add public api

controllers/app.go

@@ -17,7 +17,7 @@ type AppController struct {
 }
 
 func (server *AppController) CreateApiKey() {
-	info, err := server.Check()
+	token, err := server.Check()
 	if err != nil {
 		server.respond(http.StatusUnauthorized, err.Error())
 		return
@@ -35,7 +35,7 @@ func (server *AppController) CreateApiKey() {
 		return
 	}
 
-	checkUser := &models.User{Id: info.UserID}
+	checkUser := &models.User{Id: token.UserID}
 	err = mysql.GetMysqlInstace().Ormer.Read(checkUser)
 	if err != nil {
 		server.respond(models.BusinessFailed, "user is not exist")
@@ -70,7 +70,7 @@ func (server *AppController) CreateApiKey() {
 }
 
 func (server *AppController) ApiKeys() {
-	info, err := server.Check()
+	token, err := server.Check()
 	if err != nil {
 		server.respond(http.StatusUnauthorized, err.Error())
 		return
@@ -92,8 +92,8 @@ func (server *AppController) ApiKeys() {
 		appRequest.Size = 10
 	}
 	offset := (appRequest.Page - 1) * appRequest.Size
-	qs := mysql.GetMysqlInstace().Ormer.QueryTable("api_key").Filter("user_id", info.UserID)
-	if info.Role == 1 || info.Role == 2 {
+	qs := mysql.GetMysqlInstace().Ormer.QueryTable("api_key").Filter("user_id", token.UserID)
+	if token.Role == 1 || token.Role == 2 {
 		qs = mysql.GetMysqlInstace().Ormer.QueryTable("api_key")
 	}
 	keyQs := qs.OrderBy("-created_time").Offset(offset).Limit(appRequest.Size)
@@ -116,7 +116,7 @@ func (server *AppController) ApiKeys() {
 }
 
 func (server *AppController) ApiKeysFront() {
-	info, err := server.Check()
+	token, err := server.Check()
 	if err != nil {
 		server.respond(http.StatusUnauthorized, err.Error())
 		return
@@ -138,8 +138,8 @@ func (server *AppController) ApiKeysFront() {
 		appRequest.Size = 10
 	}
 	offset := (appRequest.Page - 1) * appRequest.Size
-	qs := mysql.GetMysqlInstace().Ormer.QueryTable("api_key").Filter("user_id", info.UserID)
-	//if info.Role == 1 || info.Role == 2 {
+	qs := mysql.GetMysqlInstace().Ormer.QueryTable("api_key").Filter("user_id", token.UserID)
+	//if token.Role == 1 || token.Role == 2 {
 	//	qs = mysql.GetMysqlInstace().Ormer.QueryTable("api_key")
 	//}
 	keyQs := qs.OrderBy("-created_time").Offset(offset).Limit(appRequest.Size)
@@ -162,7 +162,7 @@ func (server *AppController) ApiKeysFront() {
 }
 
 func (server *AppController) UpdateApikey() {
-	_, err := server.Check()
+	token, err := server.Check()
 	if err != nil {
 		server.respond(http.StatusUnauthorized, err.Error())
 		return
@@ -189,6 +189,10 @@ func (server *AppController) UpdateApikey() {
 		server.respond(models.BusinessFailed, "api-key not exist")
 		return
 	}
+	if apiKay.UserId != token.UserID {
+		server.respond(models.BusinessFailed, "The API key does not belong to you.")
+		return
+	}
 	apiKay.Name = appRequest.Name
 
 	_, err = mysql.GetMysqlInstace().Ormer.Update(&apiKay)
@@ -201,7 +205,7 @@ func (server *AppController) UpdateApikey() {
 }
 
 func (server *AppController) DelApiKey() {
-	info, err := server.Check()
+	token, err := server.Check()
 	if err != nil {
 		server.respond(http.StatusUnauthorized, err.Error())
 		return
@@ -226,8 +230,12 @@ func (server *AppController) DelApiKey() {
 		server.respond(models.BusinessFailed, "api-key not exist")
 		return
 	}
+	if apiKay.UserId != token.UserID {
+		server.respond(models.BusinessFailed, "The API key does not belong to you.")
+		return
+	}
 
