EventHub/EventHubBack
1
1
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity

Перенести все админские эндпоинты на порт 8445 и добавить отдельную авторизацию для админов. Часть 2. Final #3

Browse Source
This commit is contained in:
Алексей Сабилин
2026-04-28 12:42:10 +03:00
parent 4ed6a961ab
commit 7ea4efd7d9
38 changed files with 1252 additions and 1124 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/handlers/admin/admin_handler_login.erl
View File

@@ -10,7 +10,7 @@ init(Req0, State) ->
{ok, Body, Req1} = cowboy_req:read_body(Req0),
try jsx:decode(Body, [return_maps]) of
#{<<"email">> := Email, <<"password">> := Password} ->
case auth:authenticate_admin_request(Req1, Email, Password) of
case eventhub_auth:authenticate_admin_request(Req1, Email, Password) of
{ok, Token, User} ->
Resp = jsx:encode(#{
<<"token">> => Token,

9
src/handlers/admin/admin_handler_report_by_id.erl
View File

@@ -6,9 +6,9 @@
init(Req, _Opts) ->
case cowboy_req:method(Req) of
<<"GET">> -> get_report(Req);
<<"PUT">> -> update_report(Req);
_ -> send_error(Req, 405, <<"Method not allowed">>)
<<"GET">> -> get_report(Req);
<<"PUT">> -> update_report(Req);
_ -> send_error(Req, 405, <<"Method not allowed">>)
end.
get_report(Req) ->
@@ -39,7 +39,8 @@ update_report(Req) ->
{ok, Body, Req2} = cowboy_req:read_body(Req1),
try jsx:decode(Body, [return_maps]) of
#{<<"status">> := NewStatus} ->
case core_report:update_status(ReportId, NewStatus) of
StatusAtom = binary_to_atom(NewStatus, utf8),
case core_report:update_status(ReportId, StatusAtom, AdminId) of
{ok, Report} ->
send_json(Req2, 200, report_to_json(Report));
{error, not_found} ->

6
src/handlers/admin/admin_handler_reports.erl
View File

@@ -2,7 +2,7 @@
-behaviour(cowboy_handler).
-export([init/2]).
-include("records.hrl"). %% ← обязательно для #user{} и #report{}
-include("records.hrl").
init(Req, _Opts) ->
case cowboy_req:method(Req) of
@@ -16,7 +16,7 @@ list_reports(Req) ->
{ok, AdminId, Req1} ->
case is_admin(AdminId) of
true ->
Reports = core_report:list_reports(),
{ok, Reports} = core_report:list_all(),
send_json(Req1, 200, [report_to_json(R) || R <- Reports]);
false ->
send_error(Req1, 403, <<"Admin access required">>)
@@ -34,7 +34,7 @@ update_report(Req) ->
{ok, Body, Req2} = cowboy_req:read_body(Req1),
try jsx:decode(Body, [return_maps]) of
#{<<"status">> := NewStatus} ->
case core_report:update_status(ReportId, NewStatus) of
case core_report:update_status(ReportId, NewStatus, AdminId) of
{ok, Report} ->
send_json(Req2, 200, report_to_json(Report));
{error, not_found} ->

2
src/handlers/admin/admin_handler_subscriptions.erl
View File

@@ -39,7 +39,7 @@ list_subscriptions(Req) ->
create_subscription(Req) ->
case auth_admin(Req) of
{ok, AdminId, Req1} ->
{ok, _AdminId, Req1} ->
{ok, Body, Req2} = cowboy_req:read_body(Req1),
try jsx:decode(Body, [return_maps]) of
#{<<"user_id">> := _UserId} = Data ->

