This commit is contained in:
@@ -55,66 +55,6 @@ func RetrieveSecret(c *gin.Context) {
|
||||
s.UserName = input.UserName
|
||||
|
||||
retrieveSpecifiedSecret(&s, c)
|
||||
|
||||
/*
|
||||
user_id, err := token.ExtractTokenID(c)
|
||||
if err != nil {
|
||||
c.JSON(http.StatusBadRequest, gin.H{"error": "error determining user"})
|
||||
return
|
||||
}
|
||||
|
||||
// Work out which safe to query for this user if the safe was not specified
|
||||
safeList, err := models.UserGetSafesAllowed(int(user_id))
|
||||
|
||||
if err != nil {
|
||||
c.JSON(http.StatusBadRequest, gin.H{"error": "error determining user safes"})
|
||||
return
|
||||
}
|
||||
|
||||
// If there was only one result then just use that
|
||||
if len(safeList) == 0 {
|
||||
// check if the user is an admin, if not then they seem to have access to zero safes
|
||||
if !models.UserCheckIfAdmin(int(user_id)) {
|
||||
c.JSON(http.StatusBadRequest, gin.H{"error": "user has no access to any secrets"})
|
||||
return
|
||||
} else {
|
||||
// Don't apply a role filter if user has admin role
|
||||
results, err = models.SecretsGetMultipleSafes(&s, true, []int{})
|
||||
}
|
||||
|
||||
} else if len(safeList) == 1 {
|
||||
s.SafeId = safeList[0].SafeId
|
||||
userIsAdmin = safeList[0].AdminUser || safeList[0].AdminGroup
|
||||
// Don't apply a role filter if user has admin role
|
||||
//results, err = models.GetSecrets(&s, userIsAdmin)
|
||||
results, err = models.SecretsGetMultipleSafes(&s, userIsAdmin, []int{s.SafeId})
|
||||
} else {
|
||||
// Create a list of all the safes this user can access
|
||||
var safeIds []int
|
||||
for _, safe := range safeList {
|
||||
safeIds = append(safeIds, safe.SafeId)
|
||||
}
|
||||
|
||||
results, err = models.SecretsGetMultipleSafes(&s, false, safeIds)
|
||||
}
|
||||
|
||||
if err != nil {
|
||||
c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
|
||||
return
|
||||
}
|
||||
|
||||
|
||||
if len(results) == 1 {
|
||||
// output results as json
|
||||
c.JSON(http.StatusOK, gin.H{"message": "success", "data": results})
|
||||
} else if len(results) > 1 {
|
||||
c.JSON(http.StatusBadRequest, gin.H{"error": "found multiple matching secrets, use retrieveMultiple instead"})
|
||||
return
|
||||
} else {
|
||||
c.JSON(http.StatusBadRequest, gin.H{"error": "found no matching secrets"})
|
||||
return
|
||||
}
|
||||
*/
|
||||
}
|
||||
|
||||
func RetrieveSecretByDevicename(c *gin.Context) {
|
||||
@@ -251,44 +191,6 @@ func ListSecrets(c *gin.Context) {
|
||||
output = append(output, ListSecret(secret.Secret))
|
||||
}
|
||||
|
||||
/*
|
||||
// Work out which safe to query for this user if the safe was not specified
|
||||
safeList, err := models.UserGetSafesAllowed(int(UserId))
|
||||
|
||||
if err != nil {
|
||||
c.JSON(http.StatusBadRequest, gin.H{"error": "error determining user safes"})
|
||||
return
|
||||
}
|
||||
|
||||
// If there was only one result then just use that
|
||||
if len(safeList) == 0 {
|
||||
errString := "no matching secret or user has no access to specified secret"
|
||||
log.Printf("ListSecrets %s\n", errString)
|
||||
c.JSON(http.StatusBadRequest, gin.H{"error": errString})
|
||||
return
|
||||
} else if len(safeList) == 1 {
|
||||
s.SafeId = safeList[0].SafeId