-	data, err := kong.ListApikeys(info.Username)
+	data, err := kong.ListApikeys(token.Username)
 	if err != nil {
 		server.respond(models.BusinessFailed, err.Error())
 		return
@@ -241,7 +249,7 @@ func (server *AppController) DelApiKey() {
 	}
 
 	if found {
-		err = kong.DelateApiKey(info.Username, apiKay.ApiKeyId)
+		err = kong.DelateApiKey(token.Username, apiKay.ApiKeyId)
 		if err != nil {
 			server.respond(models.BusinessFailed, "failed")
 			return
@@ -259,7 +267,7 @@ func (server *AppController) DelApiKey() {
 }
 
 func (server *AppController) CreateJWTToken() {
-	info, err := server.Check()
+	token, err := server.Check()
 	if err != nil {
 		server.respond(http.StatusUnauthorized, err.Error())
 		return
@@ -278,7 +286,7 @@ func (server *AppController) CreateJWTToken() {
 		return
 	}
 
-	checkUser := &models.User{Id: info.UserID}
+	checkUser := &models.User{Id: token.UserID}
 	err = mysql.GetMysqlInstace().Ormer.Read(checkUser)
 	if err != nil {
 		server.respond(models.BusinessFailed, "user not exist")
@@ -317,7 +325,7 @@ func (server *AppController) CreateJWTToken() {
 }
 
 func (server *AppController) JwtTokens() {
-	info, err := server.Check()
+	token, err := server.Check()
 	if err != nil {
 		server.respond(http.StatusUnauthorized, err.Error())
 		return
@@ -339,8 +347,8 @@ func (server *AppController) JwtTokens() {
 		appRequest.Size = 10
 	}
 	offset := (appRequest.Page - 1) * appRequest.Size
-	qs := mysql.GetMysqlInstace().Ormer.QueryTable("jwt_token").Filter("user_id", info.UserID)
-	if info.Role == 1 || info.Role == 2 {
+	qs := mysql.GetMysqlInstace().Ormer.QueryTable("jwt_token").Filter("user_id", token.UserID)
+	if token.Role == 1 || token.Role == 2 {
 		qs = mysql.GetMysqlInstace().Ormer.QueryTable("jwt_token")
 	}
 	keyQs := qs.Offset(offset).Limit(appRequest.Size)
@@ -365,7 +373,7 @@ func (server *AppController) JwtTokens() {
 }
 
 func (server *AppController) UpdateJWT() {
-	_, err := server.Check()
+	token, err := server.Check()
 	if err != nil {
 		server.respond(http.StatusUnauthorized, err.Error())
 		return
@@ -386,13 +394,17 @@ func (server *AppController) UpdateJWT() {
 		server.respond(models.MissingParameter, "Missing name parameter")
 		return
 	}
-	token := models.JwtToken{Id: appRequest.Id}
+	jwttoken := models.JwtToken{Id: appRequest.Id}
 	err = mysql.GetMysqlInstace().Ormer.Read(&token)
 	if err != nil {
 		server.respond(models.BusinessFailed, "JWT-token 不存在")
 		return
 	}
-	token.Name = appRequest.Name
+	if jwttoken.UserId != token.UserID {
+		server.respond(models.BusinessFailed, "The token does not belong to you.")
+		return
+	}
+	jwttoken.Name = appRequest.Name
 