4
src/handlers/admin/admin_handler_tickets.erl
View File

@@ -28,7 +28,7 @@ handle_item(TicketId, Req) ->
list_tickets(Req) ->
case auth_admin(Req) of
{ok, _AdminId, Req1} ->
Tickets = core_ticket:list_tickets(),
Tickets = core_ticket:list_all(), % ← было list_tickets()
send_json(Req1, 200, [ticket_to_json(T) || T <- Tickets]);
{error, Code, Message, Req1} ->
send_error(Req1, Code, Message)
@@ -36,7 +36,7 @@ list_tickets(Req) ->
create_ticket(Req) ->
case auth_admin(Req) of
{ok, AdminId, Req1} ->
{ok, _AdminId, Req1} ->
{ok, Body, Req2} = cowboy_req:read_body(Req1),
try jsx:decode(Body, [return_maps]) of
#{<<"error_message">> := _} = Data ->

16
src/handlers/admin/admin_ws_handler.erl
View File

@@ -1,6 +1,5 @@
-module(admin_ws_handler).
-behaviour(cowboy_websocket).
-export([init/2]).
-export([websocket_init/1]).
-export([websocket_handle/2]).
@@ -21,15 +20,13 @@ init(Req, _Opts) ->
Token ->
io:format("[ADMIN_WS] Token received: ~s...~n", [binary_part(Token, 0, 30)]),
case logic_auth:verify_jwt(Token) of
{ok, Claims} ->
UserId = maps:get(<<"user_id">>, Claims),
Role = maps:get(<<"role">>, Claims),
{ok, UserId, Role} ->
io:format("[ADMIN_WS] UserId: ~s, Role: ~s~n", [UserId, Role]),
case Role of
<<"admin">> ->
case is_admin_role(Role) of
true ->
io:format("[ADMIN_WS] Admin access granted~n"),
{cowboy_websocket, Req, #state{admin_id = UserId}};
_ ->
false ->
io:format("[ADMIN_WS] Access denied: not admin~n"),
Resp = cowboy_req:reply(403, #{}, <<"Admin access required">>, Req),
{ok, Resp, undefined}
@@ -84,4 +81,7 @@ websocket_info(_Info, State) ->
terminate(_Reason, _Req, _State) ->
pg:leave(eventhub_admin_ws, self()),
ok.
ok.
is_admin_role(Role) ->
lists:member(Role, [<<"admin">>, <<"superadmin">>, <<"moderator">>, <<"support">>]).

3
src/handlers/handler_auth.erl
View File

@@ -8,8 +8,7 @@ authenticate(Req) ->
{bearer, Token} ->
io:format("[AUTH] Bearer token found: ~s...~n", [binary_part(Token, 0, 30)]),
case logic_auth:verify_jwt(Token) of
{ok, Claims} ->
UserId = maps:get(<<"user_id">>, Claims),
{ok, UserId, _Role} ->
io:format("[AUTH] JWT verified, UserId: ~s~n", [UserId]),
{ok, UserId, Req};
{error, expired} ->

4
src/handlers/handler_login.erl
View File

@@ -19,9 +19,9 @@ handle(Req, _Opts) ->
_ ->
try jsx:decode(Body, [return_maps]) of
#{<<"email">> := Email, <<"password">> := Password} ->
case auth:authenticate_user_request(Req1, Email, Password) of
case eventhub_auth:authenticate_user_request(Req1, Email, Password) of
{ok, Token, User} ->
{RefreshToken, ExpiresAt} = auth:generate_refresh_token(maps:get(id, User)),
{RefreshToken, ExpiresAt} = eventhub_auth:generate_refresh_token(maps:get(id, User)),
save_refresh_token(maps:get(id, User), RefreshToken, ExpiresAt),
Response = #{
user => #{

