From be77f29b3b7c1e35b5710c1c06e21b4323893770 Mon Sep 17 00:00:00 2001
From: tianlinzhong <673359306@qq.com>
Date: Tue, 7 Dec 2021 14:35:41 +0800
Subject: [PATCH 1/3] point of access_control

---
 myems-api/core/point.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/myems-api/core/point.py b/myems-api/core/point.py
index dd9c993b..fb7f8eab 100644
--- a/myems-api/core/point.py
+++ b/myems-api/core/point.py
@@ -64,6 +64,7 @@ class PointCollection:
     @user_logger
     def on_post(req, resp):
         """Handles POST requests"""
+        access_control(req)
         try:
             raw_json = req.stream.read().decode('utf-8')
         except Exception as ex:
@@ -255,6 +256,7 @@ class PointItem:
     @staticmethod
     @user_logger
     def on_delete(req, resp, id_):
+        access_control(req)
         if not id_.isdigit() or int(id_) <= 0:
             raise falcon.HTTPError(falcon.HTTP_400, title='API.BAD_REQUEST',
                                    description='API.INVALID_POINT_ID')
@@ -395,6 +397,7 @@ class PointItem:
     @user_logger
     def on_put(req, resp, id_):
         """Handles PUT requests"""
+        access_control(req)
         try:
             raw_json = req.stream.read().decode('utf-8')
         except Exception as ex:

From 9c9e316efc0b343f0842be4f0f440e95b8dd5975 Mon Sep 17 00:00:00 2001
From: "13621160019@163.com" <13621160019@163.com>
Date: Tue, 7 Dec 2021 19:50:37 +0800
Subject: [PATCH 2/3] added access control to point in api and admin

---
 admin/nginx.conf                        |  2 +-
 myems-api/MyEMS.postman_collection.json | 18 +++++++++---------
 myems-api/core/point.py                 |  4 ++++
 web/nginx.conf                          |  2 +-
 4 files changed, 15 insertions(+), 11 deletions(-)

diff --git a/admin/nginx.conf b/admin/nginx.conf
index f238d80f..1de6c8a0 100644
--- a/admin/nginx.conf
+++ b/admin/nginx.conf
@@ -46,7 +46,7 @@ http {
 		}
 
 		location /api {
-            proxy_pass http://192.168.1.6:8000/;
+            proxy_pass http://127.0.0.1:8000/;
             proxy_connect_timeout 75;
             proxy_read_timeout 600;
             send_timeout 600;
diff --git a/myems-api/MyEMS.postman_collection.json b/myems-api/MyEMS.postman_collection.json
index 23bc36c9..0639ac50 100644
--- a/myems-api/MyEMS.postman_collection.json
+++ b/myems-api/MyEMS.postman_collection.json
@@ -1315,7 +1315,7 @@
 									},
 									{
 										"key": "Token",
-										"value": "ce8adcab80f37322487df375c3e3923e6febbcfb26d2b654a5814db6874f2b072fb40a85199efa725af7f3aa4f490f9cc833422b793fa85266237dc5278dff9f",
+										"value": "44e05939a3c8a545fef506ca42d51c13fc934af45b57346247697ac0b4797ca30d3d950f54d5e16d51876abc0f48b8b5db4894841b56dbfdb2ac9b8162c4e6d1",
 										"type": "text",
 										"description": "Login to get a valid token"
 									}
@@ -1476,7 +1476,7 @@
 									},
 									{
 										"key": "Token",
-										"value": "ce8adcab80f37322487df375c3e3923e6febbcfb26d2b654a5814db6874f2b072fb40a85199efa725af7f3aa4f490f9cc833422b793fa85266237dc5278dff9f",
+										"value": "44e05939a3c8a545fef506ca42d51c13fc934af45b57346247697ac0b4797ca30d3d950f54d5e16d51876abc0f48b8b5db4894841b56dbfdb2ac9b8162c4e6d1",
 										"type": "text",
 										"description": "Login to get a valid token"
 									}
@@ -4758,7 +4758,7 @@
 									},
 									{
 										"key": "Token",
-										"value": "ce8adcab80f37322487df375c3e3923e6febbcfb26d2b654a5814db6874f2b072fb40a85199efa725af7f3aa4f490f9cc833422b793fa85266237dc5278dff9f",
+										"value": "44e05939a3c8a545fef506ca42d51c13fc934af45b57346247697ac0b4797ca30d3d950f54d5e16d51876abc0f48b8b5db4894841b56dbfdb2ac9b8162c4e6d1",
 										"type": "text",
 										"description": "Login to get a valid token"
 									}
@@ -4788,7 +4788,7 @@
 									},
 									{
 										"key": "Token",
-										"value": "ce8adcab80f37322487df375c3e3923e6febbcfb26d2b654a5814db6874f2b072fb40a85199efa725af7f3aa4f490f9cc833422b793fa85266237dc5278dff9f",
+										"value": "44e05939a3c8a545fef506ca42d51c13fc934af45b57346247697ac0b4797ca30d3d950f54d5e16d51876abc0f48b8b5db4894841b56dbfdb2ac9b8162c4e6d1",
 										"type": "text",
 										"description": "Login to get a valid token"
 									}
@@ -4819,7 +4819,7 @@
 									},
 									{
 										"key": "Token",
-										"value": "ce8adcab80f37322487df375c3e3923e6febbcfb26d2b654a5814db6874f2b072fb40a85199efa725af7f3aa4f490f9cc833422b793fa85266237dc5278dff9f",
+										"value": "44e05939a3c8a545fef506ca42d51c13fc934af45b57346247697ac0b4797ca30d3d950f54d5e16d51876abc0f48b8b5db4894841b56dbfdb2ac9b8162c4e6d1",
 										"type": "text",
 										"description": "Login to get a valid token"
 									}
@@ -4853,19 +4853,19 @@
 									},
 									{
 										"key": "Token",
-										"value": "ce8adcab80f37322487df375c3e3923e6febbcfb26d2b654a5814db6874f2b072fb40a85199efa725af7f3aa4f490f9cc833422b793fa85266237dc5278dff9f",
+										"value": "44e05939a3c8a545fef506ca42d51c13fc934af45b57346247697ac0b4797ca30d3d950f54d5e16d51876abc0f48b8b5db4894841b56dbfdb2ac9b8162c4e6d1",
 										"type": "text",
 										"description": "Login to get a valid token"
 									}
 								],
 								"url": {
-									"raw": "{{base_url}}/points/2",
+									"raw": "{{base_url}}/points/11",
 									"host": [
 										"{{base_url}}"
 									],
 									"path": [
 										"points",
-										"2"
+										"11"
 									]
 								}
 							},
@@ -4884,7 +4884,7 @@
 									},
 									{
 										"key": "Token",
-										"value": "ce8adcab80f37322487df375c3e3923e6febbcfb26d2b654a5814db6874f2b072fb40a85199efa725af7f3aa4f490f9cc833422b793fa85266237dc5278dff9f",
+										"value": "44e05939a3c8a545fef506ca42d51c13fc934af45b57346247697ac0b4797ca30d3d950f54d5e16d51876abc0f48b8b5db4894841b56dbfdb2ac9b8162c4e6d1",
 										"type": "text",
 										"description": "Login to get a valid token"
 									}
diff --git a/myems-api/core/point.py b/myems-api/core/point.py
index fb7f8eab..2b0913d7 100644
--- a/myems-api/core/point.py
+++ b/myems-api/core/point.py
@@ -17,6 +17,8 @@ class PointCollection:
 
