M internal/db/domains.go => internal/db/domains.go +2 -2
@@ 96,8 96,8 @@ func CreateDomain(domain string, aRecord string, owner string) error {
return nil
}
-func DeleteDomain(id string) error {
- _, err := DBConn.Exec(`DELETE FROM domains WHERE id = $1`, id)
+func DeleteDomain(id string, user_id string) error {
+ _, err := DBConn.Exec(`DELETE FROM domains WHERE id = $1 AND owner = $2`, id, user_id)
if err != nil {
return err
}
M internal/handlers/domains.go => internal/handlers/domains.go +8 -1
@@ 75,7 75,14 @@ func DeleteDomain() gin.HandlerFunc {
return func(c *gin.Context) {
id := c.Param("id")
- err := db.DeleteDomain(id)
+ userId, exists := c.Get("user_id")
+ if !exists {
+ c.String(http.StatusInternalServerError, "This should not be possible, but don't quote me on that")
+ c.Abort()
+ return
+ }
+
+ err := db.DeleteDomain(id, userId.(string))
if err != nil {
// FIXME: Handle better
c.String(http.StatusInternalServerError, "Something went wrong while deleting the domain")