[BUG] unlogical forbidden error #189
Description
Is there an existing issue for this?
- I have searched the existing issues
Current Behavior
// ajax
const deleteIntegration = async () => {
let res = await axios.delete('/portal/mailer/api/integration', {
headers: { "Nonce": document.getElementsByName("gorilla.csrf.Token")[0].value},
withCredentials: true
}).catch((err) => {
toast.show("Notification", err.data, "error", 3000)
})
if(res.status === 200){
toast.show("Notification", "Successvoll verwijdert", "info", 3000)
document.querySelector("[content-container]").innerHTML = ``
}
}//backend go for mailer router
package mailer
import (
"context"
"encoding/json"
"fmt"
"net/http"
"z3ntl3/go-backend-boilerplate/config"
db "z3ntl3/go-backend-boilerplate/db/client"
orm_mailconnect "z3ntl3/go-backend-boilerplate/db/models/mail_connect"
"z3ntl3/go-backend-boilerplate/server"
auth_middleweware "z3ntl3/go-backend-boilerplate/server/middlewares/auth"
"z3ntl3/go-backend-boilerplate/server/middlewares/store_getter"
"github.com/go-chi/chi/v5"
"github.com/gorilla/csrf"
"github.com/gorilla/sessions"
"go.mongodb.org/mongo-driver/v2/bson"
"go.mongodb.org/mongo-driver/v2/mongo"
"go.mongodb.org/mongo-driver/v2/mongo/options"
"golang.org/x/oauth2"
"golang.org/x/oauth2/google"
)
func BootstrapMailer(router *server.Router, r1 chi.Router) {
r1.Route("/mailer", func(r2 chi.Router) {
r2.Use(csrf.Protect([]byte(config.AppConfig.AppSecret), csrf.Secure(false), csrf.RequestHeader("Nonce")))
r2.Get("/", func(w http.ResponseWriter, r *http.Request) {
user := r.Context().Value(auth_middleweware.Key("user")).(string)
store := r.Context().Value(store_getter.SessionKey("session")).(*sessions.Session)
toast := store.Flashes("toast_msg")
store.Save(r, w)
router.Templates.ExecuteTemplate(w, "views/index.html", map[string]any{
"title": "Mailer",
"page": "views/pages/portal/mailer/index.html",
"toast": toast,
"user": user,
csrf.TemplateTag: csrf.TemplateField(r),
})
})
r2.Route("/api", func(r3 chi.Router) {
r3.Delete("/integration", func(w http.ResponseWriter, r *http.Request) {
user := r.Context().Value(auth_middleweware.Key("user")).(string)
mailConnect := db.Database.Collection(orm_mailconnect.ColName)
err := mailConnect.FindOneAndDelete(context.TODO(), bson.M{
"user": user,
}).Err()
if err != nil {
http.Error(w, err.Error(), http.StatusBadRequest)
return
}
w.WriteHeader(http.StatusOK)
})
r3.Get("/gmail-connect", func(w http.ResponseWriter, r *http.Request) {
user := r.Context().Value(auth_middleweware.Key("user")).(string)
mailConnect := db.Database.Collection(orm_mailconnect.ColName)
err := mailConnect.FindOne(context.TODO(), bson.M{
"user": user,
"$or": []bson.M{
{"auth.oauth": bson.M{"$exists": true}},
{"auth.plain_auth": bson.M{"$exists": true}},
},
}).Err()
if err == nil {
raw, err := json.Marshal(
struct {
Toast string `json:"toast"`
}{
Toast: "Verwijder uw huidige koppeling als je een nieuwe koppeling wil maken",
},
)
if err != nil {
http.Error(w, err.Error(), http.StatusBadRequest)
return
}
w.Header().Set("Content-Type", "application/json")
w.Write(raw)
return
}
gmailConnect := &oauth2.Config{
ClientID: config.AppConfig.OAuth.App.Google.ClientID,
ClientSecret: config.AppConfig.OAuth.App.Google.ClientSecret,
RedirectURL: config.AppConfig.OAuth.App.Google.RedirectURI,
Scopes: []string{"https://mail.google.com/"},
Endpoint: google.Endpoint,
}
data, err := json.Marshal(struct {
Redir string `json:"redir"`
}{
Redir: gmailConnect.
AuthCodeURL(csrf.Token(r), oauth2.SetAuthURLParam("login_hint", user), oauth2.AccessTypeOffline),
})
if err != nil {
http.Error(w, err.Error(), http.StatusBadRequest)
return
}
err = mailConnect.FindOneAndUpdate(context.TODO(), bson.M{"user": user}, bson.M{"$set": bson.M{
"user": user,
"client_config": gmailConnect,
}}, options.FindOneAndUpdate().SetUpsert(true)).Err()
if err != nil && err != mongo.ErrNoDocuments {
http.Error(w, err.Error(), http.StatusBadRequest)
return
}
w.Header().Set("Content-Type", "application/json")
w.Write(data)
})
r3.Get("/integrations", func(w http.ResponseWriter, r *http.Request) {
user := r.Context().Value(auth_middleweware.Key("user")).(string)
mailConnect := db.Database.Collection(orm_mailconnect.ColName)
var res orm_mailconnect.MailConnect
err := mailConnect.FindOne(context.TODO(), bson.M{
"user": user,
"$or": []bson.M{
{"auth.oauth": bson.M{"$exists": true}},
{"auth.plain_auth": bson.M{"$exists": true}},
},
"$and": []bson.M{
{"mail_server.imap": bson.M{"$exists": true}},
{"mail_server.smtp": bson.M{"$exists": true}},
{"client_config": bson.M{"$exists": true}},
},
}).Decode(&res)
if err != nil {
http.Error(w, err.Error(), http.StatusBadRequest)
return
}
fmt.Printf("%+v\n", res)
data := struct {
MailServer orm_mailconnect.MailServer `json:"mail_server"`
}{
MailServer: res.MailServer,
}
raw, err := json.Marshal(data)
if err != nil {
http.Error(w, err.Error(), http.StatusBadRequest)
return
}
w.Header().Set("Content-Type", "application/json")
w.Write(raw)
})
})
})
}Expected Behavior
No response
Steps To Reproduce
No response
Anything else?
I tried troubleshooting it for so long, and literally can't seem to understand what's wrong up here