333 lines
48 KiB
Plaintext
333 lines
48 KiB
Plaintext
# Authorization Audit - 20251123-104211
|
|
== Role Checks ==
|
|
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:364:func requireRole(next http.HandlerFunc, allowedRoles ...string) http.HandlerFunc {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:367: userRoles, err := extractRoles(claims)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:369: http.Error(w, "No roles found", http.StatusForbidden)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:373: for _, userRole := range userRoles {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:374: for _, allowedRole := range allowedRoles {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:375: if userRole == allowedRole {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:382: http.Error(w, "Insufficient permissions", http.StatusForbidden)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:386:func extractRoles(claims jwt.MapClaims) ([]string, error) {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:387: rawRoles, ok := claims["roles"]
|
|
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:389: return nil, errors.New("roles missing")
|
|
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:392: switch v := rawRoles.(type) {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:396: roleStr, ok := r.(string)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:398: return nil, errors.New("role not string")
|
|
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:400: out = append(out, roleStr)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:406: return nil, errors.New("invalid roles type")
|
|
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:410:func hasRole(claims jwt.MapClaims, role string) bool {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:411: roles, err := extractRoles(claims)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:415: for _, r := range roles {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:416: // SUPERUSER has all permissions
|
|
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:420: if r == role {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:692: isAdmin := hasRole(claims, "ADMIN")
|
|
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:736: isAdmin := hasRole(claims, "ADMIN")
|
|
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:841: isAdmin := hasRole(claims, "ADMIN")
|
|
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:885: isAdmin := hasRole(claims, "ADMIN")
|
|
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:1169: requireRole(closeQuestionHandler, "ADMIN")(w, r)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:1204: requireRole(verifyAnswerHandler, "ADMIN")(w, r)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:233: w.Header().Set("Permissions-Policy", "geolocation=(), microphone=(), camera=()")
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:304: roles, err := extractRoles(claims)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:306: http.Error(w, "Invalid token roles", http.StatusUnauthorized)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:312: ctx = context.WithValue(ctx, "roles", roles)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:319:// requireRole middleware checks if user has required role
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:320:func requireRole(next http.HandlerFunc, allowedRoles ...string) http.HandlerFunc {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:322: userRoles, ok := r.Context().Value("roles").([]string)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:324: http.Error(w, "No roles found in token", http.StatusForbidden)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:328: // Check if user has any of the allowed roles
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:329: hasRole := false
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:330: for _, userRole := range userRoles {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:331: for _, allowedRole := range allowedRoles {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:332: if userRole == allowedRole {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:333: hasRole = true
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:337: if hasRole {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:342: if !hasRole {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:343: http.Error(w, "Insufficient permissions", http.StatusForbidden)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:351:func extractRoles(claims jwt.MapClaims) ([]string, error) {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:352: rawRoles, ok := claims["roles"]
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:354: return nil, errors.New("roles missing")
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:357: switch v := rawRoles.(type) {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:361: roleStr, ok := r.(string)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:363: return nil, errors.New("role value not string")
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:365: out = append(out, roleStr)
|
|
|
|
== Admin-Only Endpoints ==
|
|
