This commit is contained in:
@@ -201,11 +201,15 @@ Either deviceName or deviceCategory can be specified (or both). Wildcards are su
|
||||
1. The percent sign % wildcard matches any sequence of zero or more characters.
|
||||
2. The underscore _ wildcard matches any single character.
|
||||
|
||||
#### Search by device name
|
||||
|
||||
GET `/api/secret/retrieve/name/<searchname>`
|
||||
|
||||
Search for a secret specified by deviceName using a GET request.
|
||||
Must be logged in to execute this command. Only secrets registered with the current user's RoleId can be retrieved.
|
||||
|
||||
#### Search by device category
|
||||
|
||||
GET `/api/secret/retrieve/category/<searchname>`
|
||||
|
||||
Search for a secret specified by deviceCategory using a GET request.
|
||||
@@ -229,4 +233,7 @@ Users with ReadOnly role will receive Forbidden error when calling this API endp
|
||||
#### List
|
||||
GET `/api/secret/list`
|
||||
|
||||
Will generate a list of device names and categories but not secret data.
|
||||
Will generate a list of device names and categories but not secret data.
|
||||
|
||||
## Database Schema
|
||||
|
||||
5
main.go
5
main.go
@@ -237,7 +237,6 @@ func main() {
|
||||
// Register our routes
|
||||
public := router.Group("/api")
|
||||
public.POST("/login", controllers.Login)
|
||||
//public.POST("/unlock", controllers.Unlock)
|
||||
|
||||
// API calls that only an administrator can make
|
||||
adminOnly := router.Group("/api/admin")
|
||||
@@ -245,11 +244,11 @@ func main() {
|
||||
adminOnly.POST("/user/delete", controllers.DeleteUser)
|
||||
adminOnly.POST("/user/register", controllers.RegisterUser) // TODO deprecate
|
||||
adminOnly.POST("/user/add", controllers.RegisterUser)
|
||||
// TODO
|
||||
//adminOnly.POST("/user/update", controllers.UpdateUser)
|
||||
adminOnly.GET("/roles", controllers.GetRoles)
|
||||
adminOnly.POST("/role/add", controllers.AddRole)
|
||||
adminOnly.GET("/users", controllers.GetUsers)
|
||||
|
||||
// TODO Make unlock an admin only function
|
||||
adminOnly.POST("/unlock", controllers.Unlock)
|
||||
|
||||
// Get secrets
|
||||
|
||||
113
models/setup.go
113
models/setup.go
@@ -20,6 +20,8 @@ const (
|
||||
sqlFile = "smt.db"
|
||||
)
|
||||
|
||||
// TODO drop LdapGroup column
|
||||
|
||||
const createRoles string = `
|
||||
CREATE TABLE IF NOT EXISTS roles (
|
||||
RoleId INTEGER PRIMARY KEY ASC,
|
||||
@@ -33,24 +35,54 @@ const createRoles string = `
|
||||
const createUsers string = `
|
||||
CREATE TABLE IF NOT EXISTS users (
|
||||
UserId INTEGER PRIMARY KEY ASC,
|
||||
RoleId INTEGER,
|
||||
GroupId INTEGER,
|
||||
UserName VARCHAR,
|
||||
Password VARCHAR,
|
||||
LdapUser BOOLEAN DEFAULT 0,
|
||||
LdapDN VARCHAR DEFAULT '',
|
||||
FOREIGN KEY (RoleId) REFERENCES roles(RoleId)
|
||||
FOREIGN KEY (GroupId) REFERENCES groups(GroupId)
|
||||
);
|
||||
`
|
||||
|
||||
const createSafes string = `
|
||||
CREATE TABLE IF NOT EXSITS safes (
|
||||
SafeId INTEGER PRIMARY KEY ASC,
|
||||
SafeName VARCHAR
|
||||
);
|
||||
`
|
||||
|
||||
const createGroups string = `
|
||||
CREATE TABLE IF NOT EXISTS groups (
|
||||
GroupId INTEGER PRIMARY KEY ASC,
|
||||
GroupName VARCHAR,
|
||||
LdapGroup BOOLEAN DEFAULT 0,
|
||||
LdapDN VARCHAR DEFAULT ''
|
||||
);
|
||||
`
|
||||
|
||||
const createPermissions = `
|
||||
CREATE TABLE IF NOT EXISTS permissions (
|
||||
PermissionId INTEGER PRIMARY KEY ASC,
|
||||
RoleId INTEGER,
|
||||
SafeId INTEGER,
|
||||
UserId INTEGER,
|
||||
GroupId INTEGER,
|
||||
FOREIGN KEY (RoleId) REFERENCES roles(RoleId),
|
||||
FOREIGN KEY (SafeId) REFERENCES safes(SafeId),
|
||||
FOREIGN KEY (UserId) REFERENCES users(UserId),
|
||||
FOREIGN KEY (GroupId) REFERENCES groups(GroupId)
|
||||
);
|
||||
`
|
||||
|
||||
const createSecrets string = `
|
||||
CREATE TABLE IF NOT EXISTS secrets (
|
||||
SecretId INTEGER PRIMARY KEY ASC,
|
||||
RoleId INTEGER,
|
||||
SafeId INTEGER,
|
||||
DeviceName VARCHAR,
|
||||
DeviceCategory VARCHAR,
|
||||
UserName VARCHAR,
|
||||
Secret VARCHAR,
|
||||
FOREIGN KEY (RoleId) REFERENCES roles(RoleId)
|
||||
FOREIGN KEY (SafeId) REFERENCES safes(SafeId)
|
||||
);
|
||||
`
|
||||
|
||||
@@ -143,11 +175,31 @@ func CreateTables() {
|
||||
os.Exit(1)
|
||||
}
|
||||
}
|
||||
|
||||
// Safes table
|
||||
if _, err = db.Exec(createSafes); err != nil {
|
||||
log.Printf("Error checking safes table : '%s'", err)
|
||||
os.Exit(1)
|
||||
}
|
||||
|
||||
// Secrets table
|
||||
if _, err = db.Exec(createSecrets); err != nil {
|
||||
log.Printf("Error checking secrets table : '%s'", err)
|
||||
os.Exit(1)
|
||||
}
|
||||
|
||||
// groups table
|
||||
if _, err = db.Exec(createGroups); err != nil {
|
||||
log.Printf("Error checking groups table : '%s'", err)
|
||||
os.Exit(1)
|
||||
}
|
||||
|
||||
// permissions table
|
||||
if _, err = db.Exec(createPermissions); err != nil {
|
||||
log.Printf("Error checking permissions table : '%s'", err)
|
||||
os.Exit(1)
|
||||
}
|
||||
|
||||
// Schema table should go last so we know if the database has a value in the schema table then everything was created properly
|
||||
if _, err = db.Exec(createSchema); err != nil {
|
||||
log.Printf("Error checking schema table : '%s'", err)
|
||||
@@ -167,34 +219,47 @@ func CreateTables() {
|
||||
os.Exit(1)
|
||||
}
|
||||
|
||||
// Database updates added after initial version released
|
||||
ldapCheck, _ := CheckColumnExists("roles", "LdapGroup")
|
||||
|
||||
if !ldapCheck {
|
||||
// Add the column for LdapGroup in the roles table
|
||||
_, err := db.Exec("ALTER TABLE roles ADD COLUMN LdapGroup VARCHAR DEFAULT '';")
|
||||
// Remove users RoleId column
|
||||
userRoleIdCheck, _ := CheckColumnExists("users", "RoleId")
|
||||
if userRoleIdCheck {
|
||||
_, err := db.Exec("ALTER TABLE users DROP COLUMN RoleId;")
|
||||
if err != nil {
|
||||
log.Printf("Error altering roles table to add LdapGroup column : '%s'\n", err)
|
||||
log.Printf("Error altering users table to drop RoleId column : '%s'\n", err)
|
||||
os.Exit(1)
|
||||
}
|
||||
}
|
||||
|
||||
// Add the two LDAP columns to the users table if they weren't there
|
||||
ldapUserCheck, _ := CheckColumnExists("users", "LdapUser")
|
||||
if !ldapUserCheck {
|
||||
log.Printf("CreateTables creating ldap columns in user table")
|
||||
_, err := db.Exec("ALTER TABLE users ADD COLUMN LdapUser BOOLEAN DEFAULT 0;")
|
||||
if err != nil {
|
||||
log.Printf("Error altering users table to add LdapUser column : '%s'\n", err)
|
||||
os.Exit(1)
|
||||
/*
|
||||
// Database updates added after initial version released
|
||||
ldapCheck, _ := CheckColumnExists("roles", "LdapGroup")
|
||||
|
||||
if !ldapCheck {
|
||||
// Add the column for LdapGroup in the roles table
|
||||
_, err := db.Exec("ALTER TABLE roles ADD COLUMN LdapGroup VARCHAR DEFAULT '';")
|
||||
if err != nil {
|
||||
log.Printf("Error altering roles table to add LdapGroup column : '%s'\n", err)
|
||||
os.Exit(1)
|
||||
}
|
||||
}
|
||||
|
||||
_, err = db.Exec("ALTER TABLE users ADD COLUMN LdapDN VARCHAR DEFAULT '';")
|
||||
if err != nil {
|
||||
log.Printf("Error altering users table to add LdapDN column : '%s'\n", err)
|
||||
os.Exit(1)
|
||||
// Add the two LDAP columns to the users table if they weren't there
|
||||
ldapUserCheck, _ := CheckColumnExists("users", "LdapUser")
|
||||
if !ldapUserCheck {
|
||||
log.Printf("CreateTables creating ldap columns in user table")
|
||||
_, err := db.Exec("ALTER TABLE users ADD COLUMN LdapUser BOOLEAN DEFAULT 0;")
|
||||
if err != nil {
|
||||
log.Printf("Error altering users table to add LdapUser column : '%s'\n", err)
|
||||
os.Exit(1)
|
||||
}
|
||||
|
||||
_, err = db.Exec("ALTER TABLE users ADD COLUMN LdapDN VARCHAR DEFAULT '';")
|
||||
if err != nil {
|
||||
log.Printf("Error altering users table to add LdapDN column : '%s'\n", err)
|
||||
os.Exit(1)
|
||||
}
|
||||
}
|
||||
}
|
||||
*/
|
||||
|
||||
}
|
||||
|
||||
// Count the number of records in the sqlite database
|
||||
|
||||
BIN
www/database.png
Normal file
BIN
www/database.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 84 KiB |
Reference in New Issue
Block a user