From 0bf316dbf4fd326143bd4f50751e34a489668827 Mon Sep 17 00:00:00 2001
From: Christoph Kluge <christoph.kluge@fau.de>
Date: Mon, 12 Aug 2024 17:29:06 +0200
Subject: [PATCH] add jwt verification to stopJob nats handler

---
 internal/natsMessenger/natsMessenger.go | 20 +++++++++++++++-----
 1 file changed, 15 insertions(+), 5 deletions(-)

diff --git a/internal/natsMessenger/natsMessenger.go b/internal/natsMessenger/natsMessenger.go
index f38db21..c679d54 100644
--- a/internal/natsMessenger/natsMessenger.go
+++ b/internal/natsMessenger/natsMessenger.go
@@ -215,12 +215,22 @@ func (nm *NatsMessenger) startJobListener() (sub *nats.Subscription, err error)
 
 func (nm *NatsMessenger) stopJobListener() (sub *nats.Subscription, err error) {
 	return nm.Connection.Subscribe("stop-job", func(m *nats.Msg) {
-		var req StopJobNatsRequest
-		if err := json.Unmarshal(m.Data, &req); err != nil {
-			log.Error("Error while unmarshaling raw json nats message content: stopJob")
-		}
+		user, err := nm.verifyMessageJWT(m)
 
-		m.Respond(nm.stopJobHandler(req))
+		if err != nil {
+			log.Warnf("not authd: %s", err.Error())
+			m.Respond([]byte("not authd: " + err.Error()))
+		} else if user != nil && user.HasRole(schema.RoleApi) {
+			var req StopJobNatsRequest
+			if err := json.Unmarshal(m.Data, &req); err != nil {
+				log.Error("Error while unmarshaling raw json nats message content: stopJob")
+				m.Respond([]byte("Error while unmarshaling raw json nats message content: stopJob"))
+			}
+			m.Respond(nm.stopJobHandler(req))
+		} else {
+			log.Warnf("missing role for nats")
+			m.Respond([]byte("missing role for nats"))
+		}
 	})
 }