 	_, err = mysql.GetMysqlInstace().Ormer.Update(&token)
 	if err != nil {
@@ -404,7 +416,7 @@ func (server *AppController) UpdateJWT() {
 }
 
 func (server *AppController) DelJWT() {
-	info, err := server.Check()
+	token, err := server.Check()
 	if err != nil {
 		server.respond(http.StatusUnauthorized, err.Error())
 		return
@@ -429,8 +441,12 @@ func (server *AppController) DelJWT() {
 		server.respond(models.BusinessFailed, "jwt-token not exist")
 		return
 	}
+	if jwt.UserId != token.UserID {
+		server.respond(models.BusinessFailed, "The token does not belong to you.")
+		return
+	}
 
-	data, err := kong.ListJWT(info.Username)
+	data, err := kong.ListJWT(token.Username)
 	if err != nil {
 		server.respond(models.BusinessFailed, err.Error())
 		return
@@ -444,7 +460,7 @@ func (server *AppController) DelJWT() {
 	}
 
 	if found {
-		err = kong.DelateJWT(info.Username, jwt.JwtId)
+		err = kong.DelateJWT(token.Username, jwt.JwtId)
 		if err != nil {
 			server.respond(models.BusinessFailed, "failed")
 			return

controllers/default.go

@@ -60,7 +60,7 @@ func (server *MainController) Check() (*models.JwtPayload, error) {
 		return nil, err
 		// this.respond(401, "登陆失效")
 	}
-	key := "token:user-" + strconv.Itoa(info.UserID)
+	key := "token:user-" + strconv.Itoa(token.UserID)
 	session, err := redis.GetDataToString(key)
 	if err != nil {
 		redis.DeleteKey(key)
@@ -71,12 +71,12 @@ func (server *MainController) Check() (*models.JwtPayload, error) {
 		return nil, errors.New("error: login expire")
 	}
 	if !(token == session) {
-		//c.DelSession(info.UserID)
+		//c.DelSession(token.UserID)
 		redis.DeleteKey(key)
 		return nil, errors.New("error: login expire")
 	}
-	if info.ExpiresAt <= time.Now().Unix() {
-		//c.DelSession(info.UserID)
+	if token.ExpiresAt <= time.Now().Unix() {
+		//c.DelSession(token.UserID)
 		redis.DeleteKey(key)
 		return nil, errors.New("error: login expire")
 	}

controllers/favorite.go

@@ -16,7 +16,7 @@ type FavoriteController struct {
 }
 
 func (server *FavoriteController) Add() {
-	info, err := server.Check()
+	token, err := server.Check()
 	if err != nil {
 		server.respond(http.StatusUnauthorized, err.Error())
 		return
@@ -35,14 +35,14 @@ func (server *FavoriteController) Add() {
 		return
 	}
 
-	checkFavorite := &models.Favorite{UserId: info.UserID, TaskTypeId: appRequest.TaskTypeId, Deleted: 0}
+	checkFavorite := &models.Favorite{UserId: token.UserID, TaskTypeId: appRequest.TaskTypeId, Deleted: 0}
 	err = mysql.GetMysqlInstace().Ormer.Read(checkFavorite, "user_id", "task_type_id", "deleted")
 	if err == nil {
 		server.respond(models.BusinessFailed, "You have already followed this model")
 		return
 	}
 	timestamp := time.Now()
-	appRequest.UserId = info.UserID
+	appRequest.UserId = token.UserID
 	appRequest.CreatedTime = timestamp
 	appRequest.UpdatedTime = timestamp
 	appRequest.Deleted = 0
@@ -56,7 +56,7 @@ func (server *FavoriteController) Add() {
 }
 
