diff --git a/README.md b/README.md index d69b13b..af7ea6a 100644 --- a/README.md +++ b/README.md @@ -357,9 +357,16 @@ If the current user has access to multiple safes, then the destination safeId wi Body ``` { - "deviceName": "", + "deviceName": "device.example.com", "deviceCategory": "", - "userName": "" + "userName": "example-user" +} +``` + +Body +``` +{ + "secretId": 29 } ``` @@ -369,6 +376,8 @@ Either deviceName or deviceCategory can be specified (or both). Wildcards are su 1. The percent sign % wildcard matches any sequence of zero or more characters. 2. The underscore _ wildcard matches any single character. +If the secretId is known, that can also be used to query for the secret. In this case the secretId uniquely identifies the secret so no other parameters are necessary. + #### Search by device name **GET** `/api/secret/retrieve/name/` diff --git a/controllers/retrieveSecrets.go b/controllers/retrieveSecrets.go index 24e5e70..6f5f7ed 100644 --- a/controllers/retrieveSecrets.go +++ b/controllers/retrieveSecrets.go @@ -10,6 +10,7 @@ import ( ) type RetrieveInput struct { + SecretId int `json:"secretId"` DeviceName string `json:"deviceName"` DeviceCategory string `json:"deviceCategory"` UserName string `json:"userName"` @@ -49,11 +50,14 @@ func RetrieveSecret(c *gin.Context) { // Populate fields s := models.Secret{} - //s.RoleId = u.RoleId s.DeviceName = input.DeviceName s.DeviceCategory = input.DeviceCategory s.UserName = input.UserName + if input.SecretId > 0 { + s.SecretId = input.SecretId + } + retrieveSpecifiedSecret(&s, c) } diff --git a/controllers/storeSecrets.go b/controllers/storeSecrets.go index 45f2cf9..6356fde 100644 --- a/controllers/storeSecrets.go +++ b/controllers/storeSecrets.go @@ -14,6 +14,7 @@ import ( type SecretInput struct { SafeId int `json:"safeId"` SafeName string `json:"safeName"` + SecretId int `json:"secretId"` DeviceName string `json:"deviceName"` DeviceCategory string `json:"deviceCategory"` UserName string `json:"userName"` @@ -402,6 +403,10 @@ func DeleteSecret(c *gin.Context) { // Populate fields s := models.Secret{} + if input.SecretId > 0 { + s.SecretId = input.SecretId + } + s.UserName = input.UserName s.DeviceName = input.DeviceName s.DeviceCategory = input.DeviceCategory diff --git a/models/secret.go b/models/secret.go index 7beb8a9..2dfa697 100644 --- a/models/secret.go +++ b/models/secret.go @@ -88,6 +88,11 @@ func SecretsGetAllowed(s *Secret, userId int) ([]UserSecret, error) { queryArgs = append(queryArgs, userId) // Add any other arguments to the query if they were specified + if s.SecretId > 0 { + query += " AND SecretId = ? " + queryArgs = append(queryArgs, s.SecretId) + } + if s.DeviceName != "" { query += " AND DeviceName LIKE ? " queryArgs = append(queryArgs, s.DeviceName) @@ -175,7 +180,7 @@ func SecretsGetFromMultipleSafes(s *Secret, safeIds []int) ([]Secret, error) { var err error var secretResults []Secret - args := []interface{}{} + queryArgs := []interface{}{} var query string // Generate placeholders for the IN clause to match multiple SafeId values placeholders := make([]string, len(safeIds)) @@ -189,28 +194,33 @@ func SecretsGetFromMultipleSafes(s *Secret, safeIds []int) ([]Secret, error) { // Add the Safe Ids to the arguments list for _, g := range safeIds { - args = append(args, g) + queryArgs = append(queryArgs, g) } // Add any other arguments to the query if they were specified + if s.SecretId > 0 { + query += " AND SecretId = ? " + queryArgs = append(queryArgs, s.SecretId) + } + if s.DeviceName != "" { query += " AND DeviceName LIKE ? " - args = append(args, s.DeviceName) + queryArgs = append(queryArgs, s.DeviceName) } if s.DeviceCategory != "" { query += " AND DeviceCategory LIKE ? " - args = append(args, s.DeviceCategory) + queryArgs = append(queryArgs, s.DeviceCategory) } if s.UserName != "" { query += " AND UserName LIKE ? " - args = append(args, s.UserName) + queryArgs = append(queryArgs, s.UserName) } // Execute the query - log.Printf("SecretsGetMultipleSafes query string :\n'%s'\nQuery Args : %+v\n", query, args) - rows, err := db.Queryx(query, args...) + log.Printf("SecretsGetMultipleSafes query string :\n'%s'\nQuery Args : %+v\n", query, queryArgs) + rows, err := db.Queryx(query, queryArgs...) if err != nil { log.Printf("SecretsGetMultipleSafes error executing sql record : '%s'\n", err)