Auth (subroutes), password.

api/auth.go

@@ -8,6 +8,7 @@ import (
 	"net/http"
 
 	"github.com/dgrijalva/jwt-go"
+	"github.com/gorilla/mux"
 )
 
 const (
@@ -21,6 +22,7 @@ var (
 	errWhileParsingCookie = errors.New("error while parsing cookie")
 	errTokenExpired       = errors.New("token expired")
 	errGenericError       = errors.New("generic error")
+	errAccessDenied       = errors.New("insufficient privileges")
 )
 
 func SetupCerts(p string) error {
@@ -102,6 +104,11 @@ func (h authHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 		writeJSON(w, Error{errGenericError})
 		return
 	}
+	if mux.Vars(r)["genus"] != token.Claims["genus"] {
+		w.WriteHeader(http.StatusInternalServerError)
+		writeJSON(w, Error{errAccessDenied})
+		return
+	}
 	hErr := h(w, r)
 	if hErr != nil {
 		w.WriteHeader(http.StatusInternalServerError)

api/handler.go

@@ -70,6 +70,8 @@ func Handler() *mux.Router {
 	m.Get(router.UpdateMeasurement).Handler(handler(serveUpdateMeasurement))
 	m.Get(router.DeleteMeasurement).Handler(handler(serveDeleteMeasurement))
 
+	m.Get(router.SubrouterListSpecies).Handler(authHandler(serveSubrouterSpeciesList))
+
 	return m
 }
 

api/species.go

@@ -90,3 +90,22 @@ func serveDeleteSpecies(w http.ResponseWriter, r *http.Request) error {
 
 	return writeJSON(w, &models.Species{})
 }
+
+func serveSubrouterSpeciesList(w http.ResponseWriter, r *http.Request) error {
+	var opt models.SpeciesListOptions
+	if err := schemaDecoder.Decode(&opt, r.URL.Query()); err != nil {
+		return err
+	}
+
+	opt.Genus = mux.Vars(r)["genus"]
+
+	species, err := store.Species.List(&opt)
+	if err != nil {
+		return err
+	}
+	if species == nil {
+		species = []*models.Species{}
+	}
+
+	return writeJSON(w, species)
+}

api/users.go

@@ -66,13 +66,14 @@ func serveAuthenticateUser(w http.ResponseWriter, r *http.Request) error {
 	username := r.FormValue("username")
 	password := r.FormValue("password")
 
-	auth_level, err := store.Users.Authenticate(username, password)
+	user_session, err := store.Users.Authenticate(username, password)
 	if err != nil {
 		return err
 	}
 
 	t := jwt.New(jwt.GetSigningMethod("RS256"))
-	t.Claims["AccessToken"] = auth_level
+	t.Claims["auth_level"] = user_session.AccessLevel
+	t.Claims["genus"] = user_session.Genus
 	t.Claims["exp"] = time.Now().Add(time.Minute * 1).Unix()
 	tokenString, err := t.SignedString(signKey)
 	if err != nil {
@@ -87,5 +88,5 @@ func serveAuthenticateUser(w http.ResponseWriter, r *http.Request) error {
 		RawExpires: "0",
 	})
 
-	return writeJSON(w, auth_level)
+	return writeJSON(w, user_session)
 }

api/users_test.go

@@ -101,14 +101,18 @@ func TestUser_Authenticate(t *testing.T) {
 	test_user := newUser()
 	test_user.Username = "test_user"
 
+	var user_session_want models.UserSession
+
 	calledAuthenticate := false
-	store.Users.(*models.MockUsersService).Authenticate_ = func(username string, password string) (*string, error) {
+	store.Users.(*models.MockUsersService).Authenticate_ = func(username string, password string) (*models.UserSession, error) {
 		calledAuthenticate = true
-		auth_level := "read"
-		return &auth_level, nil
+		user_session_want.AccessLevel = "read"
+		user_session_want.Genus = "hymenobacter"
+
+		return &user_session_want, nil
 	}
 
-	auth_level, err := apiClient.Users.Authenticate(test_user.Username, "password")
+	user_session, err := apiClient.Users.Authenticate(test_user.Username, "password")
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -116,7 +120,8 @@ func TestUser_Authenticate(t *testing.T) {
 	if !calledAuthenticate {
 		t.Error("!calledAuthenticate")
 	}
-	if *auth_level != "read" {
-		t.Errorf("got auth level %+v but wanted read", *auth_level)
+
+	if !normalizeDeepEqual(user_session, &user_session_want) {
+		t.Errorf("got session %+v but wanted session %+v", user_session, user_session_want)
 	}
 }