diff --git a/app/start.go b/app/start.go index 379e9ba..c8e43fe 100644 --- a/app/start.go +++ b/app/start.go @@ -47,6 +47,7 @@ func Start(conf common.Conf, dbO *sql.DB) *gin.Engine { gv1.GET("/beatmaps", Method(v1.BeatmapGET, common.PrivilegeRead)) gv1.GET("/leaderboard", Method(v1.LeaderboardGET, common.PrivilegeRead)) gv1.GET("/tokens", Method(v1.TokenGET, common.PrivilegeRead)) + gv1.GET("/tokens/self", Method(v1.TokenSelfGET, common.PrivilegeRead)) // ReadConfidential privilege required gv1.GET("/friends", Method(v1.FriendsGET, common.PrivilegeReadConfidential)) diff --git a/app/tokens.go b/app/tokens.go index 775239e..834075a 100644 --- a/app/tokens.go +++ b/app/tokens.go @@ -10,10 +10,15 @@ import ( // GetTokenFull retrieves an user ID and their token privileges knowing their API token. func GetTokenFull(token string, db *sql.DB) (common.Token, bool) { - var uid int - var privs int + var t common.Token + var privs uint64 var priv8 bool - err := db.QueryRow("SELECT user, privileges, private FROM tokens WHERE token = ? LIMIT 1", fmt.Sprintf("%x", md5.Sum([]byte(token)))).Scan(&uid, &privs, &priv8) + err := db.QueryRow("SELECT id, user, privileges, private FROM tokens WHERE token = ? LIMIT 1", + fmt.Sprintf("%x", md5.Sum([]byte(token)))). + Scan( + &t.ID, &t.UserID, &privs, &priv8, + ) + t.Privileges = common.Privileges(privs) if priv8 { privs = common.PrivilegeRead | common.PrivilegeReadConfidential | common.PrivilegeWrite } @@ -23,10 +28,7 @@ func GetTokenFull(token string, db *sql.DB) (common.Token, bool) { case err != nil: panic(err) default: - return common.Token{ - Value: token, - UserID: uid, - Privileges: common.Privileges(privs), - }, true + t.Value = token + return t, true } } diff --git a/app/v1/token.go b/app/v1/token.go index f1e6db8..dedf304 100644 --- a/app/v1/token.go +++ b/app/v1/token.go @@ -169,6 +169,26 @@ func TokenGET(md common.MethodData) common.CodeMessager { return r } +type tokenSingleResponse struct { + common.ResponseBase + token +} + +// TokenSelfGET retrieves information about the token the user is connecting with. +func TokenSelfGET(md common.MethodData) common.CodeMessager { + var r tokenSingleResponse + // md.User.ID = token id, userid would have been md.User.UserID. what a clusterfuck + err := md.DB.QueryRow("SELECT id, privileges, description FROM tokens WHERE id = ?", md.User.ID).Scan( + &r.ID, &r.Privileges, &r.Description, + ) + if err != nil { + md.Err(err) + return Err500 + } + r.Code = 200 + return r +} + // TokenFixPrivilegesGET fixes the privileges on the token of the given user, // or of all the users if no user is given. func TokenFixPrivilegesGET(md common.MethodData) common.CodeMessager { diff --git a/common/token.go b/common/token.go index 99a9af0..e4cb994 100644 --- a/common/token.go +++ b/common/token.go @@ -2,6 +2,7 @@ package common // Token Is an API token. type Token struct { + ID int Value string UserID int Privileges Privileges