 func (server *FavoriteController) Cancel() {
-	info, err := server.Check()
+	token, err := server.Check()
 	if err != nil {
 		server.respond(http.StatusUnauthorized, err.Error())
 		return
@@ -73,7 +73,7 @@ func (server *FavoriteController) Cancel() {
 		server.respond(models.MissingParameter, "Missing task_type_id parameter")
 		return
 	}
-	checkFavorite := &models.Favorite{UserId: info.UserID, TaskTypeId: appRequest.TaskTypeId, Deleted: 0}
+	checkFavorite := &models.Favorite{UserId: token.UserID, TaskTypeId: appRequest.TaskTypeId, Deleted: 0}
 	err = mysql.GetMysqlInstace().Ormer.Read(checkFavorite, "user_id", "task_type_id", "deleted")
 	if err != nil {
 		server.respond(models.BusinessFailed, "You have not followed this model")
@@ -91,7 +91,7 @@ func (server *FavoriteController) Cancel() {
 }
 
 func (server *FavoriteController) IsFavorite() {
-	info, err := server.Check()
+	token, err := server.Check()
 	if err != nil {
 		server.respond(http.StatusUnauthorized, err.Error())
 		return
@@ -113,7 +113,7 @@ func (server *FavoriteController) IsFavorite() {
 	}{
 		IsFavorite: false,
 	}
-	checkFavorite := &models.Favorite{UserId: info.UserID, TaskTypeId: appRequest.TaskTypeId, Deleted: 0}
+	checkFavorite := &models.Favorite{UserId: token.UserID, TaskTypeId: appRequest.TaskTypeId, Deleted: 0}
 	err = mysql.GetMysqlInstace().Ormer.Read(checkFavorite, "user_id", "task_type_id", "deleted")
 	if err != nil {
 		server.respond(http.StatusOK, "", responseData)
@@ -124,7 +124,7 @@ func (server *FavoriteController) IsFavorite() {
 }
 
 func (server *FavoriteController) Lists() {
-	info, err := server.Check()
+	token, err := server.Check()
 	if err != nil {
 		server.respond(http.StatusUnauthorized, err.Error())
 		return
@@ -165,9 +165,9 @@ func (server *FavoriteController) Lists() {
 		InnerJoin("task_type").On("favorite.task_type_id = task_type.id")
 	countQB.Where("favorite.deleted = 0")
 	queryQB.Where("favorite.deleted = 0")
-	if !(info.Role == 1 || info.Role == 2) {
-		countQB.And(fmt.Sprintf("user_id = '%d'", info.UserID))
-		queryQB.And(fmt.Sprintf("user_id = '%d'", info.UserID))
+	if !(token.Role == 1 || token.Role == 2) {
+		countQB.And(fmt.Sprintf("user_id = '%d'", token.UserID))
+		queryQB.And(fmt.Sprintf("user_id = '%d'", token.UserID))
 	}
 	if appRequest.Keyword != "" {
 		keyword := "%" + appRequest.Keyword + "%"

controllers/funds.go

@@ -55,7 +55,7 @@ func weixinRecharge(chargeRequest *models.ChargeRequest) error {
 }
 
 func (server *FundsController) Recharge() {
-	info, err := server.Check()
+	token, err := server.Check()
 	if err != nil {
 		server.respond(http.StatusUnauthorized, err.Error())
 		return
@@ -70,7 +70,7 @@ func (server *FundsController) Recharge() {
 		return
 	}
 
-	if info.Role != 1 && info.Role != 2 && chargeRequest.PaymentMethod == models.ManualPay {
+	if token.Role != 1 && token.Role != 2 && chargeRequest.PaymentMethod == models.ManualPay {
 		server.respond(models.BusinessFailed, "Please contact the business development")
 		return
 	}
@@ -95,7 +95,7 @@ func (server *FundsController) Recharge() {
 		return
 	}
 