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:692: isAdmin := hasRole(claims, "ADMIN")
|
|
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:736: isAdmin := hasRole(claims, "ADMIN")
|
|
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:841: isAdmin := hasRole(claims, "ADMIN")
|
|
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:885: isAdmin := hasRole(claims, "ADMIN")
|
|
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:966:// POST /answers/:id/verify - Verify answer (ADMIN only)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:1100:// POST /questions/:id/close - Close question (ADMIN only)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:1169: requireRole(closeQuestionHandler, "ADMIN")(w, r)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:1204: requireRole(verifyAnswerHandler, "ADMIN")(w, r)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:102: // Invoice routes (protected - staff/admin can create, clients can view their own)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:429: if !hasAnyRole(r.Context(), "STAFF", "ADMIN") {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:455: if !hasAnyRole(r.Context(), "STAFF", "ADMIN") {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:461: if !hasAnyRole(r.Context(), "STAFF", "ADMIN") {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:478: // Authorization: STAFF/ADMIN can see all or filtered, CLIENTs only see their own
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:479: if hasAnyRole(r.Context(), "STAFF", "ADMIN") {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:610: isStaffOrAdmin := hasAnyRole(r.Context(), "STAFF", "ADMIN")
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:712: if !hasAnyRole(r.Context(), "STAFF", "ADMIN") {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:749: // Authorization: STAFF/ADMIN can see all payments, CLIENTs only see payments for their invoices
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:750: if hasAnyRole(r.Context(), "STAFF", "ADMIN") {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:905: if !hasAnyRole(r.Context(), "STAFF", "ADMIN") {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:961: isStaffOrAdmin := hasAnyRole(r.Context(), "STAFF", "ADMIN")
|
|
/home/administrator/projects/coppertone.tech/backend/functions/work-management-service/main.go:164: // Approval routes (STAFF/ADMIN only)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/work-management-service/main.go:165: http.HandleFunc("/projects/pending", requireRole(handlePendingProjects, "STAFF", "ADMIN"))
|
|
/home/administrator/projects/coppertone.tech/backend/functions/work-management-service/main.go:166: http.HandleFunc("/projects/approve/", requireRole(handleProjectApproval, "STAFF", "ADMIN"))
|
|
/home/administrator/projects/coppertone.tech/backend/functions/work-management-service/main.go:172: // Work order routes (protected - staff/admin only)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/work-management-service/main.go:173: http.HandleFunc("/workorders", requireRole(handleWorkOrders, "STAFF", "ADMIN"))
|
|
/home/administrator/projects/coppertone.tech/backend/functions/work-management-service/main.go:174: http.HandleFunc("/workorders/", requireRole(handleWorkOrderByID, "STAFF", "ADMIN"))
|
|
/home/administrator/projects/coppertone.tech/backend/functions/work-management-service/main.go:536: if !hasAnyRole(r.Context(), "STAFF", "ADMIN") {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/work-management-service/main.go:564: if !hasAnyRole(r.Context(), "STAFF", "ADMIN") {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/work-management-service/main.go:570: if !hasAnyRole(r.Context(), "STAFF", "ADMIN") {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/work-management-service/main.go:586: // Authorization: STAFF/ADMIN can see all approved projects, CLIENTs only see their own approved projects
|
|
/home/administrator/projects/coppertone.tech/backend/functions/work-management-service/main.go:587: if hasAnyRole(r.Context(), "STAFF", "ADMIN") {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/work-management-service/main.go:653: // STAFF/ADMIN creating projects are auto-approved
|
|
/home/administrator/projects/coppertone.tech/backend/functions/work-management-service/main.go:700: // Authorization: Check if user is owner (CLIENT), requester, or has elevated role (STAFF/ADMIN)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/work-management-service/main.go:703: isStaffOrAdmin := hasAnyRole(r.Context(), "STAFF", "ADMIN")
|
|
/home/administrator/projects/coppertone.tech/backend/functions/work-management-service/main.go:730: isStaffOrAdmin := hasAnyRole(r.Context(), "STAFF", "ADMIN")
|
|
