This commit is contained in:
@@ -55,66 +55,6 @@ func RetrieveSecret(c *gin.Context) {
|
|||||||
s.UserName = input.UserName
|
s.UserName = input.UserName
|
||||||
|
|
||||||
retrieveSpecifiedSecret(&s, c)
|
retrieveSpecifiedSecret(&s, c)
|
||||||
|
|
||||||
/*
|
|
||||||
user_id, err := token.ExtractTokenID(c)
|
|
||||||
if err != nil {
|
|
||||||
c.JSON(http.StatusBadRequest, gin.H{"error": "error determining user"})
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
// Work out which safe to query for this user if the safe was not specified
|
|
||||||
safeList, err := models.UserGetSafesAllowed(int(user_id))
|
|
||||||
|
|
||||||
if err != nil {
|
|
||||||
c.JSON(http.StatusBadRequest, gin.H{"error": "error determining user safes"})
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
// If there was only one result then just use that
|
|
||||||
if len(safeList) == 0 {
|
|
||||||
// check if the user is an admin, if not then they seem to have access to zero safes
|
|
||||||
if !models.UserCheckIfAdmin(int(user_id)) {
|
|
||||||
c.JSON(http.StatusBadRequest, gin.H{"error": "user has no access to any secrets"})
|
|
||||||
return
|
|
||||||
} else {
|
|
||||||
// Don't apply a role filter if user has admin role
|
|
||||||
results, err = models.SecretsGetMultipleSafes(&s, true, []int{})
|
|
||||||
}
|
|
||||||
|
|
||||||
} else if len(safeList) == 1 {
|
|
||||||
s.SafeId = safeList[0].SafeId
|
|
||||||
userIsAdmin = safeList[0].AdminUser || safeList[0].AdminGroup
|
|
||||||
// Don't apply a role filter if user has admin role
|
|
||||||
//results, err = models.GetSecrets(&s, userIsAdmin)
|
|
||||||
results, err = models.SecretsGetMultipleSafes(&s, userIsAdmin, []int{s.SafeId})
|
|
||||||
} else {
|
|
||||||
// Create a list of all the safes this user can access
|
|
||||||
var safeIds []int
|
|
||||||
for _, safe := range safeList {
|
|
||||||
safeIds = append(safeIds, safe.SafeId)
|
|
||||||
}
|
|
||||||
|
|
||||||
results, err = models.SecretsGetMultipleSafes(&s, false, safeIds)
|
|
||||||
}
|
|
||||||
|
|
||||||
if err != nil {
|
|
||||||
c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
if len(results) == 1 {
|
|
||||||
// output results as json
|
|
||||||
c.JSON(http.StatusOK, gin.H{"message": "success", "data": results})
|
|
||||||
} else if len(results) > 1 {
|
|
||||||
c.JSON(http.StatusBadRequest, gin.H{"error": "found multiple matching secrets, use retrieveMultiple instead"})
|
|
||||||
return
|
|
||||||
} else {
|
|
||||||
c.JSON(http.StatusBadRequest, gin.H{"error": "found no matching secrets"})
|
|
||||||
return
|
|
||||||
}
|
|
||||||
*/
|
|
||||||
}
|
}
|
||||||
|
|
||||||
func RetrieveSecretByDevicename(c *gin.Context) {
|
func RetrieveSecretByDevicename(c *gin.Context) {
|
||||||
@@ -251,44 +191,6 @@ func ListSecrets(c *gin.Context) {
|
|||||||
output = append(output, ListSecret(secret.Secret))
|
output = append(output, ListSecret(secret.Secret))
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
|
||||||
// Work out which safe to query for this user if the safe was not specified
|
|
||||||
safeList, err := models.UserGetSafesAllowed(int(UserId))
|
|
||||||
|
|
||||||
if err != nil {
|
|
||||||
c.JSON(http.StatusBadRequest, gin.H{"error": "error determining user safes"})
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
// If there was only one result then just use that
|
|
||||||
if len(safeList) == 0 {
|
|
||||||
errString := "no matching secret or user has no access to specified secret"
|
|
||||||
log.Printf("ListSecrets %s\n", errString)
|
|
||||||
c.JSON(http.StatusBadRequest, gin.H{"error": errString})
|
|
||||||
return
|
|
||||||
} else if len(safeList) == 1 {
|
|
||||||