-	checkUser := &models.User{Id: info.UserID}
+	checkUser := &models.User{Id: token.UserID}
 	cond := "id"
 	if chargeRequest.Mail != "" {
 		checkUser = &models.User{Mail: chargeRequest.Mail}
@@ -143,7 +143,7 @@ func (server *FundsController) Recharge() {
 	tradeTime := fmt.Sprintf(time.Now().UTC().Format(format))
 	//fundsData := models.Funds{
 	//	Id:            max + 1,
-	//	Uid:           info.UserID,
+	//	Uid:           token.UserID,
 	//	Amount:        amount,
 	//	TradeChannel:  int(chargeRequest.PaymentMethod),
 	//	ChannelSerial: "",
@@ -187,7 +187,7 @@ func (server *FundsController) Recharge() {
 		"",
 		max,
 		4,
-		info.UserID,
+		token.UserID,
 		int(models.Income),
 		int(models.Charge),
 		int(chargeRequest.PaymentMethod),
@@ -244,7 +244,7 @@ func (server *FundsController) Recharge() {
 }
 
 func (server *FundsController) RechargeRecords() {
-	info, err := server.Check()
+	token, err := server.Check()
 	if err != nil {
 		server.respond(http.StatusUnauthorized, err.Error())
 		return
@@ -269,7 +269,7 @@ func (server *FundsController) RechargeRecords() {
 	offset := (appRequest.Page - 1) * appRequest.Size
 
 	qs := mysql.GetMysqlInstace().Ormer.QueryTable("charge_record")
-	infoQs := qs.Filter("user_id", info.UserID).Offset(offset).Limit(appRequest.Size)
+	infoQs := qs.Filter("user_id", token.UserID).Offset(offset).Limit(appRequest.Size)
 	count, err := infoQs.Count()
 	logs.Debug("Count = ", count)
 	var tokens []*models.ChargeRecord
@@ -289,7 +289,7 @@ func (server *FundsController) RechargeRecords() {
 }
 
 func (server *FundsController) IncomeAndExpense() {
-	info, err := server.Check()
+	token, err := server.Check()
 	if err != nil {
 		server.respond(http.StatusUnauthorized, err.Error())
 		return
@@ -331,9 +331,9 @@ func (server *FundsController) IncomeAndExpense() {
 	queryQB.Select("*").
 		From("funds").Where("uid != '0'")
 
-	if info.Role != 1 && info.Role != 2 {
-		countQB.And(fmt.Sprintf("uid = '%d'", info.UserID))
-		queryQB.And(fmt.Sprintf("uid = '%d'", info.UserID))
+	if token.Role != 1 && token.Role != 2 {
+		countQB.And(fmt.Sprintf("uid = '%d'", token.UserID))
+		queryQB.And(fmt.Sprintf("uid = '%d'", token.UserID))
 	}
 
 	if appRequest.StartTime != "" && appRequest.EndTime != "" {
@@ -364,8 +364,8 @@ func (server *FundsController) IncomeAndExpense() {
 	sql := countQB.String()
 
 	var types []*models.Funds
-	//sql := fmt.Sprintf("SELECT count(*) FROM funds WHERE uid = %d %s;", info.UserID, timeCondition)
-	//if info.Role == 1 || info.Role == 2 {
+	//sql := fmt.Sprintf("SELECT count(*) FROM funds WHERE uid = %d %s;", token.UserID, timeCondition)
+	//if token.Role == 1 || token.Role == 2 {
 	//	if timeCondition != "" {
 	//		timeCondition = "WHERE" + timeCondition
 	//	}
@@ -387,8 +387,8 @@ func (server *FundsController) IncomeAndExpense() {
 
 	queryQB.OrderBy("trade_time").Desc()
 	sql = fmt.Sprintf("%s LIMIT %d,%d;", queryQB.String(), offset, size)
-	//sql = fmt.Sprintf("SELECT * FROM funds WHERE uid = %d %s LIMIT %d,%d;", info.UserID, timeCondition, offset, size)
-	//if info.Role == 1 || info.Role == 2 {
+	//sql = fmt.Sprintf("SELECT * FROM funds WHERE uid = %d %s LIMIT %d,%d;", token.UserID, timeCondition, offset, size)
+	//if token.Role == 1 || token.Role == 2 {
 	//	sql = fmt.Sprintf("SELECT * FROM funds %s LIMIT %d,%d;", timeCondition, offset, size)
 	//}
 	data, err := postgres.QueryFunds(sql)
@@ -402,7 +402,7 @@ func (server *FundsController) IncomeAndExpense() {
 		ids = append(ids, id)
 	}
 	var users []models.User
-	if info.Role == 1 || info.Role == 2 {
+	if token.Role == 1 || token.Role == 2 {
 		_, _ = mysql.GetMysqlInstace().Ormer.QueryTable("user").Filter("id__in", ids).All(&users)
 	}
 