/home/administrator/projects/coppertone.tech/backend/functions/work-management-service/main.go:779: // Authorization check - only STAFF/ADMIN can delete (protect clients from accidental deletion)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/work-management-service/main.go:780: if !hasAnyRole(r.Context(), "STAFF", "ADMIN") {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/work-management-service/main.go:781: http.Error(w, "Forbidden: only STAFF or ADMIN can delete projects", http.StatusForbidden)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/work-management-service/main.go:807: if !hasAnyRole(r.Context(), "STAFF", "ADMIN") {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/work-management-service/main.go:834: if !hasAnyRole(r.Context(), "STAFF", "ADMIN") {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/work-management-service/main.go:840: if !hasAnyRole(r.Context(), "STAFF", "ADMIN") {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/work-management-service/main.go:857: // Authorization: STAFF/ADMIN can see all tasks (optionally filtered), CLIENTs only see tasks for their projects
|
|
/home/administrator/projects/coppertone.tech/backend/functions/work-management-service/main.go:858: if hasAnyRole(r.Context(), "STAFF", "ADMIN") {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/work-management-service/main.go:994: if !hasAnyRole(r.Context(), "STAFF", "ADMIN") {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/work-management-service/main.go:1024: // Note: Only STAFF/ADMIN can reach here due to handler check, but verify project access
|
|
/home/administrator/projects/coppertone.tech/backend/functions/work-management-service/main.go:1083: // Note: Only STAFF/ADMIN can reach here due to handler check, but verify project access
|
|
/home/administrator/projects/coppertone.tech/backend/functions/work-management-service/main.go:1409:// getProjectRequest returns a single project request (must be owned by user or STAFF/ADMIN)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/work-management-service/main.go:1433: // Authorization: Only requester or STAFF/ADMIN can view
|
|
/home/administrator/projects/coppertone.tech/backend/functions/work-management-service/main.go:1435: isStaffOrAdmin := hasAnyRole(r.Context(), "STAFF", "ADMIN")
|
|
/home/administrator/projects/coppertone.tech/backend/functions/work-management-service/main.go:1488:// ===== APPROVAL HANDLERS (STAFF/ADMIN only) =====
|
|
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:352: http.HandleFunc("/link-identity", authenticate(requireRole(handleLinkIdentity, "CLIENT", "STAFF", "ADMIN")))
|
|
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:353: http.HandleFunc("/unlink-identity", authenticate(requireRole(handleUnlinkIdentity, "CLIENT", "STAFF", "ADMIN")))
|
|
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:359: // Admin routes (ADMIN only) - Note: SUPERUSER has implicit access
|
|
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:360: http.HandleFunc("/admin/users", authenticate(requireRole(handleGetAllUsers, "ADMIN", "SUPERUSER")))
|
|
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:361: http.HandleFunc("/admin/users/promote-role", authenticate(requireRole(handlePromoteUserRole, "ADMIN", "SUPERUSER")))
|
|
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:362: http.HandleFunc("/admin/users/demote-role", authenticate(requireRole(handleDemoteUserRole, "ADMIN", "SUPERUSER")))
|
|
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:599: // Staff/Admin roles can only be granted by existing ADMIN/SUPERUSER
|
|
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:723: // Staff/Admin roles can only be granted by existing ADMIN/SUPERUSER
|
|
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:1617:// ===== ADMIN ENDPOINTS =====
|
|
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:1631:// handleGetAllUsers returns all users (ADMIN/SUPERUSER only)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:1691:// handleDemoteUserRole allows ADMIN/SUPERUSER users to remove roles from other users
|
|
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:1692:// ADMIN can only demote CLIENT, STAFF, ADMIN roles (cannot touch SUPERUSER)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:1701: adminUserID := int(claims["userId"].(float64))
|
|
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:1716: validRoles := map[string]bool{"CLIENT": true, "STAFF": true, "ADMIN": true}
|
|
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:1718: http.Error(w, "Invalid role. Must be CLIENT, STAFF, or ADMIN", http.StatusBadRequest)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:1732: // If not superuser, verify target is not a superuser (ADMINs cannot touch SUPERUSERs)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:1739: http.Error(w, "Forbidden: ADMINs cannot modify SUPERUSER accounts", http.StatusForbidden)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:1744: // Prevent admin from demoting themselves from ADMIN role
|
|
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:1745: if req.UserID == adminUserID && req.Role == "ADMIN" && !isSuperuser {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:1746: http.Error(w, "Cannot remove your own ADMIN role", http.StatusForbidden)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:1806: adminUserID, req.Role, req.UserID, userName)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:1814:// handlePromoteUserRole allows ADMIN/SUPERUSER users to grant roles to other users
|
|
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:1815:// ADMIN can only promote to CLIENT, STAFF, ADMIN
