From 9cd65bb20c5921b9ed21029995f172c7c24b0555 Mon Sep 17 00:00:00 2001 From: Jan Eitzinger Date: Tue, 20 Jun 2023 07:55:57 +0200 Subject: [PATCH 1/2] Add hook for frontend build --- .goreleaser.yaml | 8 ++++++-- Makefile | 6 +++++- 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/.goreleaser.yaml b/.goreleaser.yaml index 8400874..eaf9881 100644 --- a/.goreleaser.yaml +++ b/.goreleaser.yaml @@ -4,7 +4,7 @@ before: - go mod tidy builds: - env: - - CGO_ENABLED=0 + - CGO_ENABLED=1 goos: - linux - darwin @@ -12,7 +12,6 @@ builds: - amd64 - arm64 goamd64: - - v2 - v3 goarm: - "7" @@ -20,6 +19,11 @@ builds: main: ./cmd/cc-backend tags: - static_build + hooks: + pre: make frontend + ignore: + - goos: linux + goarch: arm64 archives: - format: tar.gz diff --git a/Makefile b/Makefile index 032559b..455ce3c 100644 --- a/Makefile +++ b/Makefile @@ -28,7 +28,7 @@ SVELTE_SRC = $(wildcard $(FRONTEND)/src/*.svelte) \ $(wildcard $(FRONTEND)/src/plots/*.svelte) \ $(wildcard $(FRONTEND)/src/joblist/*.svelte) -.PHONY: clean test tags $(TARGET) +.PHONY: clean test tags frontend $(TARGET) .NOTPARALLEL: @@ -36,6 +36,10 @@ $(TARGET): $(VAR) $(CFG) $(SVELTE_TARGETS) $(info ===> BUILD cc-backend) @go build -ldflags=${LD_FLAGS} ./cmd/cc-backend +frontend: + $(info ===> BUILD frontend) + cd web/frontend && npm install && npm run build + clean: $(info ===> CLEAN) @go clean From c973a2973456ce352c6857ddd4602c252cd25877 Mon Sep 17 00:00:00 2001 From: Jan Eitzinger Date: Tue, 20 Jun 2023 12:54:26 +0200 Subject: [PATCH 2/2] Restore api role access in SecurityCheck --- internal/api/rest.go | 1 + internal/repository/query.go | 10 ++++------ 2 files changed, 5 insertions(+), 6 deletions(-) diff --git a/internal/api/rest.go b/internal/api/rest.go index b66a561..da37a25 100644 --- a/internal/api/rest.go +++ b/internal/api/rest.go @@ -192,6 +192,7 @@ func decode(r io.Reader, val interface{}) error { // @security ApiKeyAuth // @router /jobs/ [get] func (api *RestApi) getJobs(rw http.ResponseWriter, r *http.Request) { + if user := auth.GetUser(r.Context()); user != nil && !user.HasRole(auth.RoleApi) { handleError(fmt.Errorf("missing role: %v", auth.GetRoleString(auth.RoleApi)), http.StatusForbidden, rw) return diff --git a/internal/repository/query.go b/internal/repository/query.go index 32ecea0..ba1d1d7 100644 --- a/internal/repository/query.go +++ b/internal/repository/query.go @@ -81,8 +81,7 @@ func (r *JobRepository) testQueryJobs( page *model.PageRequest, order *model.OrderByInput) ([]*schema.Job, error) { - return r.queryJobs(sq.Select(jobColumns...).From("job"), - filters, page, order) + return r.queryJobs(sq.Select(jobColumns...).From("job"), filters, page, order) } // Public function with added securityCheck, calls private queryJobs function above @@ -98,8 +97,7 @@ func (r *JobRepository) QueryJobs( return nil, qerr } - return r.queryJobs(query, - filters, page, order) + return r.queryJobs(query, filters, page, order) } // SecurityCheck-less, private: returns a list of minimal job information (DB-ID and jobId) of shared jobs for link-building based the provided filters. @@ -202,12 +200,12 @@ func (r *JobRepository) CountJobs( return r.countJobs(query, filters) } -func SecurityCheck(ctx context.Context, query sq.SelectBuilder) (queryOut sq.SelectBuilder, err error) { +func SecurityCheck(ctx context.Context, query sq.SelectBuilder) (sq.SelectBuilder, error) { user := auth.GetUser(ctx) if user == nil { var qnil sq.SelectBuilder return qnil, fmt.Errorf("user context is nil!") - } else if user.HasAnyRole([]auth.Role{auth.RoleAdmin, auth.RoleSupport}) { // Admin & Co. : All jobs + } else if user.HasAnyRole([]auth.Role{auth.RoleAdmin, auth.RoleSupport, auth.RoleApi}) { // Admin & Co. : All jobs return query, nil } else if user.HasRole(auth.RoleManager) { // Manager : Add filter for managed projects' jobs only + personal jobs if len(user.Projects) != 0 {