|
||||
results, err = models.SecretsGetMultipleSafes(&s, []int{s.SafeId})
|
||||
} else {
|
||||
// Create a list of all the safes this user can access
|
||||
var safeIds []int
|
||||
for _, safe := range safeList {
|
||||
safeIds = append(safeIds, safe.SafeId)
|
||||
}
|
||||
|
||||
results, err = models.SecretsGetMultipleSafes(&s, safeIds)
|
||||
}
|
||||
|
||||
if err != nil {
|
||||
c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
|
||||
return
|
||||
}
|
||||
|
||||
for _, v := range results {
|
||||
output = append(output, ListSecret(v))
|
||||
}
|
||||
*/
|
||||
|
||||
// output results as json
|
||||
c.JSON(http.StatusOK, gin.H{"message": "success", "data": output})
|
||||
|
||||
|
||||
@@ -11,17 +11,6 @@ import (
|
||||
)
|
||||
|
||||
// bindings are validated by https://github.com/go-playground/validator
|
||||
/*
|
||||
type StoreSecretInput struct {
|
||||
SafeId int `json:"safeId"`
|
||||
SafeName string `json:"safeName"`
|
||||
DeviceName string `json:"deviceName"`
|
||||
DeviceCategory string `json:"deviceCategory"`
|
||||
UserName string `json:"userName" binding:"required"`
|
||||
SecretValue string `json:"secretValue" binding:"required"`
|
||||
}
|
||||
*/
|
||||
|
||||
type SecretInput struct {
|
||||
SafeId int `json:"safeId"`
|
||||
SafeName string `json:"safeName"`
|
||||
|
||||
@@ -235,95 +235,6 @@ func SecretsGetFromMultipleSafes(s *Secret, safeIds []int) ([]Secret, error) {
|
||||
return secretResults, nil
|
||||
}
|
||||
|
||||
/*
|
||||
// Returns all matching secrets, up to caller to determine how to deal with multiple results
|
||||
func GetSecrets(s *Secret, adminRole bool) ([]Secret, error) {
|
||||
var err error
|
||||
var rows *sqlx.Rows
|
||||
var secretResults []Secret
|
||||
|
||||
log.Printf("GetSecrets querying values '%v' with admin role '%v'\n", s, adminRole)
|
||||
|
||||
// Admin roles should be able to access all secrets so don't do any filter based on RoleId
|
||||
if adminRole {
|
||||
// Determine whether to query for a specific device or a category of devices
|
||||
// Prefer querying device name than category
|
||||
if s.DeviceName != "" && s.DeviceCategory != "" && s.UserName != "" {
|
||||
rows, err = db.Queryx("SELECT * FROM secrets WHERE DeviceName LIKE ? AND DeviceCategory LIKE ? AND UserName = ?", s.DeviceName, s.DeviceCategory, s.UserName)
|
||||
} else if s.DeviceName != "" && s.UserName != "" {
|
||||
rows, err = db.Queryx("SELECT * FROM secrets WHERE DeviceName LIKE ? AND UserName = ?", s.DeviceName, s.UserName)
|
||||
} else if s.DeviceCategory != "" && s.UserName != "" {
|
||||
rows, err = db.Queryx("SELECT * FROM secrets WHERE DeviceCategory LIKE ? AND UserName = ?", s.DeviceCategory, s.UserName)
|
||||
} else if s.DeviceName != "" && s.DeviceCategory != "" {
|
||||
rows, err = db.Queryx("SELECT * FROM secrets WHERE DeviceName LIKE ? AND DeviceCategory LIKE ?", s.DeviceName, s.DeviceCategory)
|
||||
} else if s.DeviceName != "" {
|
||||
rows, err = db.Queryx("SELECT * FROM secrets WHERE DeviceName LIKE ?", s.DeviceName)
|
||||
} else if s.DeviceCategory != "" {
|
||||
rows, err = db.Queryx("SELECT * FROM secrets WHERE DeviceCategory LIKE ?", s.DeviceCategory)
|
||||
} else if s.UserName != "" {
|
