372 lines
56 KiB
Plaintext
372 lines
56 KiB
Plaintext
# Authorization Audit - 20251123-124317
|
|
== Role Checks ==
|
|
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:374:func requireRole(next http.HandlerFunc, allowedRoles ...string) http.HandlerFunc {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:377: userRoles, err := extractRoles(claims)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:379: http.Error(w, "No roles found", http.StatusForbidden)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:383: for _, userRole := range userRoles {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:384: for _, allowedRole := range allowedRoles {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:385: if userRole == allowedRole {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:392: http.Error(w, "Insufficient permissions", http.StatusForbidden)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:396:func extractRoles(claims jwt.MapClaims) ([]string, error) {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:397: rawRoles, ok := claims["roles"]
|
|
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:399: return nil, errors.New("roles missing")
|
|
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:402: switch v := rawRoles.(type) {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:406: roleStr, ok := r.(string)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:408: return nil, errors.New("role not string")
|
|
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:410: out = append(out, roleStr)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:416: return nil, errors.New("invalid roles type")
|
|
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:420:func hasRole(claims jwt.MapClaims, role string) bool {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:421: roles, err := extractRoles(claims)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:425: for _, r := range roles {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:426: // SUPERUSER has all permissions
|
|
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:430: if r == role {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:702: isAdmin := hasRole(claims, "ADMIN")
|
|
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:746: isAdmin := hasRole(claims, "ADMIN")
|
|
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:851: isAdmin := hasRole(claims, "ADMIN")
|
|
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:895: isAdmin := hasRole(claims, "ADMIN")
|
|
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:1179: requireRole(closeQuestionHandler, "ADMIN")(w, r)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:1214: requireRole(verifyAnswerHandler, "ADMIN")(w, r)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:353: http.HandleFunc("/admin/tokens", requireRole(handleAdminTokens, "ADMIN")) // GET, POST
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:354: http.HandleFunc("/admin/tokens/", requireRole(handleAdminTokenByID, "ADMIN")) // PUT, DELETE
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:355: http.HandleFunc("/admin/wallets", requireRole(handleAdminWallets, "ADMIN")) // GET, POST
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:356: http.HandleFunc("/admin/wallets/", requireRole(handleAdminWalletByID, "ADMIN")) // PUT, DELETE
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:489: w.Header().Set("Permissions-Policy", "geolocation=(), microphone=(), camera=()")
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:560: roles, err := extractRoles(claims)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:562: http.Error(w, "Invalid token roles", http.StatusUnauthorized)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:568: ctx = context.WithValue(ctx, "roles", roles)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:575:// requireRole middleware checks if user has required role
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:576:func requireRole(next http.HandlerFunc, allowedRoles ...string) http.HandlerFunc {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:578: userRoles, ok := r.Context().Value("roles").([]string)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:580: http.Error(w, "No roles found in token", http.StatusForbidden)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:584: // Check if user has any of the allowed roles
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:585: hasRole := false
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:586: for _, userRole := range userRoles {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:587: for _, allowedRole := range allowedRoles {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:588: if userRole == allowedRole {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:589: hasRole = true
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:593: if hasRole {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:598: if !hasRole {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:599: http.Error(w, "Insufficient permissions", http.StatusForbidden)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:607:func extractRoles(claims jwt.MapClaims) ([]string, error) {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:608: rawRoles, ok := claims["roles"]
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:610: return nil, errors.New("roles missing")
|
|
|
|
== Admin-Only Endpoints ==
|
|
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:702: isAdmin := hasRole(claims, "ADMIN")
|
|
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:746: isAdmin := hasRole(claims, "ADMIN")
|
|
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:851: isAdmin := hasRole(claims, "ADMIN")
|
|
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:895: isAdmin := hasRole(claims, "ADMIN")
|
|
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:976:// POST /answers/:id/verify - Verify answer (ADMIN only)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:1110:// POST /questions/:id/close - Close question (ADMIN only)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:1179: requireRole(closeQuestionHandler, "ADMIN")(w, r)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:1214: requireRole(verifyAnswerHandler, "ADMIN")(w, r)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:258:// TokenWhitelistRequest for admin token management.
