androidlover5842/TrisolarisServer
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Remove debug headers and return 403 on access denied
All checks were successful
build-and-deploy / build-deploy (push) Successful in 26s
Details

Browse Source
This commit is contained in:
androidlover5842
2026-01-27 02:42:07 +05:30
parent c2c54d24f5
commit 7f7e164acf
4 changed files with 26 additions and 117 deletions
Download Patch File Download Diff File Expand all files Collapse all files

87
src/main/kotlin/com/android/trisolarisserver/controller/Rooms.kt
View File

@@ -28,7 +28,6 @@ import org.springframework.web.bind.annotation.ResponseStatus
import org.springframework.web.bind.annotation.RestController
import org.springframework.web.server.ResponseStatusException
import org.springframework.web.servlet.mvc.method.annotation.SseEmitter
import jakarta.servlet.http.HttpServletResponse
import java.time.LocalDate
import java.time.ZoneId
import java.util.UUID
@@ -165,76 +164,34 @@ class Rooms(
fun createRoom(
@PathVariable propertyId: UUID,
@AuthenticationPrincipal principal: MyPrincipal?,
response: HttpServletResponse,
@org.springframework.web.bind.annotation.RequestHeader(value = "X-Debug-Auth", required = false)
debugAuth: String?,
@RequestBody request: RoomUpsertRequest
): RoomResponse {
if (debugAuth == "1") {
response.setHeader("X-Principal-Present", (principal != null).toString())
response.setHeader("X-Principal-Id", principal?.userId?.toString() ?: "none")
response.setHeader("X-Room-Create-Step", "start")
}
requirePrincipal(principal)
try {
propertyAccess.requireMember(propertyId, principal!!.userId)
} catch (ex: Exception) {
if (debugAuth == "1") {
val msg = ex.message?.take(200) ?: ""
response.setHeader("X-Member-Check", "${ex::class.java.simpleName}:$msg")
}
throw ex
}
if (debugAuth == "1") {
response.setHeader("X-Room-Create-Step", "member_ok")
propertyAccess.requireMember(propertyId, principal!!.userId)
if (roomRepo.existsByPropertyIdAndRoomNumber(propertyId, request.roomNumber)) {
throw ResponseStatusException(HttpStatus.CONFLICT, "Room number already exists for property")
}
try {
if (debugAuth == "1") {
response.setHeader("X-Room-Create-Step", "check_duplicate")
}
if (roomRepo.existsByPropertyIdAndRoomNumber(propertyId, request.roomNumber)) {
throw ResponseStatusException(HttpStatus.CONFLICT, "Room number already exists for property")
}
if (debugAuth == "1") {
response.setHeader("X-Room-Create-Step", "load_property")
}
val property = propertyRepo.findById(propertyId).orElseThrow {
ResponseStatusException(HttpStatus.NOT_FOUND, "Property not found")
}
if (debugAuth == "1") {
response.setHeader("X-Room-Create-Step", "resolve_room_type")
}
val roomType = resolveRoomType(propertyId, request)
val room = Room(
property = property,
roomType = roomType,
roomNumber = request.roomNumber,
floor = request.floor,
hasNfc = request.hasNfc,
active = request.active,
maintenance = request.maintenance,
notes = request.notes
)
if (debugAuth == "1") {
response.setHeader("X-Room-Create-Step", "save_room")
}
val saved = roomRepo.save(room).toRoomResponse()
if (debugAuth == "1") {
response.setHeader("X-Room-Create-Step", "saved")
}
roomBoardEvents.emit(propertyId)
return saved
} catch (ex: Exception) {
if (debugAuth == "1") {
val msg = ex.message?.take(200) ?: ""
response.setHeader("X-Room-Create-Exception", "${ex::class.java.simpleName}:$msg")
}
throw ex
val property = propertyRepo.findById(propertyId).orElseThrow {
ResponseStatusException(HttpStatus.NOT_FOUND, "Property not found")
}
val roomType = resolveRoomType(propertyId, request)
val room = Room(
property = property,
roomType = roomType,
roomNumber = request.roomNumber,
floor = request.floor,
hasNfc = request.hasNfc,
active = request.active,
maintenance = request.maintenance,
notes = request.notes
)
val saved = roomRepo.save(room).toRoomResponse()
roomBoardEvents.emit(propertyId)
return saved
}
@PutMapping("/{roomId}")