From f1f879354ae6e9022fddb97fab5e2becc58cfff3 Mon Sep 17 00:00:00 2001 From: Soumik Dutta Date: Sat, 13 Apr 2024 00:33:29 +0530 Subject: [PATCH] manually verify token in update student --- handler/student.go | 14 +++++++++++++- main.go | 2 +- 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/handler/student.go b/handler/student.go index e36d748..6a881e8 100644 --- a/handler/student.go +++ b/handler/student.go @@ -24,6 +24,7 @@ func GetStudentRoleObjectID() primitive.ObjectID { } func (h *Handler) HandlerUpdateStudentDetails(ctx *gin.Context) { + idToken := ctx.GetHeader("token") studentCollection := h.MongikClient.MongoClient.Database(constants.DB).Collection(constants.COLLECTION_STUDENT) var updatedStudent studentModel.Student @@ -32,7 +33,18 @@ func (h *Handler) HandlerUpdateStudentDetails(ctx *gin.Context) { return } - filter := bson.M{"_id": h.Session.Student.Id, "email": h.Session.Student.InstituteEmail} + if email, _, errVerify := controller.VerifyToken(h.MongikClient.CacheClient, idToken, h.JwkSet, true); errVerify != nil { + ctx.AbortWithStatusJSON(401, gin.H{"error": errVerify}) + return + } else { + if !util.CheckValidInstituteEmail(*email) { + ctx.AbortWithStatusJSON(401, gin.H{"error": "not a valid institute email"}) + return + } + updatedStudent.InstituteEmail = *email + } + + filter := bson.M{"_id": updatedStudent.RollNo, "email": updatedStudent.InstituteEmail} var currentStudent studentModel.Student if errFind := studentCollection.FindOne(ctx, filter).Decode(¤tStudent); errFind != nil { diff --git a/main.go b/main.go index 828f5ff..1806f98 100644 --- a/main.go +++ b/main.go @@ -48,7 +48,7 @@ func main() { } r.GET("/api/token/student/verify", handler.HandlerVerifyStudentIdToken) - r.PUT("/api/student/update", handler.GinVerifyStudent, handler.HandlerUpdateStudentDetails) + r.PUT("/api/student/update", handler.HandlerUpdateStudentDetails) r.POST("/api/student/register", handler.HandlerRegisterStudentDetails) r.GET("/api/token/invalidate_cache", handler.InvalidateCache)