valueBytes, err := interfaceToBytes(value)
+		if err != nil {
+			ctx.Error(err)
+		}
+		err = json.Unmarshal(valueBytes, rm)
+		if err != nil {
+			ctx.Error(err)
+		}
+
+		if id != rm.ID || name != rm.Name || namespace != rm.Namespace {
+			ctx.String(403, "have no privilege to get the instance with ID %d", id)
+			return
 		}
 
 		// add json wrapper
@@ -77,24 +100,26 @@ func RegisterResourceRouters(router *gin.Engine, logtoConfig *client.LogtoConfig
 			cm = make(map[string]interface{})
 		}
 
+		key := fmt.Sprintf("%s-%s", namespace, name)
+
+		// check if already installed
+		if cm[key] != nil {
+			ctx.String(400, "already installed")
+			return
+		}
+
 		rm := &resources.ResourceMeta{
 			Name:      name,
 			Namespace: namespace,
 		}
 
 		// add json wrapper
 		resourceManager := resources.NewResourceManager()
-		resource, err := resourceManager.GetResource(rm)
-		if err == nil {
-			ctx.JSON(200, resource)
-		}
-
 		meta, err := resourceManager.CreateResource(rm)
 		if err != nil {
 			ctx.Error(err)
 		}
 
-		key := fmt.Sprintf("%s-%s", namespace, name)
 		cm[key] = meta
 
 		err = user.UpdateUserMetaData(userInfo.Sub, cm)