118
src/handlers/handler_refresh.erl
View File

@@ -1,91 +1,67 @@
-module(handler_refresh).
-include("records.hrl").
-export([init/2]).
init(Req, Opts) ->
handle(Req, Opts).
handle(Req, _Opts) ->
case cowboy_req:method(Req) of
init(Req0, _Opts) ->
case cowboy_req:method(Req0) of
<<"POST">> ->
{ok, Body, Req1} = cowboy_req:read_body(Req),
case jsx:decode(Body, [return_maps]) of
{ok, Body, Req1} = cowboy_req:read_body(Req0),
try jsx:decode(Body, [return_maps]) of
#{<<"refresh_token">> := RefreshToken} ->
case validate_refresh_token(RefreshToken) of
{ok, UserId} ->
case core_user:get_by_id(UserId) of
{ok, User} ->
% Генерируем новые токены
NewToken = logic_auth:generate_jwt(User#user.id, User#user.role),
{NewRefreshToken, ExpiresAt} = logic_auth:generate_refresh_token(User#user.id),
% Сохраняем новый refresh token
save_refresh_token(User#user.id, NewRefreshToken, ExpiresAt),
% Удаляем старый refresh token
delete_refresh_token(RefreshToken),
Response = #{
case get_session(RefreshToken) of
{ok, Session} ->
% Проверяем, не истекла ли сессия
case Session#session.expires_at > calendar:universal_time() of
true ->
% Генерируем новый access-токен и refresh-токен
User = get_user(Session#session.user_id),
NewToken = eventhub_auth:generate_user_token(
User#user.id,
atom_to_binary(User#user.role, utf8)
),
{NewRefreshToken, ExpiresAt} =
eventhub_auth:generate_refresh_token(User#user.id),
% Удаляем старую сессию и сохраняем новую
mnesia:dirty_delete_object(Session),
NewSession = #session{
token = NewRefreshToken,
user_id = User#user.id,
expires_at = ExpiresAt,
type = refresh
},
mnesia:dirty_write(NewSession),
Resp = jsx:encode(#{
token => NewToken,
refresh_token => NewRefreshToken
},
send_json(Req1, 200, Response);
{error, not_found} ->
send_error(Req1, 401, <<"User not found">>)
}),
cowboy_req:reply(200, #{
<<"content-type">> => <<"application/json">>
}, Resp, Req1);
false ->
mnesia:dirty_delete_object(Session),
send_error(Req1, 401, <<"Refresh token expired">>)
end;
{error, expired} ->
send_error(Req1, 401, <<"Refresh token expired">>);
{error, invalid} ->
send_error(Req1, 401, <<"Invalid refresh token">>)
{error, not_found} ->
send_error(Req1, 401, <<"Refresh token not found">>)
end;
_ ->
send_error(Req1, 400, <<"Missing refresh_token">>)
send_error(Req1, 400, <<"Missing refresh_token field">>)
catch
_:_ -> send_error(Req1, 400, <<"Invalid JSON">>)
end;
_ ->
send_error(Req, 405, <<"Method not allowed">>)
send_error(Req0, 405, <<"Method not allowed">>)
end.
validate_refresh_token(Token) ->
case get_session_by_token(Token) of
{ok, Session} ->
% Проверяем срок действия
Now = calendar:universal_time(),
case Session#session.expires_at > Now of
true -> {ok, Session#session.user_id};
false -> {error, expired}
end;
{error, not_found} ->
{error, invalid}
get_session(Token) ->
case mnesia:dirty_read({session, Token}) of
[Session] -> {ok, Session};
[] -> {error, not_found}
end.
get_session_by_token(Token) ->
Match = #session{token = Token, type = refresh, _ = '_'},
case mnesia:dirty_match_object(Match) of
[] -> {error, not_found};
[Session] -> {ok, Session}
end.
save_refresh_token(UserId, Token, ExpiresAt) ->
Session = #session{
token = Token,
user_id = UserId,
expires_at = ExpiresAt,
type = refresh
},
mnesia:dirty_write(Session).
delete_refresh_token(Token) ->
Match = #session{token = Token, type = refresh, _ = '_'},
case mnesia:dirty_match_object(Match) of
[] -> ok;
[Session] -> mnesia:dirty_delete_object(Session)
end.
send_json(Req, Status, Data) ->
Body = jsx:encode(Data),
cowboy_req:reply(Status, #{<<"content-type">> => <<"application/json">>}, Body, Req),
{ok, Body, []}.
get_user(UserId) ->
[User] = mnesia:dirty_read({user, UserId}),
User.
send_error(Req, Status, Message) ->
Body = jsx:encode(#{error => Message}),