|
|
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:1824: adminUserID := int(claims["userId"].(float64))
|
|
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:1834: validRoles := map[string]bool{"CLIENT": true, "STAFF": true, "ADMIN": true}
|
|
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:1840: http.Error(w, "Invalid role. Must be CLIENT, STAFF, or ADMIN", http.StatusBadRequest)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:1854: // If not superuser, verify target is not a superuser (ADMINs cannot touch SUPERUSERs)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:1861: http.Error(w, "Forbidden: ADMINs cannot modify SUPERUSER accounts", http.StatusForbidden)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:1908: adminUserID, req.Role, req.UserID, userName)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:90: StatusPendingReview = "PENDING_REVIEW" // Submitted for admin review
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:91: StatusApproved = "APPROVED" // Approved by admin, ready to publish
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:93: StatusRejected = "REJECTED" // Rejected by admin with feedback
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:97:// Blog type constants - SITE blogs are admin/staff content, USER blogs are community content
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:99: BlogTypeSite = "SITE" // Official site blogs (admin/staff authored)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:120: Verified bool `json:"verified"` // True if admin-verified content (for USER blogs/tutorials)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:280: // All existing blogs default to SITE type and verified (since they were created by staff/admin)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:559: // Only show SITE blogs (admin/staff official content) - USER blogs are in /community/blogs
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:632:// ============ STAFF/ADMIN ENDPOINTS ============
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:634:// GET /admin/blogs - List all SITE blogs with filters (STAFF sees own, ADMIN sees all)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:639: isAdmin := hasRole(claims, "ADMIN")
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:649: // STAFF can only see their own blogs unless they're ADMIN
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:693:// GET /admin/blogs/pending - List SITE blogs pending review (ADMIN only)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:726:// POST /admin/blogs - Create a new SITE blog (STAFF creates as DRAFT, ADMIN can create as any status)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:731: isAdmin := hasRole(claims, "ADMIN")
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:761: // STAFF always creates as DRAFT, ADMIN can create directly as PUBLISHED
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:797:// PUT /admin/blogs/:slug - Update a blog (author can update own DRAFT/REJECTED, ADMIN can update any)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:802: isAdmin := hasRole(claims, "ADMIN")
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:804: slug := strings.TrimPrefix(r.URL.Path, "/admin/blogs/")
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:877:// POST /admin/blogs/:slug/submit - Submit blog for review (STAFF only, moves DRAFT -> PENDING_REVIEW)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:883: slug := strings.TrimPrefix(r.URL.Path, "/admin/blogs/")
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:915:// POST /admin/blogs/:slug/review - Review a blog (ADMIN only)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:921: slug := strings.TrimPrefix(r.URL.Path, "/admin/blogs/")
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:975:// POST /admin/blogs/:slug/publish - Publish an approved blog (ADMIN only)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:981: slug := strings.TrimPrefix(r.URL.Path, "/admin/blogs/")
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:991: // ADMIN can publish from APPROVED status (normal flow) or DRAFT (skip review for admin-created content)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:1009:// POST /admin/blogs/:slug/unpublish - Unpublish a blog (ADMIN only, moves to ARCHIVED)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:1015: slug := strings.TrimPrefix(r.URL.Path, "/admin/blogs/")
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:1041:// DELETE /admin/blogs/:slug - Delete a blog (ADMIN only)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:1047: slug := strings.TrimPrefix(r.URL.Path, "/admin/blogs/")
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:1067:// These endpoints are completely separate from SITE blogs (admin/staff content)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:1391:// ============ ADMIN COMMUNITY MANAGEMENT ENDPOINTS ============
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:1393:// GET /admin/community/blogs - List all community blogs (ADMIN only)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:1435:// POST /admin/community/blogs/:slug/promote - Promote a community blog to SITE blog (ADMIN only)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:1441: slug := strings.TrimPrefix(r.URL.Path, "/admin/community/blogs/")