controllers/upload.go

@@ -13,12 +13,12 @@ type FileController struct {
 }
 
 func (server *FileController) Upload() {
-	info, err := server.Check()
+	token, err := server.Check()
 	if err != nil {
 		server.respond(http.StatusUnauthorized, err.Error())
 		return
 	}
-	if !(info.Role == 1 || info.Role == 2) {
+	if !(token.Role == 1 || token.Role == 2) {
 		server.respond(http.StatusUnauthorized, "只有管理员才可执行此操作")
 		return
 	}

controllers/user.go

@@ -146,12 +146,12 @@ func (server *UserController) Login() {
 }
 
 func (server *UserController) Logout() {
-	info, err := server.Check()
+	token, err := server.Check()
 	if err != nil {
 		server.respond(http.StatusUnauthorized, err.Error())
 		return
 	}
-	key := "token:user-" + strconv.Itoa(info.UserID)
+	key := "token:user-" + strconv.Itoa(token.UserID)
 	redis.DeleteKey(key)
 	server.respond(http.StatusUnauthorized, "")
 }
@@ -186,12 +186,12 @@ func (server *UserController) Regisger() {
 }
 
 func (server *UserController) UserInfo() {
-	info, err := server.Check()
+	token, err := server.Check()
 	if err != nil {
 		server.respond(http.StatusUnauthorized, err.Error())
 		return
 	}
-	checkUser := &models.User{Id: info.UserID}
+	checkUser := &models.User{Id: token.UserID}
 	err = mysql.GetMysqlInstace().Ormer.Read(checkUser)
 	if err != nil {
 		server.respond(models.BusinessFailed, err.Error())
@@ -236,7 +236,7 @@ func (server *UserController) UserInfo() {
 }
 
 func (server *UserController) FreeCallCount() {
-	info, err := server.Check()
+	token, err := server.Check()
 	if err != nil {
 		server.respond(http.StatusUnauthorized, err.Error())
 		return
@@ -254,7 +254,7 @@ func (server *UserController) FreeCallCount() {
 	}
 	offset := (appRequest.Page - 1) * appRequest.Size
 
-	checkUser := &models.User{Id: info.UserID}
+	checkUser := &models.User{Id: token.UserID}
 	err = mysql.GetMysqlInstace().Ormer.Read(checkUser)
 	if err != nil {
 		server.respond(models.BusinessFailed, err.Error())
@@ -287,9 +287,9 @@ func (server *UserController) FreeCallCount() {
 		From("task_type").LeftJoin("user_level_task_type").On(cond)
 	queryQB.Where("task_type.deleted = 0")
 
-	//if !(info.Role == 1 || info.Role == 2) {
-	//countQB.And(fmt.Sprintf("user_id = '%d'", info.UserID))
-	//queryQB.And(fmt.Sprintf("user_id = '%d'", info.UserID))
+	//if !(token.Role == 1 || token.Role == 2) {
+	//countQB.And(fmt.Sprintf("user_id = '%d'", token.UserID))
+	//queryQB.And(fmt.Sprintf("user_id = '%d'", token.UserID))
 	//}
 	if appRequest.Keyword != "" {
 		keyword := "%" + appRequest.Keyword + "%"
@@ -331,14 +331,14 @@ func (server *UserController) FreeCallCount() {
 	}
 	idsString = idsString[:len(idsString)-1]
 	uids := []int64{
-		int64(info.UserID),
+		int64(token.UserID),
 	}
 