2
src/handlers/handler_register.erl
View File

@@ -24,7 +24,7 @@ handle(Req, _Opts) ->
false ->
case core_user:create(Email, Password) of
{ok, User} ->
Token = logic_auth:generate_jwt(User#user.id, User#user.role),
Token = logic_auth:generate_jwt(User#user.id, atom_to_binary(User#user.role, utf8)),
Response = #{
user => #{
id => User#user.id,

170
src/handlers/handler_ticket_by_id.erl
View File

@@ -1,157 +1,93 @@
-module(handler_ticket_by_id).
-include("records.hrl").
-behaviour(cowboy_handler).
-export([init/2]).
init(Req, Opts) ->
handle(Req, Opts).
-include("records.hrl").
handle(Req, _Opts) ->
init(Req, _Opts) ->
case cowboy_req:method(Req) of
<<"GET">> -> get_ticket(Req);
<<"PUT">> -> update_ticket(Req);
_ -> send_error(Req, 405, <<"Method not allowed">>)
_ -> send_error(Req, 405, <<"Method not allowed">>)
end.
%% GET /v1/admin/tickets/:id - получить тикет
get_ticket(Req) ->
case handler_auth:authenticate(Req) of
{ok, AdminId, Req1} ->
{ok, UserId, Req1} ->
TicketId = cowboy_req:binding(id, Req1),
case logic_ticket:get_ticket(AdminId, TicketId) of
io:format("[TICKET_BY_ID] User ~s requests ticket ~s~n", [UserId, TicketId]),
case core_ticket:get_by_id(TicketId) of
{ok, Ticket} ->
Response = ticket_to_json(Ticket),
send_json(Req1, 200, Response);
{error, access_denied} ->
send_error(Req1, 403, <<"Admin access required">>);
io:format("[TICKET_BY_ID] Found ticket, reporter_id: ~s~n", [Ticket#ticket.reporter_id]),
case is_admin(UserId) orelse Ticket#ticket.reporter_id =:= UserId of
true ->
io:format("[TICKET_BY_ID] Access granted~n"),
send_json(Req1, 200, ticket_to_json(Ticket));
false ->
io:format("[TICKET_BY_ID] Access denied~n"),
send_error(Req1, 403, <<"Access denied">>)
end;
{error, not_found} ->
send_error(Req1, 404, <<"Ticket not found">>);
{error, _} ->
send_error(Req1, 500, <<"Internal server error">>)
io:format("[TICKET_BY_ID] Ticket not found~n"),
send_error(Req1, 404, <<"Ticket not found">>)
end;
{error, Code, Message, Req1} ->
io:format("[TICKET_BY_ID] Auth error: ~p - ~s~n", [Code, Message]),
send_error(Req1, Code, Message)
end.
%% PUT /v1/admin/tickets/:id - обновить тикет
update_ticket(Req) ->
case handler_auth:authenticate(Req) of
{ok, AdminId, Req1} ->
{ok, UserId, Req1} ->
TicketId = cowboy_req:binding(id, Req1),
{ok, Body, Req2} = cowboy_req:read_body(Req1),
try jsx:decode(Body, [return_maps]) of
Decoded when is_map(Decoded) ->
handle_ticket_action(AdminId, TicketId, Decoded, Req2);
_ ->
send_error(Req2, 400, <<"Invalid JSON">>)
Updates when is_map(Updates) ->
case core_ticket:get_by_id(TicketId) of
{ok, Ticket} ->
case is_admin(UserId) orelse Ticket#ticket.reporter_id =:= UserId of
true ->
case core_ticket:update_ticket(TicketId, Updates) of
{ok, Updated} -> send_json(Req2, 200, ticket_to_json(Updated));
{error, R} -> send_error(Req2, 500, R)
end;
false -> send_error(Req2, 403, <<"Access denied">>)
end;
{error, not_found} -> send_error(Req2, 404, <<"Ticket not found">>)
end;
_ -> send_error(Req2, 400, <<"Invalid JSON">>)
catch
_:_ ->
send_error(Req2, 400, <<"Invalid JSON format">>)
_:_ -> send_error(Req2, 400, <<"Invalid JSON">>)
end;
{error, Code, Message, Req1} ->
send_error(Req1, Code, Message)
end.
%% Обработка действий с тикетом
handle_ticket_action(AdminId, TicketId, Body, Req) ->
case maps:get(<<"action">>, Body, undefined) of
<<"status">> ->
case maps:get(<<"status">>, Body, undefined) of
StatusBin when StatusBin =:= <<"open">>;
StatusBin =:= <<"in_progress">>;
StatusBin =:= <<"resolved">>;