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:1476:// DELETE /admin/community/blogs/:slug - Admin delete any community blog (ADMIN only)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:1477:func adminDeleteCommunityBlogHandler(w http.ResponseWriter, r *http.Request) {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:1482: slug := strings.TrimPrefix(r.URL.Path, "/admin/community/blogs/")
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:1502:// POST /admin/community/blogs/:slug/archive - Archive a community blog (hide from public)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:1508: slug := strings.TrimPrefix(r.URL.Path, "/admin/community/blogs/")
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:1535:// POST /admin/community/blogs/:slug/verify - Verify a community blog/tutorial (ADMIN only)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:1536:// This marks content as admin-verified without promoting to site blog
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:1542: slug := strings.TrimPrefix(r.URL.Path, "/admin/community/blogs/")
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:1576:// POST /admin/community/blogs/:slug/unverify - Remove verification from a community blog (ADMIN only)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:1582: slug := strings.TrimPrefix(r.URL.Path, "/admin/community/blogs/")
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:1649: // ============ ADMIN ROUTES ============
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:1650: // GET /admin/blogs - List all blogs (STAFF sees own, ADMIN sees all)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:1651: http.HandleFunc("/admin/blogs", func(w http.ResponseWriter, r *http.Request) {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:1658: requireRole(listAllBlogsHandler, "STAFF", "ADMIN")(w, r)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:1660: requireRole(createBlogHandler, "STAFF", "ADMIN")(w, r)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:1666: // GET /admin/blogs/pending - List pending review (ADMIN only)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:1667: http.HandleFunc("/admin/blogs/pending", func(w http.ResponseWriter, r *http.Request) {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:1674: requireRole(listPendingReviewHandler, "ADMIN")(w, r)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:1681: http.HandleFunc("/admin/blogs/", func(w http.ResponseWriter, r *http.Request) {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:1694: requireRole(submitForReviewHandler, "STAFF", "ADMIN")(w, r)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:1700: requireRole(reviewBlogHandler, "ADMIN")(w, r)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:1706: requireRole(publishBlogHandler, "ADMIN")(w, r)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:1712: requireRole(unpublishBlogHandler, "ADMIN")(w, r)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:1717: // /admin/blogs/:slug - CRUD operations
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:1719: requireRole(updateBlogHandler, "STAFF", "ADMIN")(w, r)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:1721: requireRole(deleteBlogHandler, "ADMIN")(w, r)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:1780: // ============ ADMIN COMMUNITY MANAGEMENT ROUTES ============
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:1782: // GET /admin/community/blogs - List all community blogs (ADMIN only)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:1783: http.HandleFunc("/admin/community/blogs", func(w http.ResponseWriter, r *http.Request) {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:1790: requireRole(listAllCommunityBlogsHandler, "ADMIN")(w, r)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:1797: http.HandleFunc("/admin/community/blogs/", func(w http.ResponseWriter, r *http.Request) {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:1809: requireRole(promoteCommunityBlogHandler, "ADMIN")(w, r)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:1815: requireRole(verifyCommunityBlogHandler, "ADMIN")(w, r)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:1821: requireRole(unverifyCommunityBlogHandler, "ADMIN")(w, r)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:1827: requireRole(archiveCommunityBlogHandler, "ADMIN")(w, r)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:1832: // DELETE /admin/community/blogs/:slug
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:1834: requireRole(adminDeleteCommunityBlogHandler, "ADMIN")(w, r)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/contact-service/main.go:367: // Check for admin/staff roles (only they can view submissions)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/contact-service/main.go:384: if roleStr == "SUPERUSER" || roleStr == "ADMIN" || roleStr == "STAFF" {
|
|
|
|
== Ownership Checks (IDOR Prevention) ==
|
|
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:255: CREATE INDEX IF NOT EXISTS idx_votes_user ON forum_votes(user_id);