s.SafeId = safeList[0].SafeId
|
|
||||||
results, err = models.SecretsGetMultipleSafes(&s, []int{s.SafeId})
|
|
||||||
} else {
|
|
||||||
// Create a list of all the safes this user can access
|
|
||||||
var safeIds []int
|
|
||||||
for _, safe := range safeList {
|
|
||||||
safeIds = append(safeIds, safe.SafeId)
|
|
||||||
}
|
|
||||||
|
|
||||||
results, err = models.SecretsGetMultipleSafes(&s, safeIds)
|
|
||||||
}
|
|
||||||
|
|
||||||
if err != nil {
|
|
||||||
c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
for _, v := range results {
|
|
||||||
output = append(output, ListSecret(v))
|
|
||||||
}
|
|
||||||
*/
|
|
||||||
|
|
||||||
// output results as json
|
// output results as json
|
||||||
c.JSON(http.StatusOK, gin.H{"message": "success", "data": output})
|
c.JSON(http.StatusOK, gin.H{"message": "success", "data": output})
|
||||||
|
|
||||||
|
|||||||
@@ -11,17 +11,6 @@ import (
|
|||||||
)
|
)
|
||||||
|
|
||||||
// bindings are validated by https://github.com/go-playground/validator
|
// bindings are validated by https://github.com/go-playground/validator
|
||||||
/*
|
|
||||||
type StoreSecretInput struct {
|
|
||||||
SafeId int `json:"safeId"`
|
|
||||||
SafeName string `json:"safeName"`
|
|
||||||
DeviceName string `json:"deviceName"`
|
|
||||||
DeviceCategory string `json:"deviceCategory"`
|
|
||||||
UserName string `json:"userName" binding:"required"`
|
|
||||||
SecretValue string `json:"secretValue" binding:"required"`
|
|
||||||
}
|
|
||||||
*/
|
|
||||||
|
|
||||||
type SecretInput struct {
|
type SecretInput struct {
|
||||||
SafeId int `json:"safeId"`
|
SafeId int `json:"safeId"`
|
||||||
SafeName string `json:"safeName"`
|
SafeName string `json:"safeName"`
|
||||||
|
|||||||
@@ -235,95 +235,6 @@ func SecretsGetFromMultipleSafes(s *Secret, safeIds []int) ([]Secret, error) {
|
|||||||
return secretResults, nil
|
return secretResults, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
|
||||||
// Returns all matching secrets, up to caller to determine how to deal with multiple results
|
|
||||||
func GetSecrets(s *Secret, adminRole bool) ([]Secret, error) {
|
|
||||||
var err error
|
|
||||||
var rows *sqlx.Rows
|
|
||||||
var secretResults []Secret
|
|
||||||
|
|
||||||
log.Printf("GetSecrets querying values '%v' with admin role '%v'\n", s, adminRole)
|
|
||||||
|
|
||||||
// Admin roles should be able to access all secrets so don't do any filter based on RoleId
|
|
||||||
if adminRole {
|
|
||||||
// Determine whether to query for a specific device or a category of devices
|
|
||||||
// Prefer querying device name than category
|
|
||||||
if s.DeviceName != "" && s.DeviceCategory != "" && s.UserName != "" {
|
|
||||||
rows, err = db.Queryx("SELECT * FROM secrets WHERE DeviceName LIKE ? AND DeviceCategory LIKE ? AND UserName = ?", s.DeviceName, s.DeviceCategory, s.UserName)
|
|
||||||
} else if s.DeviceName != "" && s.UserName != "" {
|
|
||||||
rows, err = db.Queryx("SELECT * FROM secrets WHERE DeviceName LIKE ? AND UserName = ?", s.DeviceName, s.UserName)
|
|
||||||
} else if s.DeviceCategory != "" && s.UserName != "" {
|
|
||||||
rows, err = db.Queryx("SELECT * FROM secrets WHERE DeviceCategory LIKE ? AND UserName = ?", s.DeviceCategory, s.UserName)
|
|
||||||
} else if s.DeviceName != "" && s.DeviceCategory != "" {
|
|
||||||
rows, err = db.Queryx("SELECT * FROM secrets WHERE DeviceName LIKE ? AND DeviceCategory LIKE ?", s.DeviceName, s.DeviceCategory)
|
|
||||||
} else if s.DeviceName != "" {
|
|
||||||
rows, err = db.Queryx("SELECT * FROM secrets WHERE DeviceName LIKE ?", s.DeviceName)
|
|
||||||
} else if s.DeviceCategory != "" {
|
|
||||||
rows, err = db.Queryx("SELECT * FROM secrets WHERE DeviceCategory LIKE ?", s.DeviceCategory)