StatusBin =:= <<"closed">> ->
Status = get_binary_to_atom(StatusBin),
case logic_ticket:update_status(AdminId, TicketId, Status) of
{ok, Ticket} ->
Response = ticket_to_json(Ticket),
send_json(Req, 200, Response);
{error, access_denied} ->
send_error(Req, 403, <<"Admin access required">>);
{error, not_found} ->
send_error(Req, 404, <<"Ticket not found">>);
{error, _} ->
send_error(Req, 500, <<"Internal server error">>)
end;
_ ->
send_error(Req, 400, <<"Invalid status">>)
end;
<<"assign">> ->
case maps:get(<<"admin_id">>, Body, undefined) of
undefined ->
send_error(Req, 400, <<"Missing admin_id field">>);
AssignToId ->
case logic_ticket:assign_ticket(AdminId, TicketId, AssignToId) of
{ok, Ticket} ->
Response = ticket_to_json(Ticket),
send_json(Req, 200, Response);
{error, access_denied} ->
send_error(Req, 403, <<"Admin access required">>);
{error, not_found} ->
send_error(Req, 404, <<"Ticket not found">>);
{error, _} ->
send_error(Req, 500, <<"Internal server error">>)
end
end;
<<"resolve">> ->
Note = maps:get(<<"note">>, Body, <<"">>),
case logic_ticket:resolve_ticket(AdminId, TicketId, Note) of
{ok, Ticket} ->
Response = ticket_to_json(Ticket),
send_json(Req, 200, Response);
{error, access_denied} ->
send_error(Req, 403, <<"Admin access required">>);
{error, not_found} ->
send_error(Req, 404, <<"Ticket not found">>);
{error, _} ->
send_error(Req, 500, <<"Internal server error">>)
end;
<<"close">> ->
case logic_ticket:close_ticket(AdminId, TicketId) of
{ok, Ticket} ->
Response = ticket_to_json(Ticket),
send_json(Req, 200, Response);
{error, access_denied} ->
send_error(Req, 403, <<"Admin access required">>);
{error, not_found} ->
send_error(Req, 404, <<"Ticket not found">>);
{error, _} ->
send_error(Req, 500, <<"Internal server error">>)
end;
_ ->
send_error(Req, 400, <<"Invalid action">>)
is_admin(UserId) ->
case core_user:get_by_id(UserId) of
{ok, U} -> lists:member(U#user.role, [admin, superadmin, moderator, support]);
_ -> false
end.
%% Вспомогательные функции
ticket_to_json(Ticket) ->
Context = try binary_to_term(Ticket#ticket.context) of
C -> C
catch
_:_ -> #{}
end,
ticket_to_json(T) ->
#{
id => Ticket#ticket.id,
error_hash => Ticket#ticket.error_hash,
error_message => Ticket#ticket.error_message,
stacktrace => Ticket#ticket.stacktrace,
context => Context,
count => Ticket#ticket.count,
first_seen => datetime_to_iso8601(Ticket#ticket.first_seen),
last_seen => datetime_to_iso8601(Ticket#ticket.last_seen),
status => Ticket#ticket.status,
assigned_to => Ticket#ticket.assigned_to,
resolution_note => Ticket#ticket.resolution_note
id => T#ticket.id,
error_hash => T#ticket.error_hash,
error_message => T#ticket.error_message,
stacktrace => T#ticket.stacktrace,
context => T#ticket.context,
count => T#ticket.count,
first_seen => datetime_to_iso8601(T#ticket.first_seen),
last_seen => datetime_to_iso8601(T#ticket.last_seen),
status => T#ticket.status,
assigned_to => T#ticket.assigned_to,
resolution_note => T#ticket.resolution_note
}.
datetime_to_iso8601({{Year, Month, Day}, {Hour, Minute, Second}}) ->
iolist_to_binary(io_lib:format("~4..0B-~2..0B-~2..0BT~2..0B:~2..0B:~2..0BZ",
[Year, Month, Day, Hour, Minute, Second])).
get_binary_to_atom(<<"open">>) -> open;
get_binary_to_atom(<<"in_progress">>) -> in_progress;
get_binary_to_atom(<<"resolved">>) -> resolved;
get_binary_to_atom(<<"closed">>) -> closed.
[Year, Month, Day, Hour, Minute, Second]));
datetime_to_iso8601(undefined) -> undefined.
send_json(Req, Status, Data) ->
Body = jsx:encode(Data),