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:329: // Invoice routes (protected - staff/admin can create, clients can view their own)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:352: // Admin token whitelist routes (admin only)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:353: http.HandleFunc("/admin/tokens", requireRole(handleAdminTokens, "ADMIN")) // GET, POST
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:354: http.HandleFunc("/admin/tokens/", requireRole(handleAdminTokenByID, "ADMIN")) // PUT, DELETE
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:355: http.HandleFunc("/admin/wallets", requireRole(handleAdminWallets, "ADMIN")) // GET, POST
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:356: http.HandleFunc("/admin/wallets/", requireRole(handleAdminWalletByID, "ADMIN")) // PUT, DELETE
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:359: http.HandleFunc("/donations/campaigns", handleDonationCampaigns) // GET (public), POST (admin)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:685: if !hasAnyRole(r.Context(), "STAFF", "ADMIN") {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:711: if !hasAnyRole(r.Context(), "STAFF", "ADMIN") {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:717: if !hasAnyRole(r.Context(), "STAFF", "ADMIN") {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:734: // Authorization: STAFF/ADMIN can see all or filtered, CLIENTs only see their own
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:735: if hasAnyRole(r.Context(), "STAFF", "ADMIN") {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:866: isStaffOrAdmin := hasAnyRole(r.Context(), "STAFF", "ADMIN")
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:968: if !hasAnyRole(r.Context(), "STAFF", "ADMIN") {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:1005: // Authorization: STAFF/ADMIN can see all payments, CLIENTs only see payments for their invoices
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:1006: if hasAnyRole(r.Context(), "STAFF", "ADMIN") {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:1161: if !hasAnyRole(r.Context(), "STAFF", "ADMIN") {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:1217: isStaffOrAdmin := hasAnyRole(r.Context(), "STAFF", "ADMIN")
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:1538: isStaffOrAdmin := hasAnyRole(r.Context(), "STAFF", "ADMIN")
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:1784: isStaffOrAdmin := hasAnyRole(r.Context(), "STAFF", "ADMIN")
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:1876: isStaffOrAdmin := hasAnyRole(r.Context(), "STAFF", "ADMIN")
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:1920:// ===== ADMIN TOKEN WHITELIST HANDLERS =====
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:2140:// ===== ADMIN WALLET HANDLERS =====
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:2393: // Require admin for creating campaigns
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:2401: if !hasAnyRole(r.Context(), "ADMIN") {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:2781: // Authorization: user must be donor or admin
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:2783: isAdmin := hasAnyRole(r.Context(), "ADMIN")
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:2930: isStaffOrAdmin := hasAnyRole(r.Context(), "STAFF", "ADMIN")
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:3076: isStaffOrAdmin := hasAnyRole(r.Context(), "STAFF", "ADMIN")
|
|
/home/administrator/projects/coppertone.tech/backend/functions/work-management-service/main.go:165: // Approval routes (STAFF/ADMIN only)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/work-management-service/main.go:166: http.HandleFunc("/projects/pending", requireRole(handlePendingProjects, "STAFF", "ADMIN"))
|
|
/home/administrator/projects/coppertone.tech/backend/functions/work-management-service/main.go:167: http.HandleFunc("/projects/approve/", requireRole(handleProjectApproval, "STAFF", "ADMIN"))
|
|
/home/administrator/projects/coppertone.tech/backend/functions/work-management-service/main.go:173: // Work order routes (protected - staff/admin only)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/work-management-service/main.go:174: http.HandleFunc("/workorders", requireRole(handleWorkOrders, "STAFF", "ADMIN"))
|
|
/home/administrator/projects/coppertone.tech/backend/functions/work-management-service/main.go:175: http.HandleFunc("/workorders/", requireRole(handleWorkOrderByID, "STAFF", "ADMIN"))
|
|
/home/administrator/projects/coppertone.tech/backend/functions/work-management-service/main.go:542: if !hasAnyRole(r.Context(), "STAFF", "ADMIN") {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/work-management-service/main.go:570: if !hasAnyRole(r.Context(), "STAFF", "ADMIN") {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/work-management-service/main.go:576: if !hasAnyRole(r.Context(), "STAFF", "ADMIN") {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/work-management-service/main.go:592: // Authorization: STAFF/ADMIN can see all approved projects, CLIENTs only see their own approved projects
|
|
/home/administrator/projects/coppertone.tech/backend/functions/work-management-service/main.go:593: if hasAnyRole(r.Context(), "STAFF", "ADMIN") {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/work-management-service/main.go:659: // STAFF/ADMIN creating projects are auto-approved
|
|
/home/administrator/projects/coppertone.tech/backend/functions/work-management-service/main.go:706: // Authorization: Check if user is owner (CLIENT), requester, or has elevated role (STAFF/ADMIN)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/work-management-service/main.go:709: isStaffOrAdmin := hasAnyRole(r.Context(), "STAFF", "ADMIN")
|
|