|
|
||||||
} else if s.UserName != "" {
|
|
||||||
rows, err = db.Queryx("SELECT * FROM secrets WHERE UserName LIKE ?", s.UserName)
|
|
||||||
} else {
|
|
||||||
rows, err = db.Queryx("SELECT * FROM secrets")
|
|
||||||
//log.Printf("GetSecret no valid search options specified\n")
|
|
||||||
//err = errors.New("no valid search options specified")
|
|
||||||
//return secretResults, err
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
// Determine whether to query for a specific device or a category of devices
|
|
||||||
// Prefer querying device name than category
|
|
||||||
if s.DeviceName != "" && s.DeviceCategory != "" && s.UserName != "" {
|
|
||||||
rows, err = db.Queryx("SELECT * FROM secrets WHERE DeviceName LIKE ? AND DeviceCategory LIKE ? AND UserName = ? AND SafeId = ?", s.DeviceName, s.DeviceCategory, s.UserName, s.SafeId)
|
|
||||||
} else if s.DeviceName != "" && s.UserName != "" {
|
|
||||||
rows, err = db.Queryx("SELECT * FROM secrets WHERE DeviceName LIKE ? AND UserName = ? AND SafeId = ?", s.DeviceName, s.UserName, s.SafeId)
|
|
||||||
} else if s.DeviceCategory != "" && s.UserName != "" {
|
|
||||||
rows, err = db.Queryx("SELECT * FROM secrets WHERE DeviceCategory LIKE ? AND UserName = ? AND SafeId = ?", s.DeviceCategory, s.UserName, s.SafeId)
|
|
||||||
} else if s.DeviceName != "" && s.DeviceCategory != "" {
|
|
||||||
rows, err = db.Queryx("SELECT * FROM secrets WHERE DeviceName LIKE ? AND DeviceCategory LIKE ? AND SafeId = ?", s.DeviceName, s.DeviceCategory, s.SafeId)
|
|
||||||
} else if s.DeviceName != "" {
|
|
||||||
rows, err = db.Queryx("SELECT * FROM secrets WHERE DeviceName LIKE ? AND SafeId = ?", s.DeviceName, s.SafeId)
|
|
||||||
} else if s.DeviceCategory != "" {
|
|
||||||
rows, err = db.Queryx("SELECT * FROM secrets WHERE DeviceCategory LIKE ? AND SafeId = ?", s.DeviceCategory, s.SafeId)
|
|
||||||
} else if s.UserName != "" {
|
|
||||||
rows, err = db.Queryx("SELECT * FROM secrets WHERE UserName LIKE ? AND SafeId = ?", s.UserName, s.SafeId)
|
|
||||||
} else {
|
|
||||||
rows, err = db.Queryx("SELECT * FROM secrets WHERE SafeId = ?", s.SafeId)
|
|
||||||
//log.Printf("GetSecret no valid search options specified\n")
|
|
||||||
//err = errors.New("no valid search options specified")
|
|
||||||
//return secretResults, err
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if err != nil {
|
|
||||||
log.Printf("GetSecret error executing sql record : '%s'\n", err)
|
|
||||||
return secretResults, err
|
|
||||||
} else {
|
|
||||||
// parse all the results into a slice
|
|
||||||
for rows.Next() {
|
|
||||||
var r Secret
|
|
||||||
err = rows.StructScan(&r)
|
|
||||||
if err != nil {
|
|
||||||
log.Printf("GetSecret error parsing sql record : '%s'\n", err)
|
|
||||||
return secretResults, err
|
|
||||||
}
|
|
||||||
|
|
||||||
// Decrypt the secret
|
|
||||||
_, err = r.DecryptSecret()
|
|
||||||
if err != nil {
|
|
||||||
//log.Printf("GetSecret unable to decrypt stored secret '%v' : '%s'\n", r.Secret, err)
|
|
||||||
log.Printf("GetSecret unable to decrypt stored secret : '%s'\n", err)
|
|
||||||
return secretResults, err
|
|
||||||
} else {
|
|
||||||
secretResults = append(secretResults, r)
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
|
||||||
log.Printf("GetSecret retrieved '%d' results\n", len(secretResults))
|
|
||||||
}
|
|
||||||
|
|
||||||
return secretResults, nil
|
|
||||||
}
|
|
||||||
*/
|
|
||||||
|
|
||||||
func (s *Secret) UpdateSecret() (*Secret, error) {
|
func (s *Secret) UpdateSecret() (*Secret, error) {
|
||||||
|
|
||||||
var err error
|
var err error
|
||||||
|
|||||||
Reference in New Issue
Block a user