diff --git a/scripts/manual-tests/16-change-user-tier.sh b/scripts/manual-tests/16-change-user-tier.sh index e69de29b..42791bd3 100644 --- a/scripts/manual-tests/16-change-user-tier.sh +++ b/scripts/manual-tests/16-change-user-tier.sh @@ -0,0 +1,25 @@ +# docker-compose up -d +# rm -rf data/ +# sea-orm-cli migrate up + +# Use CLI to create a user +RUSTFLAGS="--cfg tokio_unstable" cargo run create_user --address 0xeB3E928A2E54BE013EF8241d4C9EaF4DfAE94D5a +RUSTFLAGS="--cfg tokio_unstable" cargo run change_admin_status 0xeB3E928A2E54BE013EF8241d4C9EaF4DfAE94D5a true + +# Run the proxyd instance +# cargo run --release -- proxyd + +# Check if the instance is running +# curl -X POST -H "Content-Type: application/json" --data '{"jsonrpc":"2.0","method":"web3_clientVersion","id":1}' 127.0.0.1:8544 + +# Login as user first +curl -X GET "127.0.0.1:8544/user/login/0xeB3E928A2E54BE013EF8241d4C9EaF4DfAE94D5a" +#curl -X POST -H "Content-Type: application/json" --data '{}' 127.0.0.1:8544/user/login +curl -X GET "127.0.0.1:8544/user/login/0xeB3E928A2E54BE013EF8241d4C9EaF4DfAE94D5a/" +#curl -X GET "127.0.0.1:8544/admin/modify_role?user_address=0xeB3E928A2E54BE013EF8241d4C9EaF4DfAE94D5a&user_tier_title=Unlimited" + + +# Now modify the user role and check this in the database +curl -X GET "127.0.0.1:8544/admin/modify_role?user_address=0xeB3E928A2E54BE013EF8241d4C9EaF4DfAE94D5a&user_tier_title=Unlimited" + +# docker-compose down diff --git a/scripts/manual-tests/19-admin-imitate-user.sh b/scripts/manual-tests/19-admin-imitate-user.sh index e69de29b..22777444 100644 --- a/scripts/manual-tests/19-admin-imitate-user.sh +++ b/scripts/manual-tests/19-admin-imitate-user.sh @@ -0,0 +1,27 @@ +# Admin can login as a user ... (but again, we must first have logged in +# docker-compose up -d +# rm -rf data/ +# sea-orm-cli migrate up + +RUSTFLAGS="--cfg tokio_unstable" cargo run create_user --address 0xeB3E928A2E54BE013EF8241d4C9EaF4DfAE94D5a +RUSTFLAGS="--cfg tokio_unstable" cargo run change_admin_status 0xeB3E928A2E54BE013EF8241d4C9EaF4DfAE94D5a true + +# Run the proxyd instance +# cargo run --release -- proxyd + +# Check if the instance is running +# curl -X POST -H "Content-Type: application/json" --data '{"jsonrpc":"2.0","method":"web3_clientVersion","id":1}' 127.0.0.1:8544 + +# Login as user first +curl -X GET "127.0.0.1:8544/user/login/0xeB3E928A2E54BE013EF8241d4C9EaF4DfAE94D5a" +#curl -X POST -H "Content-Type: application/json" --data '{}' 127.0.0.1:8544/user/login +curl -X GET "127.0.0.1:8544/user/login/0xeB3E928A2E54BE013EF8241d4C9EaF4DfAE94D5a/" + +# Now modify the user role and check this in the database +# Now we can get a bearer-token to imitate the user +curl -X GET "127.0.0.1:8544/admin/imitate-login/0xeB3E928A2E54BE013EF8241d4C9EaF4DfAE94D5a" +#curl -X POST -H "Content-Type: application/json" --data '{}' 127.0.0.1:8544/user/login +curl -X GET "127.0.0.1:8544/admin/imitate-login/0xeB3E928A2E54BE013EF8241d4C9EaF4DfAE94D5a/" + + +# docker-compose down diff --git a/web3_proxy/src/admin_queries.rs b/web3_proxy/src/admin_queries.rs index cfe7eb34..c86e0ba8 100644 --- a/web3_proxy/src/admin_queries.rs +++ b/web3_proxy/src/admin_queries.rs @@ -15,9 +15,8 @@ use ethers::utils::keccak256; use hashbrown::HashMap; use http::StatusCode; use migration::sea_orm::{self, ActiveModelTrait, ColumnTrait, EntityTrait, IntoActiveModel, QueryFilter}; -use log::info; +use log::{info, debug}; use redis_rate_limiter::redis::AsyncCommands; -use crate::frontend::errors::FrontendErrorResponse::AccessDenied; // TODO: Add some logic to check if the operating user is an admin // If he is, return true @@ -61,12 +60,14 @@ pub async fn query_admin_modify_usertier<'a>( // get the user id first. if it is 0, we should use a cache on the app let caller_id = get_user_id_from_params(&mut redis_conn, &db_conn, &db_replica, bearer, ¶ms).await?; + debug!("Caller id is: {:?}", caller_id); + // Check if the caller is an admin (i.e. if he is in an admin table) let admin: admin::Model = admin::Entity::find() .filter(admin::Column::UserId.eq(caller_id)) .one(db_replica.conn()) .await? - .ok_or(AccessDenied)?; + .ok_or(FrontendErrorResponse::AccessDenied)?; // If we are here, that means an admin was found, and we can safely proceed