/home/administrator/projects/coppertone.tech/backend/functions/work-management-service/main.go:736: isStaffOrAdmin := hasAnyRole(r.Context(), "STAFF", "ADMIN")
|
|
/home/administrator/projects/coppertone.tech/backend/functions/work-management-service/main.go:785: // Authorization check - only STAFF/ADMIN can delete (protect clients from accidental deletion)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/work-management-service/main.go:786: if !hasAnyRole(r.Context(), "STAFF", "ADMIN") {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/work-management-service/main.go:787: http.Error(w, "Forbidden: only STAFF or ADMIN can delete projects", http.StatusForbidden)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/work-management-service/main.go:813: if !hasAnyRole(r.Context(), "STAFF", "ADMIN") {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/work-management-service/main.go:840: if !hasAnyRole(r.Context(), "STAFF", "ADMIN") {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/work-management-service/main.go:846: if !hasAnyRole(r.Context(), "STAFF", "ADMIN") {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/work-management-service/main.go:863: // Authorization: STAFF/ADMIN can see all tasks (optionally filtered), CLIENTs only see tasks for their projects
|
|
/home/administrator/projects/coppertone.tech/backend/functions/work-management-service/main.go:864: if hasAnyRole(r.Context(), "STAFF", "ADMIN") {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/work-management-service/main.go:1000: if !hasAnyRole(r.Context(), "STAFF", "ADMIN") {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/work-management-service/main.go:1030: // Note: Only STAFF/ADMIN can reach here due to handler check, but verify project access
|
|
/home/administrator/projects/coppertone.tech/backend/functions/work-management-service/main.go:1089: // Note: Only STAFF/ADMIN can reach here due to handler check, but verify project access
|
|
/home/administrator/projects/coppertone.tech/backend/functions/work-management-service/main.go:1415:// getProjectRequest returns a single project request (must be owned by user or STAFF/ADMIN)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/work-management-service/main.go:1439: // Authorization: Only requester or STAFF/ADMIN can view
|
|
/home/administrator/projects/coppertone.tech/backend/functions/work-management-service/main.go:1441: isStaffOrAdmin := hasAnyRole(r.Context(), "STAFF", "ADMIN")
|
|
/home/administrator/projects/coppertone.tech/backend/functions/work-management-service/main.go:1494:// ===== APPROVAL HANDLERS (STAFF/ADMIN only) =====
|
|
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:355: http.HandleFunc("/link-identity", authenticate(requireCSRF(requireRole(handleLinkIdentity, "CLIENT", "STAFF", "ADMIN"))))
|
|
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:356: http.HandleFunc("/unlink-identity", authenticate(requireCSRF(requireRole(handleUnlinkIdentity, "CLIENT", "STAFF", "ADMIN"))))
|
|
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:362: // Admin routes (ADMIN only) - Note: SUPERUSER has implicit access
|
|
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:363: http.HandleFunc("/admin/users", authenticate(requireRole(handleGetAllUsers, "ADMIN", "SUPERUSER"))) // GET doesn't need CSRF
|
|
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:364: http.HandleFunc("/admin/users/promote-role", authenticate(requireCSRF(requireRole(handlePromoteUserRole, "ADMIN", "SUPERUSER"))))
|
|
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:365: http.HandleFunc("/admin/users/demote-role", authenticate(requireCSRF(requireRole(handleDemoteUserRole, "ADMIN", "SUPERUSER"))))
|
|
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:612: // Staff/Admin roles can only be granted by existing ADMIN/SUPERUSER
|
|
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:736: // Staff/Admin roles can only be granted by existing ADMIN/SUPERUSER
|
|
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:1778:// ===== ADMIN ENDPOINTS =====
|
|
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:1792:// handleGetAllUsers returns all users (ADMIN/SUPERUSER only)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:1852:// handleDemoteUserRole allows ADMIN/SUPERUSER users to remove roles from other users
|
|
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:1853:// ADMIN can only demote CLIENT, STAFF, ADMIN roles (cannot touch SUPERUSER)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:1862: adminUserID := int(claims["userId"].(float64))
|
|
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:1877: validRoles := map[string]bool{"CLIENT": true, "STAFF": true, "ADMIN": true}
|
|
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:1879: http.Error(w, "Invalid role. Must be CLIENT, STAFF, or ADMIN", http.StatusBadRequest)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:1893: // If not superuser, verify target is not a superuser (ADMINs cannot touch SUPERUSERs)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:1900: http.Error(w, "Forbidden: ADMINs cannot modify SUPERUSER accounts", http.StatusForbidden)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:1905: // Prevent admin from demoting themselves from ADMIN role
|
|
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:1906: if req.UserID == adminUserID && req.Role == "ADMIN" && !isSuperuser {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:1907: http.Error(w, "Cannot remove your own ADMIN role", http.StatusForbidden)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:1967: adminUserID, req.Role, req.UserID, userName)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:1975:// handlePromoteUserRole allows ADMIN/SUPERUSER users to grant roles to other users
|
|