||||
rows, err = db.Queryx("SELECT * FROM secrets WHERE UserName LIKE ?", s.UserName)
|
||||
} else {
|
||||
rows, err = db.Queryx("SELECT * FROM secrets")
|
||||
//log.Printf("GetSecret no valid search options specified\n")
|
||||
//err = errors.New("no valid search options specified")
|
||||
//return secretResults, err
|
||||
}
|
||||
} else {
|
||||
// Determine whether to query for a specific device or a category of devices
|
||||
// Prefer querying device name than category
|
||||
if s.DeviceName != "" && s.DeviceCategory != "" && s.UserName != "" {
|
||||
rows, err = db.Queryx("SELECT * FROM secrets WHERE DeviceName LIKE ? AND DeviceCategory LIKE ? AND UserName = ? AND SafeId = ?", s.DeviceName, s.DeviceCategory, s.UserName, s.SafeId)
|
||||
} else if s.DeviceName != "" && s.UserName != "" {
|
||||
rows, err = db.Queryx("SELECT * FROM secrets WHERE DeviceName LIKE ? AND UserName = ? AND SafeId = ?", s.DeviceName, s.UserName, s.SafeId)
|
||||
} else if s.DeviceCategory != "" && s.UserName != "" {
|
||||
rows, err = db.Queryx("SELECT * FROM secrets WHERE DeviceCategory LIKE ? AND UserName = ? AND SafeId = ?", s.DeviceCategory, s.UserName, s.SafeId)
|
||||
} else if s.DeviceName != "" && s.DeviceCategory != "" {
|
||||
rows, err = db.Queryx("SELECT * FROM secrets WHERE DeviceName LIKE ? AND DeviceCategory LIKE ? AND SafeId = ?", s.DeviceName, s.DeviceCategory, s.SafeId)
|
||||
} else if s.DeviceName != "" {
|
||||
rows, err = db.Queryx("SELECT * FROM secrets WHERE DeviceName LIKE ? AND SafeId = ?", s.DeviceName, s.SafeId)
|
||||
} else if s.DeviceCategory != "" {
|
||||
rows, err = db.Queryx("SELECT * FROM secrets WHERE DeviceCategory LIKE ? AND SafeId = ?", s.DeviceCategory, s.SafeId)
|
||||
} else if s.UserName != "" {
|
||||
rows, err = db.Queryx("SELECT * FROM secrets WHERE UserName LIKE ? AND SafeId = ?", s.UserName, s.SafeId)
|
||||
} else {
|
||||
rows, err = db.Queryx("SELECT * FROM secrets WHERE SafeId = ?", s.SafeId)
|
||||
//log.Printf("GetSecret no valid search options specified\n")
|
||||
//err = errors.New("no valid search options specified")
|
||||
//return secretResults, err
|
||||
}
|
||||
}
|
||||
|
||||
if err != nil {
|
||||
log.Printf("GetSecret error executing sql record : '%s'\n", err)
|
||||
return secretResults, err
|
||||
} else {
|
||||
// parse all the results into a slice
|
||||
for rows.Next() {
|
||||
var r Secret
|
||||
err = rows.StructScan(&r)
|
||||
if err != nil {
|
||||
log.Printf("GetSecret error parsing sql record : '%s'\n", err)
|
||||
return secretResults, err
|
||||
}
|
||||
|
||||
// Decrypt the secret
|
||||
_, err = r.DecryptSecret()
|
||||
if err != nil {
|
||||
//log.Printf("GetSecret unable to decrypt stored secret '%v' : '%s'\n", r.Secret, err)
|
||||
log.Printf("GetSecret unable to decrypt stored secret : '%s'\n", err)
|
||||
return secretResults, err
|
||||
} else {
|
||||
secretResults = append(secretResults, r)
|
||||
}
|
||||
|
||||
}
|
||||
log.Printf("GetSecret retrieved '%d' results\n", len(secretResults))
|
||||
}
|
||||
|
||||
return secretResults, nil
|
||||
}
|
||||
*/
|
||||
|
||||
func (s *Secret) UpdateSecret() (*Secret, error) {
|
||||
|
||||
var err error
|
||||
|
||||
Reference in New Issue
Block a user