|
|
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:431: if id, ok := claims["user_id"].(float64); ok {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:701: // Check ownership
|
|
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:709: if authorID != userID && !isAdmin {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:745: // Check ownership
|
|
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:753: if authorID != userID && !isAdmin {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:850: // Check ownership
|
|
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:858: if authorID != userID && !isAdmin {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:894: // Check ownership and get question ID
|
|
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:902: if authorID != userID && !isAdmin {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:950: if questionAuthorID != userID {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:981: verified_at = CURRENT_TIMESTAMP WHERE id = $2`, userID, id)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:987: log.Printf("AUDIT: Admin %d verified answer %d", userID, id)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:1020: err = db.QueryRow("SELECT vote_type FROM forum_votes WHERE user_id = $1 AND target_type = 'question' AND target_id = $2",
|
|
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:1034: db.Exec("UPDATE forum_votes SET vote_type = $1 WHERE user_id = $2 AND target_type = 'question' AND target_id = $3",
|
|
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:1074: err = db.QueryRow("SELECT vote_type FROM forum_votes WHERE user_id = $1 AND target_type = 'answer' AND target_id = $2",
|
|
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:1088: db.Exec("UPDATE forum_votes SET vote_type = $1 WHERE user_id = $2 AND target_type = 'answer' AND target_id = $3",
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:376: if id, ok := claims["user_id"]; ok {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:486: WHERE client_id = $1
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:505: WHERE client_id = $1
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:625: err := db.QueryRow(`SELECT client_id, status FROM invoices WHERE id = $1`, id).Scan(&existingClientID, &existingStatus)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:774: err = db.QueryRow(`SELECT client_id FROM invoices WHERE id = $1`, invoiceID).Scan(&ownerID)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:782: if ownerID != userID {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:802: WHERE i.client_id = $1
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:907: err = db.QueryRow(`SELECT client_id FROM invoices WHERE id = $1`, p.InvoiceID).Scan(&ownerID)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:909: http.Error(w, "Failed to verify ownership", http.StatusInternalServerError)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:912: if ownerID != userID {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:943: // Get invoice details including client_id for ownership check
|
|
/home/administrator/projects/coppertone.tech/backend/functions/work-management-service/main.go:483: if id, ok := claims["user_id"]; ok {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/work-management-service/main.go:605: WHERE client_id = $1 AND COALESCE(approval_status, 'APPROVED') = 'APPROVED'
|
|
|
|
== Middleware Protection ==
|
|
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:290:func authMiddleware(next http.HandlerFunc) http.HandlerFunc {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:365: return authMiddleware(func(w http.ResponseWriter, r *http.Request) {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:1139: authMiddleware(createQuestionHandler)(w, r)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:1157: authMiddleware(createAnswerHandler)(w, r)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:1163: authMiddleware(voteQuestionHandler)(w, r)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:1177: authMiddleware(updateQuestionHandler)(w, r)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:1179: authMiddleware(deleteQuestionHandler)(w, r)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:1198: authMiddleware(acceptAnswerHandler)(w, r)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:1210: authMiddleware(voteAnswerHandler)(w, r)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:1216: authMiddleware(updateAnswerHandler)(w, r)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:1218: authMiddleware(deleteAnswerHandler)(w, r)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main_test.go:33:func TestCORSMiddleware(t *testing.T) {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main_test.go:38: handler := corsMiddleware(testHandler)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:103: http.HandleFunc("/invoices", authMiddleware(handleInvoices))
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:104: http.HandleFunc("/invoices/", authMiddleware(handleInvoiceByID))