141
src/handlers/handler_tickets.erl
View File

@@ -1,113 +1,82 @@
-module(handler_tickets).
-include("records.hrl").
-behaviour(cowboy_handler).
-export([init/2]).
init(Req, Opts) ->
handle(Req, Opts).
-include("records.hrl").
init(Req0, Opts) ->
handle(Req0, Opts).
handle(Req, _Opts) ->
case cowboy_req:method(Req) of
<<"GET">> -> list_tickets(Req);
<<"POST">> -> report_error(Req);
<<"POST">> -> create_ticket(Req);
_ -> send_error(Req, 405, <<"Method not allowed">>)
end.
%% POST /v1/tickets - сообщить об ошибке (доступно всем)
report_error(Req) ->
case handler_auth:authenticate(Req) of
{ok, _UserId, Req1} ->
{ok, Body, Req2} = cowboy_req:read_body(Req1),
try jsx:decode(Body, [return_maps]) of
Decoded when is_map(Decoded) ->
case Decoded of
#{<<"error_message">> := ErrorMessage} ->
Stacktrace = maps:get(<<"stacktrace">>, Decoded, <<"">>),
Context = maps:get(<<"context">>, Decoded, #{}),
case logic_ticket:report_error(ErrorMessage, Stacktrace, Context) of
{ok, Ticket} ->
Response = ticket_to_json(Ticket),
send_json(Req2, 201, Response);
{error, _} ->
send_error(Req2, 500, <<"Internal server error">>)
end;
_ ->
send_error(Req2, 400, <<"Missing error_message field">>)
end;
_ ->
send_error(Req2, 400, <<"Invalid JSON">>)
catch
_:_ ->
send_error(Req2, 400, <<"Invalid JSON format">>)
end;
{error, Code, Message, Req1} ->
send_error(Req1, Code, Message)
end.
%% GET /v1/admin/tickets - список тикетов (только админ)
list_tickets(Req) ->
case handler_auth:authenticate(Req) of
{ok, AdminId, Req1} ->
Qs = cowboy_req:parse_qs(Req1),
case proplists:get_value(<<"status">>, Qs) of
undefined ->
case logic_ticket:list_tickets(AdminId) of
{ok, Tickets} ->
Response = [ticket_to_json(T) || T <- Tickets],
send_json(Req1, 200, Response);
{error, access_denied} ->
send_error(Req1, 403, <<"Admin access required">>);
{error, _} ->
send_error(Req1, 500, <<"Internal server error">>)
end;
StatusBin ->
Status = parse_status(StatusBin),
case logic_ticket:list_tickets_by_status(AdminId, Status) of
{ok, Tickets} ->
Response = [ticket_to_json(T) || T <- Tickets],
send_json(Req1, 200, Response);
{error, access_denied} ->
send_error(Req1, 403, <<"Admin access required">>);
{error, _} ->
send_error(Req1, 500, <<"Internal server error">>)
end
{ok, UserId, Req1} ->
case is_admin(UserId) of
true ->
Tickets = core_ticket:list_all(),
send_json(Req1, 200, [ticket_to_json(T) || T <- Tickets]);
false ->
Tickets = core_ticket:list_by_user(UserId),
