diff --git a/Backend/endpoints/time.go b/Backend/endpoints/time.go index f2a4c43..ce65cde 100644 --- a/Backend/endpoints/time.go +++ b/Backend/endpoints/time.go @@ -62,7 +62,7 @@ func getBookings(w http.ResponseWriter, r *http.Request) { return } -// TODO add config for timeoffset + // TODO add config for timeoffset tsFrom, err := parseTimestamp(r, "time_from", time.Now().AddDate(0, -1, 0).Format("2006-01-02")) if(err != nil ){ log.Println("Error parsing 'from' time", err) @@ -85,8 +85,6 @@ func getBookings(w http.ResponseWriter, r *http.Request) { } ctx := context.WithValue(r.Context(), "user", user) templates.TimeDashboard(bookings).Render(ctx, w) - // w.Header().Set("Content-Type", "application/json") - // json.NewEncoder(w).Encode(bookings) } func updateBooking(w http.ResponseWriter, r *http.Request){ @@ -115,6 +113,47 @@ func updateBooking(w http.ResponseWriter, r *http.Request){ getBookings(w, r) } +func getBookingsAPI(w http.ResponseWriter, r *http.Request){ + _user_pn := r.URL.Query().Get("personal_nummer") + user_pn, err := strconv.Atoi(_user_pn) + if(err != nil){ + log.Println("No personal numver found!") + http.Error(w, "No personal number found", http.StatusBadRequest) + return + } + + user, err := (*models.User).GetByPersonalNummer(nil, user_pn) + if(err != nil){ + log.Println("No user found with the given personal number!") + http.Error(w, "No user found", http.StatusNotFound) + return + } + + // TODO add config for timeoffset + tsFrom, err := parseTimestamp(r, "time_from", time.Now().AddDate(0, -1, 0).Format("2006-01-02")) + if(err != nil ){ + log.Println("Error parsing 'from' time", err) + http.Error(w, "Timestamp 'from' cannot be parsed!", http.StatusBadRequest) + return + } + tsTo, err := parseTimestamp(r, "time_to", time.Now().Format("2006-01-02")) + if(err != nil ){ + log.Println("Error parsing 'to' time", err) + http.Error(w, "Timestamp 'to' cannot be parsed!", http.StatusBadRequest) + return + } + tsTo = tsTo.AddDate(0,0,1) // so that today is inside + + bookings, err := (*models.Booking).GetBookingsGrouped(nil, user.CardUID, tsFrom, tsTo) + if err != nil { + log.Println("Error getting bookings: ", err) + http.Error(w, "Internal Server Error", http.StatusInternalServerError) + return + } + w.Header().Set("Content-Type", "application/json") + json.NewEncoder(w).Encode(bookings) +} + // Updates a booking form the given json body func updateBookingAPI(w http.ResponseWriter, r *http.Request) { _booking_id := r.URL.Query().Get("counter_id") diff --git a/Backend/endpoints/time_create.go b/Backend/endpoints/time_create.go index a720547..c59b7f9 100644 --- a/Backend/endpoints/time_create.go +++ b/Backend/endpoints/time_create.go @@ -13,13 +13,12 @@ import ( // GET only for demo purpose func TimeCreateHandler(w http.ResponseWriter, r *http.Request) { helper.SetCors(w) - // switch with request methods switch r.Method { - case "PUT": + case http.MethodPut: createBooking(w, r) - case "GET": + case http.MethodGet: createBooking(w, r) - case "OPTIONS": + case http.MethodOptions: // just support options header for non GET Requests from SWAGGER w.WriteHeader(http.StatusOK) default: @@ -27,11 +26,14 @@ func TimeCreateHandler(w http.ResponseWriter, r *http.Request) { } } - - // Creates a booking from the http query params -> no body needed // after that entry wi'll be written to database and the booking is returned as json func createBooking(w http.ResponseWriter, r *http.Request) { + if(!checkPassword(r)){ + log.Println("Wrong or no API key provided!") + http.Error(w, "Wrong or no API key provided", http.StatusUnauthorized) + return + } booking := (*models.Booking).FromUrlParams(nil, r.URL.Query()) if booking.Verify() { @@ -51,3 +53,10 @@ func createBooking(w http.ResponseWriter, r *http.Request) { } w.WriteHeader(http.StatusBadRequest) } + +func checkPassword(r *http.Request) bool { + authToken := helper.GetEnv("apiToken", "dont_access") + authHeaders := r.Header.Get("Authorization") + _authStart := len("Bearer ") + return authToken == authHeaders[_authStart:] +}