From f6c6bf28e78b6d6476c4bd0113221ef4233c3bd8 Mon Sep 17 00:00:00 2001 From: raul Date: Thu, 12 Dec 2024 12:56:01 +0100 Subject: [PATCH] Check if user exists before processing PUT/DELETE --- cmd/serverFunc.go | 23 ++++++++++++++++++++++- 1 file changed, 22 insertions(+), 1 deletion(-) diff --git a/cmd/serverFunc.go b/cmd/serverFunc.go index 9a2fc4d..79ab12d 100644 --- a/cmd/serverFunc.go +++ b/cmd/serverFunc.go @@ -50,6 +50,16 @@ func server() { r.Run(":" + ListenPort) } +func checkUserExists(id string) bool { + dynStmt := `SELECT id_usuario FROM usuarios WHERE id_usuario = $1` + err := db.QueryRow(dynStmt, id).Scan() + if err == sql.ErrNoRows { + return false + } else { + return true + } +} + func modifyUser(c *gin.Context) { id := c.Param("userid") dynStmt := `UPDATE usuarios SET email=$1,nombre=$2,apellido1=$3,apellido2=$4,password=$5 WHERE id_usuario = $6` @@ -60,6 +70,12 @@ func modifyUser(c *gin.Context) { c.IndentedJSON(http.StatusNotFound, setResponse(e, false)) return } + + if exists := checkUserExists(id); exists != true { + c.IndentedJSON(http.StatusNotFound, setResponse("User not found", false)) + return + } + user := user{} if err := c.BindJSON(&user); err != nil { e := fmt.Sprintf("Something went wrong updating the user: %v", err) @@ -71,7 +87,7 @@ func modifyUser(c *gin.Context) { _, err = db.Exec(dynStmt, user.Email, user.Name, user.Surname1, user.Surname2, hashPW(user.Password), id) if err != nil { e := fmt.Sprintf("Something went wrong trying to modify the user: %v", err) - log.Println(e, user.Email, user.Name, user.Surname1, user.Surname2, hashPW(user.Password), id) + log.Println(e) c.IndentedJSON(http.StatusInternalServerError, setResponse(e, false)) return } @@ -90,6 +106,11 @@ func deleteUser(c *gin.Context) { return } + if exists := checkUserExists(id); exists != true { + c.IndentedJSON(http.StatusNotFound, setResponse("User not found", false)) + return + } + _, err = db.Exec(dynStmt, id) if err != nil { e := fmt.Sprintf("Something went wrong trying to delete the user: %v", err)