send_json(Req1, 200, [ticket_to_json(T) || T <- Tickets])
end;
{error, Code, Message, Req1} ->
send_error(Req1, Code, Message)
end.
%% Вспомогательные функции
parse_status(<<"open">>) -> open;
parse_status(<<"in_progress">>) -> in_progress;
parse_status(<<"resolved">>) -> resolved;
parse_status(<<"closed">>) -> closed;
parse_status(_) -> open.
create_ticket(Req) ->
case handler_auth:authenticate(Req) of
{ok, UserId, Req1} ->
{ok, Body, Req2} = cowboy_req:read_body(Req1),
try jsx:decode(Body, [return_maps]) of
#{<<"error_message">> := _} = Data ->
TicketData = maps:merge(#{<<"reporter_id">> => UserId, <<"status">> => <<"open">>}, Data),
case core_ticket:create_ticket(TicketData) of
{ok, Ticket} ->
send_json(Req2, 201, ticket_to_json(Ticket));
{error, Reason} ->
send_error(Req2, 500, Reason)
end;
_ ->
send_error(Req2, 400, <<"Missing 'error_message' field">>)
catch
_:_ -> send_error(Req2, 400, <<"Invalid JSON">>)
end;
{error, Code, Message, Req1} ->
send_error(Req1, Code, Message)
end.
ticket_to_json(Ticket) ->
Context = try binary_to_term(Ticket#ticket.context) of
C -> C
catch
_:_ -> #{}
end,
is_admin(UserId) ->
case core_user:get_by_id(UserId) of
{ok, User} ->
lists:member(User#user.role, [admin, superadmin, moderator, support]);
_ -> false
end.
ticket_to_json(T) ->
#{
id => Ticket#ticket.id,
error_hash => Ticket#ticket.error_hash,
error_message => Ticket#ticket.error_message,
stacktrace => Ticket#ticket.stacktrace,
context => Context,
count => Ticket#ticket.count,
first_seen => datetime_to_iso8601(Ticket#ticket.first_seen),
last_seen => datetime_to_iso8601(Ticket#ticket.last_seen),
status => Ticket#ticket.status,
assigned_to => Ticket#ticket.assigned_to,
resolution_note => Ticket#ticket.resolution_note
id => T#ticket.id,
error_hash => T#ticket.error_hash,
error_message => T#ticket.error_message,
stacktrace => T#ticket.stacktrace,
context => T#ticket.context,
count => T#ticket.count,
first_seen => datetime_to_iso8601(T#ticket.first_seen),
last_seen => datetime_to_iso8601(T#ticket.last_seen),
status => T#ticket.status,
assigned_to => T#ticket.assigned_to,
resolution_note => T#ticket.resolution_note
}.
datetime_to_iso8601({{Year, Month, Day}, {Hour, Minute, Second}}) ->
iolist_to_binary(io_lib:format("~4..0B-~2..0B-~2..0BT~2..0B:~2..0B:~2..0BZ",
[Year, Month, Day, Hour, Minute, Second])).
[Year, Month, Day, Hour, Minute, Second]));
datetime_to_iso8601(undefined) -> undefined.
send_json(Req, Status, Data) ->
Body = jsx:encode(Data),