 	totalDayUsed := int64(0)
 	totalMonthUsed := int64(0)
 	uesd, err := odysseus.UserFreeUesd(uids, ids)
 	if err == nil {
-		userdata := uesd[int64(info.UserID)]
+		userdata := uesd[int64(token.UserID)]
 		totalDayUsed = userdata.TotalDayUsed
 		totalMonthUsed = userdata.TotalMonthUsed
 		for _, value := range taskTypes {
@@ -361,7 +361,7 @@ func (server *UserController) FreeCallCount() {
 		From("tasks").
 		Where(fmt.Sprintf("time >= '%s'", startTime)).
 		And(fmt.Sprintf("time <= '%s'", endTime)).
-		And(fmt.Sprintf("uid >= '%d'", info.UserID)).
+		And(fmt.Sprintf("uid >= '%d'", token.UserID)).
 		And(fmt.Sprintf("type in(%s)", idsString))
 	sql = weekCountQB.String()
 	weekCount, err := postgres.CountTasks(sql)
@@ -382,7 +382,7 @@ func (server *UserController) FreeCallCount() {
 		From("tasks").
 		Where(fmt.Sprintf("time >= '%s'", startTime)).
 		And(fmt.Sprintf("time <= '%s'", endTime)).
-		And(fmt.Sprintf("uid >= '%d'", info.UserID)).
+		And(fmt.Sprintf("uid >= '%d'", token.UserID)).
 		And(fmt.Sprintf("type in(%s)", idsString))
 	sql = monthCountQB.String()
 	monthCount, err := postgres.CountTasks(sql)

controllers/whitelist.go

@@ -16,12 +16,12 @@ type WhitelistController struct {
 }
 
 func (server *WhitelistController) Lists() {
-	info, err := server.Check()
+	token, err := server.Check()
 	if err != nil {
 		server.respond(http.StatusUnauthorized, err.Error())
 		return
 	}
-	if !(info.Role == 1 || info.Role == 2) {
+	if !(token.Role == 1 || token.Role == 2) {
 		server.respond(models.BusinessFailed, "Only system administrators or super administrators can perform this operation")
 		return
 	}
@@ -58,13 +58,13 @@ func (server *WhitelistController) Lists() {
 }
 
 func (server *WhitelistController) Add() {
-	info, err := server.Check()
+	token, err := server.Check()
 	if err != nil {
 		server.respond(http.StatusUnauthorized, err.Error())
 		return
 	}
 
-	if !(info.Role == 1 || info.Role == 2) {
+	if !(token.Role == 1 || token.Role == 2) {
 		server.respond(models.BusinessFailed, "Only system administrators or super administrators can perform this operation")
 		return
 	}
@@ -103,13 +103,13 @@ func (server *WhitelistController) Add() {
 }
 
 func (server *WhitelistController) Update() {
-	info, err := server.Check()
+	token, err := server.Check()
 	if err != nil {
 		server.respond(http.StatusUnauthorized, err.Error())
 		return
 	}
 
-	if !(info.Role == 1 || info.Role == 2) {
+	if !(token.Role == 1 || token.Role == 2) {
 		server.respond(models.BusinessFailed, "Only system administrators or super administrators can perform this operation")
 		return
 	}
@@ -169,13 +169,13 @@ func (server *WhitelistController) Update() {
 }
 
 func (server *WhitelistController) Delete() {
-	info, err := server.Check()
+	token, err := server.Check()
 	if err != nil {
 		server.respond(http.StatusUnauthorized, err.Error())
 		return
 	}
 
-	if !(info.Role == 1 || info.Role == 2) {
+	if !(token.Role == 1 || token.Role == 2) {
 		server.respond(models.BusinessFailed, "Only system administrators or super administrators can perform this operation")
 		return
 	}