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:107: http.HandleFunc("/payments", authMiddleware(handlePayments))
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:108: http.HandleFunc("/payments/", authMiddleware(handlePaymentByID))
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:111: http.HandleFunc("/invoices/create-payment-intent", authMiddleware(createStripePaymentIntent))
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:124: Handler: corsMiddleware(http.DefaultServeMux),
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:207:func corsMiddleware(next http.Handler) http.Handler {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:251:// authMiddleware validates JWT token and extracts user info
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:252:func authMiddleware(next http.HandlerFunc) http.HandlerFunc {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:319:// requireRole middleware checks if user has required role
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:321: return authMiddleware(func(w http.ResponseWriter, r *http.Request) {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/work-management-service/main_test.go:33:func TestCORSMiddleware(t *testing.T) {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/work-management-service/main_test.go:39: // Wrap with CORS middleware
|
|
/home/administrator/projects/coppertone.tech/backend/functions/work-management-service/main_test.go:40: handler := corsMiddleware(testHandler)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/work-management-service/main.go:157: http.HandleFunc("/projects", authMiddleware(handleProjects))
|
|
/home/administrator/projects/coppertone.tech/backend/functions/work-management-service/main.go:158: http.HandleFunc("/projects/", authMiddleware(handleProjectByID))
|
|
/home/administrator/projects/coppertone.tech/backend/functions/work-management-service/main.go:161: http.HandleFunc("/project-requests", authMiddleware(handleProjectRequests))
|
|
/home/administrator/projects/coppertone.tech/backend/functions/work-management-service/main.go:162: http.HandleFunc("/project-requests/", authMiddleware(handleProjectRequestByID))
|
|
/home/administrator/projects/coppertone.tech/backend/functions/work-management-service/main.go:169: http.HandleFunc("/tasks", authMiddleware(handleTasks))
|
|
/home/administrator/projects/coppertone.tech/backend/functions/work-management-service/main.go:170: http.HandleFunc("/tasks/", authMiddleware(handleTaskByID))
|
|
/home/administrator/projects/coppertone.tech/backend/functions/work-management-service/main.go:184: Handler: corsMiddleware(http.DefaultServeMux),
|
|
/home/administrator/projects/coppertone.tech/backend/functions/work-management-service/main.go:297:// corsMiddleware adds CORS headers to allow frontend to communicate with backend
|
|
/home/administrator/projects/coppertone.tech/backend/functions/work-management-service/main.go:298:func corsMiddleware(next http.Handler) http.Handler {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/work-management-service/main.go:358:// authMiddleware validates JWT token and extracts user info
|
|
/home/administrator/projects/coppertone.tech/backend/functions/work-management-service/main.go:359:func authMiddleware(next http.HandlerFunc) http.HandlerFunc {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/work-management-service/main.go:426:// requireRole middleware checks if user has required role
|
|
/home/administrator/projects/coppertone.tech/backend/functions/work-management-service/main.go:428: return authMiddleware(func(w http.ResponseWriter, r *http.Request) {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:377: Handler: corsMiddleware(http.DefaultServeMux),
|
|
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:507:func corsMiddleware(next http.Handler) http.Handler {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/ipfs-service/main.go:59: // CORS middleware
|
|
/home/administrator/projects/coppertone.tech/backend/functions/ipfs-service/main.go:60: handler := corsMiddleware(mux)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/ipfs-service/main.go:122:func corsMiddleware(next http.Handler) http.Handler {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:321:// rateLimitMiddleware applies rate limiting based on request method
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:322:func rateLimitMiddleware(next http.HandlerFunc) http.HandlerFunc {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:345:func authMiddleware(next http.HandlerFunc) http.HandlerFunc {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:383: return authMiddleware(func(w http.ResponseWriter, r *http.Request) {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:1741: authMiddleware(createCommunityBlogHandler)(w, r)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:1755: authMiddleware(listMyBlogsHandler)(w, r)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:1772: authMiddleware(updateCommunityBlogHandler)(w, r)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:1774: authMiddleware(deleteCommunityBlogHandler)(w, r)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/contact-service/main.go:133: mux.HandleFunc("/submit", corsMiddleware(rateLimitSubmit(submitHandler)))