15
src/handlers/handler_user_me.erl
View File

@@ -1,10 +1,8 @@
-module(handler_user_me).
-include("records.hrl").
-export([init/2]).
init(Req, Opts) ->
handle(Req, Opts).
init(Req, Opts) -> handle(Req, Opts).
handle(Req, _Opts) ->
case cowboy_req:method(Req) of
@@ -14,10 +12,10 @@ handle(Req, _Opts) ->
case core_user:get_by_id(UserId) of
{ok, User} ->
Response = #{
id => User#user.id,
email => User#user.email,
role => User#user.role,
status => User#user.status,
id => User#user.id,
email => User#user.email,
role => User#user.role,
status => User#user.status,
created_at => User#user.created_at,
updated_at => User#user.updated_at
},
@@ -36,8 +34,7 @@ authenticate(Req) ->
case cowboy_req:parse_header(<<"authorization">>, Req) of
{bearer, Token} ->
case logic_auth:verify_jwt(Token) of
{ok, Claims} ->
UserId = maps:get(<<"user_id">>, Claims),
{ok, UserId, _Role} -> % ← теперь возвращается {ok, UserId, Role}
{ok, UserId, Req};
{error, expired} ->
{error, 401, <<"Token expired">>, Req};

13
src/handlers/ws_handler.erl
View File

@@ -1,6 +1,5 @@
-module(ws_handler).
-behaviour(cowboy_websocket).
-export([init/2]).
-export([websocket_init/1]).
-export([websocket_handle/2]).
@@ -13,15 +12,13 @@
}).
init(Req, _Opts) ->
% Аутентификация через query параметр token
Qs = cowboy_req:parse_qs(Req),
case proplists:get_value(<<"token">>, Qs) of
undefined ->
{ok, cowboy_req:reply(401, #{}, <<"Missing token">>, Req), undefined};
Token ->
case logic_auth:verify_jwt(Token) of
{ok, Claims} ->
UserId = maps:get(<<"user_id">>, Claims),
{ok, UserId, _Role} ->
{cowboy_websocket, Req, #state{user_id = UserId}};
{error, _} ->
{ok, cowboy_req:reply(401, #{}, <<"Invalid token">>, Req), undefined}
@@ -29,7 +26,6 @@ init(Req, _Opts) ->
end.
websocket_init(State) ->
% Регистрируем процесс в pg для получения уведомлений
pg:join(eventhub_ws, self()),
{ok, State}.
@@ -39,9 +35,9 @@ websocket_handle({text, Msg}, State) ->
#{<<"action">> := <<"subscribe">>, <<"calendar_id">> := CalendarId} ->
io:format("Subscribe to calendar: ~s~n", [CalendarId]),
NewSubs = case lists:member(CalendarId, State#state.subscriptions) of
true -> State#state.subscriptions;
false -> [CalendarId | State#state.subscriptions]
end,
true -> State#state.subscriptions;
false -> [CalendarId | State#state.subscriptions]
end,
Reply = jsx:encode(#{status => <<"subscribed">>, calendar_id => CalendarId}),
io:format("Sending reply: ~s~n", [Reply]),
{reply, {text, Reply}, State#state{subscriptions = NewSubs}};
@@ -77,7 +73,6 @@ terminate(_Reason, _Req, _State) ->
pg:leave(eventhub_ws, self()),
ok.
%% Проверка, нужно ли отправлять уведомление пользователю
should_notify(calendar_update, #{calendar_id := CalId}, State) ->
lists:member(CalId, State#state.subscriptions);
should_notify(booking_update, #{user_id := UserId}, State) ->