Revert "submissions: refactor auth to only make requests when needed"

This reverts commit 8bf2c92df3f65a6bd7afa14420651c919f3dbfeb.
2024-12-28 22:08:28 -08:00 · 2024-12-28 22:08:28 -08:00 · be75903226
commit be75903226
parent c04ba33f9c
4 changed files with 67 additions and 134 deletions
--- a/pkg/service/script_policy.go
+++ b/pkg/service/script_policy.go
@ -19,11 +19,7 @@ func (svc *Service) CreateScriptPolicy(ctx context.Context, req *api.ScriptPolic
 		return nil, ErrUserInfo
 	}

-	has_role, err := userInfo.HasRoleScriptWrite()
-	if err != nil {
-		return nil, err
-	}
-	if !has_role {
+	if !userInfo.Roles.ScriptWrite {
 		return nil, ErrPermissionDenied
 	}

@ -104,11 +100,7 @@ func (svc *Service) DeleteScriptPolicy(ctx context.Context, params api.DeleteScr
 		return ErrUserInfo
 	}

-	has_role, err := userInfo.HasRoleScriptWrite()
-	if err != nil {
-		return err
-	}
-	if !has_role {
+	if !userInfo.Roles.ScriptWrite {
 		return ErrPermissionDenied
 	}

@ -152,11 +144,7 @@ func (svc *Service) UpdateScriptPolicy(ctx context.Context, req *api.ScriptPolic
 		return ErrUserInfo
 	}

-	has_role, err := userInfo.HasRoleScriptWrite()
-	if err != nil {
-		return err
-	}
-	if !has_role {
+	if !userInfo.Roles.ScriptWrite {
 		return ErrPermissionDenied
 	}

--- a/pkg/service/scripts.go
+++ b/pkg/service/scripts.go
@ -19,11 +19,7 @@ func (svc *Service) CreateScript(ctx context.Context, req *api.ScriptCreate) (*a
 		return nil, ErrUserInfo
 	}

-	has_role, err := userInfo.HasRoleScriptWrite()
-	if err != nil {
-		return nil, err
-	}
-	if !has_role {
+	if !userInfo.Roles.ScriptWrite {
 		return nil, ErrPermissionDenied
 	}

@ -100,11 +96,7 @@ func (svc *Service) DeleteScript(ctx context.Context, params api.DeleteScriptPar
 		return ErrUserInfo
 	}

-	has_role, err := userInfo.HasRoleScriptWrite()
-	if err != nil {
-		return err
-	}
-	if !has_role {
+	if !userInfo.Roles.ScriptWrite {
 		return ErrPermissionDenied
 	}

@ -149,11 +141,7 @@ func (svc *Service) UpdateScript(ctx context.Context, req *api.ScriptUpdate, par
 		return ErrUserInfo
 	}

-	has_role, err := userInfo.HasRoleScriptWrite()
-	if err != nil {
-		return err
-	}
-	if !has_role {
+	if !userInfo.Roles.ScriptWrite {
 		return ErrPermissionDenied
 	}

--- a/pkg/service/security.go
+++ b/pkg/service/security.go
@ -14,71 +14,34 @@ var (
 	ErrInvalidSession = errors.New("Session invalid")
 )

-type Role int32
 var (
 	// has ScriptWrite
-	RoleQuat Role = 255
+	RoleQuat int32 = 255
 	// has SubmissionPublish
-	RoleMapAdmin Role = 128
+	RoleMapAdmin int32 = 128
 	// has SubmissionReview
-	RoleMapCouncil Role = 64
+	RoleMapCouncil int32 = 64
 )

+type Roles struct {
+	// human roles
+	SubmissionRelease bool
+	SubmissionReview  bool
+	ScriptWrite       bool
+	// Thumbnail bool
+	// MapDownload
+
+	// automated roles
+	Maptest   bool
+}
+
 type UserInfo struct {
-	// Would love to know a better way to do this
-	svc       *SecurityHandler
-	ctx       *context.Context
-	sessionId string
+	Roles  Roles
+	UserID uint64
 }