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:1976:// ADMIN can only promote to CLIENT, STAFF, ADMIN
|
|
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:1985: adminUserID := int(claims["userId"].(float64))
|
|
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:1995: validRoles := map[string]bool{"CLIENT": true, "STAFF": true, "ADMIN": true}
|
|
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:2001: http.Error(w, "Invalid role. Must be CLIENT, STAFF, or ADMIN", http.StatusBadRequest)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:2015: // If not superuser, verify target is not a superuser (ADMINs cannot touch SUPERUSERs)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:2022: http.Error(w, "Forbidden: ADMINs cannot modify SUPERUSER accounts", http.StatusForbidden)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:2069: adminUserID, req.Role, req.UserID, userName)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:103: StatusPendingReview = "PENDING_REVIEW" // Submitted for admin review
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:104: StatusApproved = "APPROVED" // Approved by admin, ready to publish
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:106: StatusRejected = "REJECTED" // Rejected by admin with feedback
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:110:// Blog type constants - SITE blogs are admin/staff content, USER blogs are community content
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:112: BlogTypeSite = "SITE" // Official site blogs (admin/staff authored)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:133: Verified bool `json:"verified"` // True if admin-verified content (for USER blogs/tutorials)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:293: // All existing blogs default to SITE type and verified (since they were created by staff/admin)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:572: // Only show SITE blogs (admin/staff official content) - USER blogs are in /community/blogs
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:645:// ============ STAFF/ADMIN ENDPOINTS ============
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:647:// GET /admin/blogs - List all SITE blogs with filters (STAFF sees own, ADMIN sees all)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:652: isAdmin := hasRole(claims, "ADMIN")
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:662: // STAFF can only see their own blogs unless they're ADMIN
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:706:// GET /admin/blogs/pending - List SITE blogs pending review (ADMIN only)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:739:// POST /admin/blogs - Create a new SITE blog (STAFF creates as DRAFT, ADMIN can create as any status)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:744: isAdmin := hasRole(claims, "ADMIN")
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:806: // STAFF always creates as DRAFT, ADMIN can create directly as PUBLISHED
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:842:// PUT /admin/blogs/:slug - Update a blog (author can update own DRAFT/REJECTED, ADMIN can update any)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:847: isAdmin := hasRole(claims, "ADMIN")
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:849: slug := strings.TrimPrefix(r.URL.Path, "/admin/blogs/")
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:885: // Validate input lengths for admin blog updates
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:950:// POST /admin/blogs/:slug/submit - Submit blog for review (STAFF only, moves DRAFT -> PENDING_REVIEW)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:956: slug := strings.TrimPrefix(r.URL.Path, "/admin/blogs/")
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:988:// POST /admin/blogs/:slug/review - Review a blog (ADMIN only)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:994: slug := strings.TrimPrefix(r.URL.Path, "/admin/blogs/")
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:1048:// POST /admin/blogs/:slug/publish - Publish an approved blog (ADMIN only)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:1054: slug := strings.TrimPrefix(r.URL.Path, "/admin/blogs/")
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:1064: // ADMIN can publish from APPROVED status (normal flow) or DRAFT (skip review for admin-created content)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:1082:// POST /admin/blogs/:slug/unpublish - Unpublish a blog (ADMIN only, moves to ARCHIVED)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:1088: slug := strings.TrimPrefix(r.URL.Path, "/admin/blogs/")
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:1114:// DELETE /admin/blogs/:slug - Delete a blog (ADMIN only)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:1120: slug := strings.TrimPrefix(r.URL.Path, "/admin/blogs/")
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:1140:// These endpoints are completely separate from SITE blogs (admin/staff content)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:1492:// ============ ADMIN COMMUNITY MANAGEMENT ENDPOINTS ============
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:1494:// GET /admin/community/blogs - List all community blogs (ADMIN only)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:1536:// POST /admin/community/blogs/:slug/promote - Promote a community blog to SITE blog (ADMIN only)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:1542: slug := strings.TrimPrefix(r.URL.Path, "/admin/community/blogs/")
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:1577:// DELETE /admin/community/blogs/:slug - Admin delete any community blog (ADMIN only)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:1578:func adminDeleteCommunityBlogHandler(w http.ResponseWriter, r *http.Request) {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:1583: slug := strings.TrimPrefix(r.URL.Path, "/admin/community/blogs/")
