Skip to content

Instantly share code, notes, and snippets.

@kartikynwa

kartikynwa/challenge_2.sql

Created April 6, 2023 10:01
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
  • Save kartikynwa/d985d988ad8f37c1c724176ccc5c87c6 to your computer and use it in GitHub Desktop.
Save kartikynwa/d985d988ad8f37c1c724176ccc5c87c6 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
challenge_2.sql
create table if not exists users
(
id int primary key generated always as identity,
name text not null
);
create table if not exists apikeys
(
userid int references users(id),
apikey text not null
);
create type userrole as enum ('user', 'admin');
create table if not exists userroles
(
userid int references users(id) unique,
role userrole not null
);
insert into users (name) values ('eve'), ('adam');
insert into userroles (userid, role) values (1, 'admin'), (2, 'user');
insert into apikeys (userid, apikey)
values (1, 'ihie1HaiG3vaeyiez1ah'), (2, 'loh7eeDishaip4PheKoh');
create or replace function update_motd(request omni_httpd.http_request) returns omni_httpd.http_response
language plpgsql
as
$$
declare
is_authorized bool;
api_key text;
begin
api_key := (select (omni_httpd.http_header_get(request.headers, 'authorization')));
is_authorized := (select exists (
select 1 from apikeys ak join userroles ur on ak.userid=ur.userid
where ak.apikey=api_key
and ur.role='admin'
));
if is_authorized then
insert into motd (content) values (convert_from(request.body, 'UTF8'));
return omni_httpd.http_response(status => 201);
end if;
return omni_httpd.http_response(body => 'Unauthorized', status => 403);
end;
$$;
-- ❯ curl -v --data "new motd" http://localhost:8080
-- * Trying 127.0.0.1:8080...
-- * Connected to localhost (127.0.0.1) port 8080 (#0)
-- > POST / HTTP/1.1
-- > Host: localhost:8080
-- > User-Agent: curl/7.87.0
-- > Accept: */*
-- > Content-Length: 8
-- > Content-Type: application/x-www-form-urlencoded
-- >
-- * Mark bundle as not supporting multiuse
-- < HTTP/1.1 403 OK
-- < Connection: keep-alive
-- < Server: omni_httpd-0.1
-- < content-type: text/plain; charset=utf-8
-- < transfer-encoding: chunked
-- <
-- * Connection #0 to host localhost left intact
-- Unauthorized
--
--
-- ❯ curl -v --data "new motd" --header 'authorization: inexistent_token' http://localhost:8080
-- * Trying 127.0.0.1:8080...
-- * Connected to localhost (127.0.0.1) port 8080 (#0)
-- > POST / HTTP/1.1
-- > Host: localhost:8080
-- > User-Agent: curl/7.87.0
-- > Accept: */*
-- > authorization: inexistent_token
-- > Content-Length: 8
-- > Content-Type: application/x-www-form-urlencoded
-- >
-- * Mark bundle as not supporting multiuse
-- < HTTP/1.1 403 OK
-- < Connection: keep-alive
-- < Server: omni_httpd-0.1
-- < content-type: text/plain; charset=utf-8
-- < transfer-encoding: chunked
-- <
-- * Connection #0 to host localhost left intact
-- Unauthorized
--
--
-- ❯ curl -v --data "MOTD for Omnigre Challenge 2" --header 'authorization: ihie1HaiG3vaeyiez1ah' http://localhost:8080
-- * Trying 127.0.0.1:8080...
-- * Connected to localhost (127.0.0.1) port 8080 (#0)
-- > POST / HTTP/1.1
-- > Host: localhost:8080
-- > User-Agent: curl/7.87.0
-- > Accept: */*
-- > authorization: ihie1HaiG3vaeyiez1ah
-- > Content-Length: 28
-- > Content-Type: application/x-www-form-urlencoded
-- >
-- * Mark bundle as not supporting multiuse
-- < HTTP/1.1 201 OK
-- < Connection: keep-alive
-- < Server: omni_httpd-0.1
-- < transfer-encoding: chunked
-- <
-- * Connection #0 to host localhost left intact
--
-- ❯ curl http://127.0.0.1:8080
-- Posted at 2023-04-06 10:00:07.808969
-- MOTD for Omnigre Challenge 2%
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment