work on adding group support

2024-01-10 09:16:52 +11:00
parent 48611b22c9
commit 0899b07d47
6 changed files with 83 additions and 12 deletions
--- a/controllers/retrieveSecrets.go
+++ b/controllers/retrieveSecrets.go
@@ -0,0 +1,241 @@
+package controllers
+
+import (
+	"fmt"
+	"log"
+	"net/http"
+	"smt/models"
+
+	"github.com/gin-gonic/gin"
+)
+
+type RetrieveInput struct {
+	DeviceName     string `json:"deviceName"`
+	DeviceCategory string `json:"deviceCategory"`
+	UserName       string `json:"userName"`
+	SafeId         int    `json:"safeId"`
+	SafeName       string `json:"safeName"`
+}
+
+type ListSecret struct {
+	SecretId       int    `db:"SecretId" json:"secretId"`
+	SafeId         int    `db:"SafeId" json:"safeId"`
+	DeviceName     string `db:"DeviceName" json:"deviceName"`
+	DeviceCategory string `db:"DeviceCategory" json:"deviceCategory"`
+	UserName       string `db:"UserName" json:"userName"`
+	Secret         string `db:"Secret" json:"-"`
+}
+
+func RetrieveSecret(c *gin.Context) {
+	var input RetrieveInput
+	//var results []models.Secret
+	//var userIsAdmin bool = false
+
+	// Validate the input matches our struct
+	if err := c.ShouldBindJSON(&input); err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
+		return
+	}
+	log.Printf("RetrieveSecret received JSON input '%v'\n", input)
+
+	/*
+		// Get the user and role id of the requestor
+		u, err := models.UserGetRoleFromToken(c)
+		if err != nil {
+			c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
+			return
+		}
+	*/
+
+	// Populate fields
+	s := models.Secret{}
+	//s.RoleId = u.RoleId
+	s.DeviceName = input.DeviceName
+	s.DeviceCategory = input.DeviceCategory
+	s.UserName = input.UserName
+
+	retrieveSpecifiedSecret(&s, c)
+}
+
+func RetrieveSecretByDevicename(c *gin.Context) {
+	DeviceName := c.Param("devicename")
+
+	if DeviceName == "" {
+		c.JSON(http.StatusBadRequest, gin.H{"error": "no devicename value specified"})
+		return
+	}
+
+	// Create object based on specified data
+	s := models.Secret{DeviceName: DeviceName}
+	//s.DeviceName = DeviceName
+
+	retrieveSpecifiedSecret(&s, c)
+}
+
+func RetrieveSecretByDevicecategory(c *gin.Context) {
+	DeviceCategory := c.Param("devicecategory")
+
+	if DeviceCategory == "" {
+		c.JSON(http.StatusBadRequest, gin.H{"error": "no devicecategory value specified"})
+		return
+	}
+
+	// Create object based on specified data
+	s := models.Secret{DeviceCategory: DeviceCategory}
+
+	retrieveSpecifiedSecret(&s, c)
+}
+
+func retrieveSpecifiedSecret(s *models.Secret, c *gin.Context) {
+	/*
+		// Get the user and role id of the requestor
+		u, err := models.UserGetRoleFromToken(c)
+		if err != nil {
+			c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
+			return
+		}
+		s.RoleId = u.RoleId
+
+		results, err := models.GetSecrets(s, false)
+		if err != nil {
+			c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
+			return
+		}
+	*/
+	var UserId int
+	var results []models.Secret
+	/*
+		user_id, err := token.ExtractTokenID(c)
+		if err != nil {
+			c.JSON(http.StatusBadRequest, gin.H{"error": "error determining user"})
+			return
+		}
+	*/
+	// Get userId that we stored in the context earlier
+	if val, ok := c.Get("user-id"); !ok {
+		c.JSON(http.StatusBadRequest, gin.H{"error": "error determining user"})
+		return
+	} else {
+		UserId = val.(int)
+	}
+
+	// Work out which safe to query for this user if the safe was not specified
+	safeList, err := models.UserGetSafesAllowed(int(UserId))
+
+	if err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{"error": "error determining user safes"})
+		return
+	}
+
+	// If there was only one result then just use that
+	if len(safeList) == 0 {
+		errString := "no matching secret or user has no access to specified secret"
+		log.Printf("retrieveSpecifiedSecret %s\n", errString)
+		c.JSON(http.StatusBadRequest, gin.H{"error": errString})
+		return
+	} else if len(safeList) == 1 {
+		s.SafeId = safeList[0].SafeId
+		results, err = models.SecretsGetFromMultipleSafes(s, []int{s.SafeId})
+	} else {
+		// Create a list of all the safes this user can access
+		var safeIds []int
+		for _, safe := range safeList {
+			safeIds = append(safeIds, safe.SafeId)
+		}
+
+		results, err = models.SecretsGetFromMultipleSafes(s, safeIds)
+	}
+
+	if err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
+		return
+	}
+
+	if len(results) == 1 {
+		// output results as json
+		c.JSON(http.StatusOK, gin.H{"message": "success", "data": results})
+	} else if len(results) > 1 {
+		c.JSON(http.StatusBadRequest, gin.H{"error": "found multiple matching secrets"})
+		return
+	} else {
+		c.JSON(http.StatusBadRequest, gin.H{"error": "found no matching secrets"})
+		return
+	}
+}
+
+func ListSecrets(c *gin.Context) {
+	var UserId int
+	var output []ListSecret
+
+	//var results []models.Secret
+	s := models.Secret{}
+
+	// Get userId that we stored in the context earlier
+	if val, ok := c.Get("user-id"); !ok {
+		c.JSON(http.StatusBadRequest, gin.H{"error": "error determining user"})
+		return
+	} else {
+		UserId = val.(int)
+	}
+
+	secretList, err := models.SecretsGetAllowed(&s, UserId)
+	if err != nil {
+		errString := fmt.Sprintf("error getting allowed secrets : '%s'", err)
+		log.Printf("ListSecrets %s\n", errString)
+		c.JSON(http.StatusBadRequest, gin.H{"error": errString})
+		return
+	}
+
+	// Extract the normal secret fields from the allowed list
+	for _, secret := range secretList {
+		output = append(output, ListSecret(secret.Secret))
+	}
+
+	// output results as json
+	c.JSON(http.StatusOK, gin.H{"message": "success", "data": output})
+
+}
+
+func RetrieveMultpleSecrets(c *gin.Context) {
+	// TODO implement with new schema
+	/*
+		var input RetrieveInput
+
+		// Validate the input matches our struct
+		if err := c.ShouldBindJSON(&input); err != nil {
+			c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
+			return
+		}
+		log.Printf("StoreSecret received JSON input '%v'\n", input)
+
+		// Get the user and role id of the requestor
+		user_id, err := token.ExtractTokenID(c)
+
+		if err != nil {
+			c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
+			return
+		}
+
+		u, err := models.GetUserRoleByID(user_id)
+
+		if err != nil {
+			c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
+			return
+		}
+
+		// Populate fields
+		s := models.Secret{}
+		s.RoleId = u.RoleId
+		s.DeviceName = input.DeviceName
+		s.DeviceCategory = input.DeviceCategory
+
+		results, err := models.GetSecrets(&s, false)
+		if err != nil {
+			c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
+			return
+		}
+
+		// output results as json
+		c.JSON(http.StatusOK, gin.H{"message": "success", "data": results})
+	*/
+}