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:1603:// POST /admin/community/blogs/:slug/archive - Archive a community blog (hide from public)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:1609: slug := strings.TrimPrefix(r.URL.Path, "/admin/community/blogs/")
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:1636:// POST /admin/community/blogs/:slug/verify - Verify a community blog/tutorial (ADMIN only)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:1637:// This marks content as admin-verified without promoting to site blog
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:1643: slug := strings.TrimPrefix(r.URL.Path, "/admin/community/blogs/")
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:1677:// POST /admin/community/blogs/:slug/unverify - Remove verification from a community blog (ADMIN only)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:1683: slug := strings.TrimPrefix(r.URL.Path, "/admin/community/blogs/")
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:1750: // ============ ADMIN ROUTES ============
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:1751: // GET /admin/blogs - List all blogs (STAFF sees own, ADMIN sees all)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:1752: http.HandleFunc("/admin/blogs", func(w http.ResponseWriter, r *http.Request) {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:1759: requireRole(listAllBlogsHandler, "STAFF", "ADMIN")(w, r)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:1761: requireRole(createBlogHandler, "STAFF", "ADMIN")(w, r)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:1767: // GET /admin/blogs/pending - List pending review (ADMIN only)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:1768: http.HandleFunc("/admin/blogs/pending", func(w http.ResponseWriter, r *http.Request) {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:1775: requireRole(listPendingReviewHandler, "ADMIN")(w, r)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:1782: http.HandleFunc("/admin/blogs/", func(w http.ResponseWriter, r *http.Request) {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:1795: requireRole(submitForReviewHandler, "STAFF", "ADMIN")(w, r)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:1801: requireRole(reviewBlogHandler, "ADMIN")(w, r)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:1807: requireRole(publishBlogHandler, "ADMIN")(w, r)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:1813: requireRole(unpublishBlogHandler, "ADMIN")(w, r)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:1818: // /admin/blogs/:slug - CRUD operations
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:1820: requireRole(updateBlogHandler, "STAFF", "ADMIN")(w, r)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:1822: requireRole(deleteBlogHandler, "ADMIN")(w, r)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:1881: // ============ ADMIN COMMUNITY MANAGEMENT ROUTES ============
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:1883: // GET /admin/community/blogs - List all community blogs (ADMIN only)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:1884: http.HandleFunc("/admin/community/blogs", func(w http.ResponseWriter, r *http.Request) {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:1891: requireRole(listAllCommunityBlogsHandler, "ADMIN")(w, r)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:1898: http.HandleFunc("/admin/community/blogs/", func(w http.ResponseWriter, r *http.Request) {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:1910: requireRole(promoteCommunityBlogHandler, "ADMIN")(w, r)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:1916: requireRole(verifyCommunityBlogHandler, "ADMIN")(w, r)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:1922: requireRole(unverifyCommunityBlogHandler, "ADMIN")(w, r)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:1928: requireRole(archiveCommunityBlogHandler, "ADMIN")(w, r)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:1933: // DELETE /admin/community/blogs/:slug
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:1935: requireRole(adminDeleteCommunityBlogHandler, "ADMIN")(w, r)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/contact-service/main.go:373: // Check for admin/staff roles (only they can view submissions)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/contact-service/main.go:390: if roleStr == "SUPERUSER" || roleStr == "ADMIN" || roleStr == "STAFF" {
|
|
|
|
== Ownership Checks (IDOR Prevention) ==
|
|
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:265: CREATE INDEX IF NOT EXISTS idx_votes_user ON forum_votes(user_id);
|
|
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:441: if id, ok := claims["user_id"].(float64); ok {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:711: // Check ownership
|
|
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:719: if authorID != userID && !isAdmin {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:755: // Check ownership
|
|
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:763: if authorID != userID && !isAdmin {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:860: // Check ownership
|
|
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:868: if authorID != userID && !isAdmin {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:904: // Check ownership and get question ID
|
|