|
|
/home/administrator/projects/coppertone.tech/backend/functions/contact-service/main.go:134: mux.HandleFunc("/health", corsMiddleware(healthHandler))
|
|
/home/administrator/projects/coppertone.tech/backend/functions/contact-service/main.go:137: mux.HandleFunc("/submissions", corsMiddleware(authMiddleware(listSubmissionsHandler)))
|
|
/home/administrator/projects/coppertone.tech/backend/functions/contact-service/main.go:138: mux.HandleFunc("/submissions/", corsMiddleware(authMiddleware(submissionHandler)))
|
|
/home/administrator/projects/coppertone.tech/backend/functions/contact-service/main.go:290:func corsMiddleware(next http.HandlerFunc) http.HandlerFunc {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/contact-service/main.go:332:func authMiddleware(next http.HandlerFunc) http.HandlerFunc {
|
|
|
|
== Unprotected Routes ==
|
|
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:1130: http.HandleFunc("/questions", func(w http.ResponseWriter, r *http.Request) {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:1145: http.HandleFunc("/questions/", func(w http.ResponseWriter, r *http.Request) {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:1186: http.HandleFunc("/answers/", func(w http.ResponseWriter, r *http.Request) {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:1226: http.HandleFunc("/health", func(w http.ResponseWriter, r *http.Request) {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:114: http.HandleFunc("/webhooks/stripe", handleStripeWebhook)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:117: http.HandleFunc("/healthz", func(w http.ResponseWriter, r *http.Request) {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/work-management-service/main.go:165: http.HandleFunc("/projects/pending", requireRole(handlePendingProjects, "STAFF", "ADMIN"))
|
|
/home/administrator/projects/coppertone.tech/backend/functions/work-management-service/main.go:166: http.HandleFunc("/projects/approve/", requireRole(handleProjectApproval, "STAFF", "ADMIN"))
|
|
/home/administrator/projects/coppertone.tech/backend/functions/work-management-service/main.go:173: http.HandleFunc("/workorders", requireRole(handleWorkOrders, "STAFF", "ADMIN"))
|
|
/home/administrator/projects/coppertone.tech/backend/functions/work-management-service/main.go:174: http.HandleFunc("/workorders/", requireRole(handleWorkOrderByID, "STAFF", "ADMIN"))
|
|
/home/administrator/projects/coppertone.tech/backend/functions/work-management-service/main.go:177: http.HandleFunc("/healthz", func(w http.ResponseWriter, r *http.Request) {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/example-function/main.go:46: http.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/example-function/main.go:50: http.HandleFunc("/health", func(w http.ResponseWriter, r *http.Request) {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/ipfs-service/main.go:54: mux.HandleFunc("/health", healthHandler)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/ipfs-service/main.go:55: mux.HandleFunc("/peer-info", peerInfoHandler)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/ipfs-service/main.go:56: mux.HandleFunc("/connect", connectHandler)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/ipfs-service/main.go:57: mux.HandleFunc("/peers", peersHandler)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:1622: http.HandleFunc("/blogs", func(w http.ResponseWriter, r *http.Request) {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:1636: http.HandleFunc("/blogs/", func(w http.ResponseWriter, r *http.Request) {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:1651: http.HandleFunc("/admin/blogs", func(w http.ResponseWriter, r *http.Request) {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:1667: http.HandleFunc("/admin/blogs/pending", func(w http.ResponseWriter, r *http.Request) {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:1681: http.HandleFunc("/admin/blogs/", func(w http.ResponseWriter, r *http.Request) {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:1731: http.HandleFunc("/community/blogs", func(w http.ResponseWriter, r *http.Request) {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:1748: http.HandleFunc("/community/my-blogs", func(w http.ResponseWriter, r *http.Request) {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:1762: http.HandleFunc("/community/blogs/", func(w http.ResponseWriter, r *http.Request) {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:1783: http.HandleFunc("/admin/community/blogs", func(w http.ResponseWriter, r *http.Request) {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:1797: http.HandleFunc("/admin/community/blogs/", func(w http.ResponseWriter, r *http.Request) {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:1842: http.HandleFunc("/health", func(w http.ResponseWriter, r *http.Request) {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/contact-service/main.go:133: mux.HandleFunc("/submit", corsMiddleware(rateLimitSubmit(submitHandler)))
|
|
/home/administrator/projects/coppertone.tech/backend/functions/contact-service/main.go:134: mux.HandleFunc("/health", corsMiddleware(healthHandler))
|