-func (usr UserInfo) GetUserID() (uint64, error) {
-	session, err := usr.svc.Client.GetSessionUser(*usr.ctx, &auth.IdMessage{
-		SessionID: usr.sessionId,
-	})
-	if err != nil {
-		return 0, err
-	}
-	return session.UserID, nil
-}
-func (usr UserInfo) IsSubmitter(submitter uint64) (bool, error) {
-	userId, err := usr.GetUserID()
-	if err != nil {
-		return false, err
-	}
-	return userId == submitter, nil
-}
-func (usr UserInfo) hasRole(role Role) (bool, error) {
-	roles, err := usr.svc.Client.GetGroupRole(*usr.ctx, &auth.IdMessage{
-		SessionID: usr.sessionId,
-	})
-	if err != nil {
-		return false, err
-	}
-
-	for _, r := range roles.Roles {
-		if int32(role) <= r.Rank {
-			return true, nil
-		}
-	}
-	return false, nil
-}
-
-
-// RoleThumbnail
-// RoleMapDownload
-func (usr UserInfo) HasRoleSubmissionRelease() (bool, error) {
-	return usr.hasRole(RoleMapAdmin)
-}
-func (usr UserInfo) HasRoleSubmissionReview() (bool, error) {
-	return usr.hasRole(RoleMapCouncil)
-}
-func (usr UserInfo) HasRoleScriptWrite() (bool, error) {
-	return usr.hasRole(RoleQuat)
-}
-/// Not implemented
-func (usr UserInfo) HasRoleMaptest() (bool, error) {
-	println("HasRoleMaptest is not implemented!")
-	return false, nil
+func (usr UserInfo) IsSubmitter(submitter uint64) bool {
+	return usr.UserID == submitter
 }

 type SecurityHandler struct {
@ -91,6 +54,20 @@ func (svc SecurityHandler) HandleCookieAuth(ctx context.Context, operationName a
 		return nil, ErrMissingSessionID
 	}

+	session, err := svc.Client.GetSessionUser(ctx, &auth.IdMessage{
+		SessionID: sessionId,
+	})
+	if err != nil {
+		return nil, err
+	}
+
+	role, err := svc.Client.GetGroupRole(ctx, &auth.IdMessage{
+		SessionID: sessionId,
+	})
+	if err != nil {
+		return nil, err
+	}
+
 	validate, err := svc.Client.ValidateSession(ctx, &auth.IdMessage{
 		SessionID: sessionId,
 	})
@ -101,10 +78,24 @@ func (svc SecurityHandler) HandleCookieAuth(ctx context.Context, operationName a
 		return nil, ErrInvalidSession
 	}

+	roles := Roles{}
+
+	// fix this when roblox udpates group roles
+	for _, r := range role.Roles {
+		if RoleQuat <= r.Rank {
+			roles.ScriptWrite = true
+		}
+		if RoleMapAdmin <= r.Rank {
+			roles.SubmissionRelease = true
+		}
+		if RoleMapCouncil <= r.Rank {
+			roles.SubmissionReview = true
+		}
+	}
+
 	newCtx := context.WithValue(ctx, "UserInfo", UserInfo{
-		svc:       &svc,
-		ctx:       &ctx,
-		sessionId: sessionId,
+		Roles:  roles,
+		UserID: session.UserID,
 	})

 	return newCtx, nil
--- a/pkg/service/submissions.go
+++ b/pkg/service/submissions.go
@ -42,10 +42,7 @@ func (svc *Service) CreateSubmission(ctx context.Context, request *api.Submissio
 		return nil, ErrUserInfo
 	}

-	userId, err := userInfo.GetUserID()
-	if err != nil {
-		return nil, err
-	}
+	userId := userInfo.UserID