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:912: if authorID != userID && !isAdmin {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:960: if questionAuthorID != userID {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:991: verified_at = CURRENT_TIMESTAMP WHERE id = $2`, userID, id)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:997: log.Printf("AUDIT: Admin %d verified answer %d", userID, id)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:1030: err = db.QueryRow("SELECT vote_type FROM forum_votes WHERE user_id = $1 AND target_type = 'question' AND target_id = $2",
|
|
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:1044: db.Exec("UPDATE forum_votes SET vote_type = $1 WHERE user_id = $2 AND target_type = 'question' AND target_id = $3",
|
|
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:1084: err = db.QueryRow("SELECT vote_type FROM forum_votes WHERE user_id = $1 AND target_type = 'answer' AND target_id = $2",
|
|
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:1098: db.Exec("UPDATE forum_votes SET vote_type = $1 WHERE user_id = $2 AND target_type = 'answer' AND target_id = $3",
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:632: if id, ok := claims["user_id"]; ok {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:742: WHERE client_id = $1
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:761: WHERE client_id = $1
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:881: err := db.QueryRow(`SELECT client_id, status FROM invoices WHERE id = $1`, id).Scan(&existingClientID, &existingStatus)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:1030: err = db.QueryRow(`SELECT client_id FROM invoices WHERE id = $1`, invoiceID).Scan(&ownerID)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:1038: if ownerID != userID {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:1058: WHERE i.client_id = $1
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:1163: err = db.QueryRow(`SELECT client_id FROM invoices WHERE id = $1`, p.InvoiceID).Scan(&ownerID)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:1165: http.Error(w, "Failed to verify ownership", http.StatusInternalServerError)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:1168: if ownerID != userID {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:1199: // Get invoice details including client_id for ownership check
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:1764: // Get payment and verify ownership
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:2004: req.VerificationSource, userID).Scan(&tokenID)
|
|
|
|
== Middleware Protection ==
|
|
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:300:func authMiddleware(next http.HandlerFunc) http.HandlerFunc {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:375: return authMiddleware(func(w http.ResponseWriter, r *http.Request) {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:1149: authMiddleware(createQuestionHandler)(w, r)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:1167: authMiddleware(createAnswerHandler)(w, r)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:1173: authMiddleware(voteQuestionHandler)(w, r)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:1187: authMiddleware(updateQuestionHandler)(w, r)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:1189: authMiddleware(deleteQuestionHandler)(w, r)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:1208: authMiddleware(acceptAnswerHandler)(w, r)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:1220: authMiddleware(voteAnswerHandler)(w, r)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:1226: authMiddleware(updateAnswerHandler)(w, r)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:1228: authMiddleware(deleteAnswerHandler)(w, r)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main_test.go:33:func TestCORSMiddleware(t *testing.T) {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main_test.go:38: handler := corsMiddleware(testHandler)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:330: http.HandleFunc("/invoices", authMiddleware(handleInvoices))
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:331: http.HandleFunc("/invoices/", authMiddleware(handleInvoiceByID))
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:334: http.HandleFunc("/payments", authMiddleware(handlePayments))
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:335: http.HandleFunc("/payments/", authMiddleware(handlePaymentByID))
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:338: http.HandleFunc("/invoices/create-payment-intent", authMiddleware(createStripePaymentIntent))
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:343: http.HandleFunc("/crypto/initiate", authMiddleware(initiateCryptoPayment)) // POST - create crypto payment
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:344: http.HandleFunc("/crypto/confirm", authMiddleware(confirmCryptoPayment)) // POST - confirm with tx hash
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:345: http.HandleFunc("/crypto/status/", authMiddleware(getCryptoPaymentStatus)) // GET - check status
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:348: http.HandleFunc("/paypal/create-order", authMiddleware(createPayPalOrder)) // POST - create PayPal order
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:349: http.HandleFunc("/paypal/capture", authMiddleware(capturePayPalPayment)) // POST - capture after approval
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:362: http.HandleFunc("/donations/", authMiddleware(handleDonationByID)) // GET by ID (protected)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:375: Handler: corsMiddleware(http.DefaultServeMux),
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:458:func corsMiddleware(next http.Handler) http.Handler {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:507:// authMiddleware validates JWT token and extracts user info
