Merge branch 'feat/coupon' into dev

dotbitHQ · Nov 8, 2023 · 5e895c6 · 5e895c6
2 parents ad145f2 + 6b38768
commit 5e895c6
Show file tree

Hide file tree

Showing 2 changed files with 32 additions and 28 deletions.
diff --git a/http_server/handle/check_permissions.go b/http_server/handle/check_permissions.go
@@ -65,29 +65,29 @@ func (h *HttpHandle) CheckPermissions(ctx *gin.Context) {
 	}
 	address := common.FormatAddressPayload(addrHex.AddressPayload, addrHex.DasAlgorithmId)
 
-	if !strings.EqualFold(address, claims.Address) {
+	if !strings.EqualFold(address, claims.Address) ||
+		addrHex.DasAlgorithmId != claims.Aid ||
+		addrHex.DasSubAlgorithmId != claims.SubAid {
 		apiResp.ApiRespErr(api_code.ApiCodeUnauthorized, "unauthorized")
 		return
 	}
 
-	if req.Account != "" {
-		accId := common.Bytes2Hex(common.GetAccountIdByAccount(req.Account))
-		accInfo, err := h.DbDao.GetAccountInfoByAccountId(accId)
-		if err != nil {
-			apiResp.ApiRespErr(api_code.ApiCodeDbError, "Failed to query parent account")
-			return
-		}
-		if accInfo.Id == 0 {
-			apiResp.ApiRespErr(api_code.ApiCodeAccountNotExist, "account does not exist")
-			return
-		}
-		if accInfo.IsExpired() {
-			apiResp.ApiRespErr(api_code.ApiCodeParentAccountExpired, "account expired")
-			return
-		}
-		if !strings.EqualFold(address, accInfo.Owner) && !strings.EqualFold(address, accInfo.Manager) {
-			apiResp.ApiRespErr(api_code.ApiCodePermissionDenied, "permission denied")
-			return
-		}
+	accId := common.Bytes2Hex(common.GetAccountIdByAccount(req.Account))
+	accInfo, err := h.DbDao.GetAccountInfoByAccountId(accId)
+	if err != nil {
+		apiResp.ApiRespErr(api_code.ApiCodeDbError, "Failed to query parent account")
+		return
+	}
+	if accInfo.Id == 0 {
+		apiResp.ApiRespErr(api_code.ApiCodeAccountNotExist, "account does not exist")
+		return
+	}
+	if accInfo.IsExpired() {
+		apiResp.ApiRespErr(api_code.ApiCodeParentAccountExpired, "account expired")
+		return
+	}
+	if !strings.EqualFold(address, accInfo.Owner) && !strings.EqualFold(address, accInfo.Manager) {
+		apiResp.ApiRespErr(api_code.ApiCodePermissionDenied, "permission denied")
+		return
 	}
 }
diff --git a/http_server/handle/sign_in.go b/http_server/handle/sign_in.go
@@ -58,6 +58,13 @@ func (h *HttpHandle) SignIn(ctx *gin.Context) {
 }
 
 func (h *HttpHandle) doSignIn(ctx *gin.Context, req *ReqSignIn, apiResp *api_code.ApiResp) error {
+	now := time.Now()
+	timestamp := time.UnixMilli(req.Timestamp)
+	if now.After(timestamp.Add(time.Minute * 5)) {
+		apiResp.ApiRespErr(api_code.ApiCodeParamsInvalid, "timestamp expired, valid for 5 minutes")
+		return nil
+	}
+
 	res, err := req.ChainTypeAddress.FormatChainTypeAddress(h.DasCore.NetType(), false)
 	if err != nil {
 		apiResp.ApiRespErr(api_code.ApiCodeParamsInvalid, "params invalid")
@@ -93,13 +100,6 @@ func (h *HttpHandle) doSignIn(ctx *gin.Context, req *ReqSignIn, apiResp *api_cod
 		return nil
 	}
 
-	now := time.Now()
-	timestamp := time.UnixMilli(req.Timestamp)
-	if now.After(timestamp.Add(time.Minute * 5)) {
-		apiResp.ApiRespErr(api_code.ApiCodeParamsInvalid, "timestamp expired, valid for 5 minutes")
-		return nil
-	}
-
 	claims := &Claims{
 		Account:   req.Account,
 		Address:   address,
@@ -119,7 +119,11 @@ func (h *HttpHandle) doSignIn(ctx *gin.Context, req *ReqSignIn, apiResp *api_cod
 		return err
 	}
 
-	ctx.SetCookie("token", tokenString, int(claims.ExpiresAt.Sub(now).Seconds()), "/", "", false, true)
+	if h.DasCore.NetType() == common.DasNetTypeMainNet {
+		ctx.SetCookie("token", tokenString, int(claims.ExpiresAt.Sub(now).Seconds()), "/", "topdid.com", true, true)
+	} else {
+		ctx.SetCookie("token", tokenString, int(claims.ExpiresAt.Sub(now).Seconds()), "/", "", false, false)
+	}
 	resp := &RespSignIn{}
 	apiResp.ApiRespOK(resp)
 	return nil