 	// Check if user's submissions in the creation phase exceeds the limit
 	{
@ -204,18 +201,15 @@ func (svc *Service) SetSubmissionCompleted(ctx context.Context, params api.SetSu
 		return ErrUserInfo
 	}

-	has_role, err := userInfo.HasRoleMaptest()
-	if err != nil {
-		return err
-	}
 	// check if caller has MaptestGame role (request must originate from a maptest roblox game)
-	if !has_role {
+	if !userInfo.Roles.Maptest {
 		return ErrPermissionDenied
 	}

 	pmap := datastore.Optional()
 	pmap.Add("completed", true)
-	return svc.DB.Submissions().Update(ctx, params.SubmissionID, pmap)
+	err := svc.DB.Submissions().Update(ctx, params.SubmissionID, pmap)
+	return err
 }

 // UpdateSubmissionModel implements patchSubmissionModel operation.
@ -235,12 +229,8 @@ func (svc *Service) UpdateSubmissionModel(ctx context.Context, params api.Update
 		return err
 	}

-	has_role, err := userInfo.IsSubmitter(uint64(submission.Submitter))
-	if err != nil {
-		return err
-	}
 	// check if caller is the submitter
-	if !has_role {
+	if !userInfo.IsSubmitter(uint64(submission.Submitter)) {
 		return ErrPermissionDenied
 	}

@ -264,12 +254,8 @@ func (svc *Service) ActionSubmissionReject(ctx context.Context, params api.Actio
 		return ErrUserInfo
 	}

-	has_role, err := userInfo.HasRoleSubmissionReview()
-	if err != nil {
-		return err
-	}
 	// check if caller has required role
-	if !has_role {
+	if !userInfo.Roles.SubmissionReview {
 		return ErrPermissionDenied
 	}

@ -290,12 +276,8 @@ func (svc *Service) ActionSubmissionRequestChanges(ctx context.Context, params a
 		return ErrUserInfo
 	}

-	has_role, err := userInfo.HasRoleSubmissionReview()
-	if err != nil {
-		return err
-	}
 	// check if caller has required role
-	if !has_role {
+	if !userInfo.Roles.SubmissionReview {
 		return ErrPermissionDenied
 	}

@ -322,12 +304,8 @@ func (svc *Service) ActionSubmissionRevoke(ctx context.Context, params api.Actio
 		return err
 	}

-	has_role, err := userInfo.IsSubmitter(uint64(submission.Submitter))
-	if err != nil {
-		return err
-	}
 	// check if caller is the submitter
-	if !has_role {
+	if !userInfo.IsSubmitter(uint64(submission.Submitter)) {
 		return ErrPermissionDenied
 	}

@ -354,12 +332,8 @@ func (svc *Service) ActionSubmissionSubmit(ctx context.Context, params api.Actio
 		return err
 	}

-	has_role, err := userInfo.IsSubmitter(uint64(submission.Submitter))
-	if err != nil {
-		return err
-	}
 	// check if caller is the submitter
-	if !has_role {
+	if !userInfo.IsSubmitter(uint64(submission.Submitter)) {
 		return ErrPermissionDenied
 	}

@ -380,12 +354,8 @@ func (svc *Service) ActionSubmissionTriggerUpload(ctx context.Context, params ap
 		return ErrUserInfo
 	}

-	has_role, err := userInfo.HasRoleSubmissionRelease()
-	if err != nil {
-		return err
-	}
 	// check if caller has required role
-	if !has_role {
+	if !userInfo.Roles.SubmissionRelease {
 		return ErrPermissionDenied
 	}

@ -445,12 +415,8 @@ func (svc *Service) ActionSubmissionTriggerValidate(ctx context.Context, params
 		return ErrUserInfo
 	}

-	has_role, err := userInfo.HasRoleSubmissionReview()
-	if err != nil {
-		return err
-	}
 	// check if caller has required role
-	if !has_role {
+	if !userInfo.Roles.SubmissionReview {
 		return ErrPermissionDenied
 	}