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:508:func authMiddleware(next http.HandlerFunc) http.HandlerFunc {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:575:// requireRole middleware checks if user has required role
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:577: return authMiddleware(func(w http.ResponseWriter, r *http.Request) {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:2399: // Wrap with auth middleware manually
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:2400: authMiddleware(func(w http.ResponseWriter, r *http.Request) {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/work-management-service/main_test.go:33:func TestCORSMiddleware(t *testing.T) {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/work-management-service/main_test.go:39: // Wrap with CORS middleware
|
|
/home/administrator/projects/coppertone.tech/backend/functions/work-management-service/main_test.go:40: handler := corsMiddleware(testHandler)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/work-management-service/main.go:158: http.HandleFunc("/projects", authMiddleware(handleProjects))
|
|
/home/administrator/projects/coppertone.tech/backend/functions/work-management-service/main.go:159: http.HandleFunc("/projects/", authMiddleware(handleProjectByID))
|
|
/home/administrator/projects/coppertone.tech/backend/functions/work-management-service/main.go:162: http.HandleFunc("/project-requests", authMiddleware(handleProjectRequests))
|
|
/home/administrator/projects/coppertone.tech/backend/functions/work-management-service/main.go:163: http.HandleFunc("/project-requests/", authMiddleware(handleProjectRequestByID))
|
|
/home/administrator/projects/coppertone.tech/backend/functions/work-management-service/main.go:170: http.HandleFunc("/tasks", authMiddleware(handleTasks))
|
|
/home/administrator/projects/coppertone.tech/backend/functions/work-management-service/main.go:171: http.HandleFunc("/tasks/", authMiddleware(handleTaskByID))
|
|
/home/administrator/projects/coppertone.tech/backend/functions/work-management-service/main.go:185: Handler: corsMiddleware(http.DefaultServeMux),
|
|
/home/administrator/projects/coppertone.tech/backend/functions/work-management-service/main.go:298:// corsMiddleware adds CORS headers to allow frontend to communicate with backend
|
|
/home/administrator/projects/coppertone.tech/backend/functions/work-management-service/main.go:299:func corsMiddleware(next http.Handler) http.Handler {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/work-management-service/main.go:364:// authMiddleware validates JWT token and extracts user info
|
|
/home/administrator/projects/coppertone.tech/backend/functions/work-management-service/main.go:365:func authMiddleware(next http.HandlerFunc) http.HandlerFunc {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/work-management-service/main.go:432:// requireRole middleware checks if user has required role
|
|
/home/administrator/projects/coppertone.tech/backend/functions/work-management-service/main.go:434: return authMiddleware(func(w http.ResponseWriter, r *http.Request) {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:380: Handler: limitBodySize(corsMiddleware(http.DefaultServeMux)),
|
|
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:510:// limitBodySize middleware limits the request body size to prevent DoS attacks
|
|
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:520:func corsMiddleware(next http.Handler) http.Handler {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:1382:// This middleware should be used after authenticate() for protected endpoints
|
|
/home/administrator/projects/coppertone.tech/backend/functions/ipfs-service/main.go:59: // CORS middleware
|
|
/home/administrator/projects/coppertone.tech/backend/functions/ipfs-service/main.go:60: handler := corsMiddleware(mux)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/ipfs-service/main.go:122:func corsMiddleware(next http.Handler) http.Handler {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:334:// rateLimitMiddleware applies rate limiting based on request method
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:335:func rateLimitMiddleware(next http.HandlerFunc) http.HandlerFunc {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:358:func authMiddleware(next http.HandlerFunc) http.HandlerFunc {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:396: return authMiddleware(func(w http.ResponseWriter, r *http.Request) {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:1842: authMiddleware(createCommunityBlogHandler)(w, r)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:1856: authMiddleware(listMyBlogsHandler)(w, r)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:1873: authMiddleware(updateCommunityBlogHandler)(w, r)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:1875: authMiddleware(deleteCommunityBlogHandler)(w, r)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/contact-service/main.go:134: mux.HandleFunc("/submit", corsMiddleware(rateLimitSubmit(submitHandler)))
|
|
/home/administrator/projects/coppertone.tech/backend/functions/contact-service/main.go:135: mux.HandleFunc("/health", corsMiddleware(healthHandler))
|
|
/home/administrator/projects/coppertone.tech/backend/functions/contact-service/main.go:138: mux.HandleFunc("/submissions", corsMiddleware(authMiddleware(listSubmissionsHandler)))
|
|
/home/administrator/projects/coppertone.tech/backend/functions/contact-service/main.go:139: mux.HandleFunc("/submissions/", corsMiddleware(authMiddleware(submissionHandler)))
|
|
/home/administrator/projects/coppertone.tech/backend/functions/contact-service/main.go:296:func corsMiddleware(next http.HandlerFunc) http.HandlerFunc {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/contact-service/main.go:338:func authMiddleware(next http.HandlerFunc) http.HandlerFunc {
|