     @staticmethod
     def on_get(req, resp):
+        """Handles GET requests"""
+        access_control(req)
         cnx = mysql.connector.connect(**config.myems_system_db)
         cursor = cnx.cursor(dictionary=True)
 
@@ -207,6 +209,8 @@ class PointItem:
 
     @staticmethod
     def on_get(req, resp, id_):
+        """Handles GET requests"""
+        access_control(req)
         if not id_.isdigit() or int(id_) <= 0:
             raise falcon.HTTPError(falcon.HTTP_400, title='API.BAD_REQUEST',
                                    description='API.INVALID_POINT_ID')
diff --git a/web/nginx.conf b/web/nginx.conf
index 39683aaf..e841df22 100644
--- a/web/nginx.conf
+++ b/web/nginx.conf
@@ -47,7 +47,7 @@ http {
 		}
 
 		location /api {
-            proxy_pass http://192.168.1.6:8000/;
+            proxy_pass http://127.0.0.1:8000/;
             proxy_connect_timeout 75;
             proxy_read_timeout 600;
             send_timeout 600;

From 167d6a2caa34822a46b358cba880396c2bd09721 Mon Sep 17 00:00:00 2001
From: "13621160019@163.com" <13621160019@163.com>
Date: Tue, 7 Dec 2021 20:00:28 +0800
Subject: [PATCH 3/3] added access control to point in api and admin

---
 myems-api/README.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/myems-api/README.md b/myems-api/README.md
index 4205a77e..2904679d 100644
--- a/myems-api/README.md
+++ b/myems-api/README.md
@@ -1190,7 +1190,7 @@ curl -i -X GET {{base_url}}/offlinemeterfiles/{id}/restore
 *   GET Point by ID
 
 ```bash
-curl -i -X GET {{base_url}}/points/{id}
+curl -i -H "User-UUID: dcdb67d1-6116-4987-916f-6fc6cf2bc0e4" -H "Token: GET-TOKEN-AFTER-LOGIN" -X GET {{base_url}}/points/{id}
 ```
 Result in JSON
 
@@ -1225,7 +1225,7 @@ Result in JSON
 
 *   GET all Points
 ```bash
-curl -i -X GET {{base_url}}/points
+curl -i -H "User-UUID: dcdb67d1-6116-4987-916f-6fc6cf2bc0e4" -H "Token: GET-TOKEN-AFTER-LOGIN" -X GET {{base_url}}/points
 ```
 *   DELETE Point by ID
 ```bash