|
|
|
== Unprotected Routes ==
|
|
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:1140: http.HandleFunc("/questions", func(w http.ResponseWriter, r *http.Request) {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:1155: http.HandleFunc("/questions/", func(w http.ResponseWriter, r *http.Request) {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:1196: http.HandleFunc("/answers/", func(w http.ResponseWriter, r *http.Request) {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:1236: http.HandleFunc("/health", func(w http.ResponseWriter, r *http.Request) {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:341: http.HandleFunc("/crypto/networks", handleNetworks) // GET - public list of networks
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:342: http.HandleFunc("/crypto/tokens", handleTokens) // GET - public list of tokens
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:350: http.HandleFunc("/webhooks/paypal", handlePayPalWebhook) // POST - PayPal webhooks
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:353: http.HandleFunc("/admin/tokens", requireRole(handleAdminTokens, "ADMIN")) // GET, POST
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:354: http.HandleFunc("/admin/tokens/", requireRole(handleAdminTokenByID, "ADMIN")) // PUT, DELETE
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:355: http.HandleFunc("/admin/wallets", requireRole(handleAdminWallets, "ADMIN")) // GET, POST
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:356: http.HandleFunc("/admin/wallets/", requireRole(handleAdminWalletByID, "ADMIN")) // PUT, DELETE
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:359: http.HandleFunc("/donations/campaigns", handleDonationCampaigns) // GET (public), POST (admin)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:360: http.HandleFunc("/donations/campaigns/", handleDonationCampaignBySlug) // GET by slug (public)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:361: http.HandleFunc("/donations/donate", handleDonate) // POST - public donation
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:365: http.HandleFunc("/webhooks/stripe", handleStripeWebhook)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:368: http.HandleFunc("/healthz", func(w http.ResponseWriter, r *http.Request) {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/work-management-service/main.go:166: http.HandleFunc("/projects/pending", requireRole(handlePendingProjects, "STAFF", "ADMIN"))
|
|
/home/administrator/projects/coppertone.tech/backend/functions/work-management-service/main.go:167: http.HandleFunc("/projects/approve/", requireRole(handleProjectApproval, "STAFF", "ADMIN"))
|
|
/home/administrator/projects/coppertone.tech/backend/functions/work-management-service/main.go:174: http.HandleFunc("/workorders", requireRole(handleWorkOrders, "STAFF", "ADMIN"))
|
|
/home/administrator/projects/coppertone.tech/backend/functions/work-management-service/main.go:175: http.HandleFunc("/workorders/", requireRole(handleWorkOrderByID, "STAFF", "ADMIN"))
|
|
/home/administrator/projects/coppertone.tech/backend/functions/work-management-service/main.go:178: http.HandleFunc("/healthz", func(w http.ResponseWriter, r *http.Request) {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/example-function/main.go:46: http.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/example-function/main.go:50: http.HandleFunc("/health", func(w http.ResponseWriter, r *http.Request) {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/ipfs-service/main.go:54: mux.HandleFunc("/health", healthHandler)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/ipfs-service/main.go:55: mux.HandleFunc("/peer-info", peerInfoHandler)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/ipfs-service/main.go:56: mux.HandleFunc("/connect", connectHandler)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/ipfs-service/main.go:57: mux.HandleFunc("/peers", peersHandler)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:1723: http.HandleFunc("/blogs", func(w http.ResponseWriter, r *http.Request) {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:1737: http.HandleFunc("/blogs/", func(w http.ResponseWriter, r *http.Request) {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:1752: http.HandleFunc("/admin/blogs", func(w http.ResponseWriter, r *http.Request) {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:1768: http.HandleFunc("/admin/blogs/pending", func(w http.ResponseWriter, r *http.Request) {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:1782: http.HandleFunc("/admin/blogs/", func(w http.ResponseWriter, r *http.Request) {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:1832: http.HandleFunc("/community/blogs", func(w http.ResponseWriter, r *http.Request) {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:1849: http.HandleFunc("/community/my-blogs", func(w http.ResponseWriter, r *http.Request) {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:1863: http.HandleFunc("/community/blogs/", func(w http.ResponseWriter, r *http.Request) {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:1884: http.HandleFunc("/admin/community/blogs", func(w http.ResponseWriter, r *http.Request) {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:1898: http.HandleFunc("/admin/community/blogs/", func(w http.ResponseWriter, r *http.Request) {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:1943: http.HandleFunc("/health", func(w http.ResponseWriter, r *http.Request) {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/contact-service/main.go:134: mux.HandleFunc("/submit", corsMiddleware(rateLimitSubmit(submitHandler)))
|
|
/home/administrator/projects/coppertone.tech/backend/functions/contact-service/main.go:135: mux.HandleFunc("/health", corsMiddleware(healthHandler))
|