From abaa291a14620dcffa9ee5bce2a9ac14dddebeb8 Mon Sep 17 00:00:00 2001 From: Nathan Coad Date: Mon, 22 Jan 2024 16:13:35 +1100 Subject: [PATCH] add search by username --- README.md | 15 +++++++++++++-- controllers/retrieveSecrets.go | 14 ++++++++++++++ main.go | 4 ++++ 3 files changed, 31 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 73da6f8..4192838 100644 --- a/README.md +++ b/README.md @@ -80,6 +80,10 @@ WantedBy=multi-user.target ``` ## API Usage +API calls should return http status code of **200** if successful, or **4xx** if unsuccessful. API calls that are unsuccessful will also include a JSON response with the key `error` and a value of the reason for the failure. Successful API calls will include a `message` key with a value of either success or something more detailed such as "user deletion success" + +API calls that create or modify a record will include the created/updated record in the JSON response. + ### Login **POST** `/api/login` @@ -390,14 +394,21 @@ If the secretId is known, that can also be used to query for the secret. In this **GET** `/api/secret/retrieve/name/` Search for a secret specified by deviceName using a GET request. -Must be logged in to execute this command. Only secrets registered with the current user's RoleId can be retrieved. +Must be logged in to execute this command. Only secrets in safes that the current user can access can be retrieved. #### Search by device category **GET** `/api/secret/retrieve/category/` Search for a secret specified by deviceCategory using a GET request. -Must be logged in to execute this command. Only secrets registered with the current user's RoleId can be retrieved. +Must be logged in to execute this command. Only secrets in safes that the current user can access can be retrieved. + +#### Search by username + +**GET** `/api/secret/retrieve/user/` + +Search for a secret specified by userName using a GET request. +Must be logged in to execute this command. Only secrets in safes that the current user can access can be retrieved. #### Update Secret **POST** `/api/secret/update` diff --git a/controllers/retrieveSecrets.go b/controllers/retrieveSecrets.go index 2c3905d..9cdc5df 100644 --- a/controllers/retrieveSecrets.go +++ b/controllers/retrieveSecrets.go @@ -92,6 +92,20 @@ func RetrieveSecretByDevicecategory(c *gin.Context) { retrieveSpecifiedSecret(&s, c) } +func RetrieveSecretByUsername(c *gin.Context) { + userName := c.Param("username") + + if userName == "" { + c.JSON(http.StatusBadRequest, gin.H{"error": "no username value specified"}) + return + } + + // Create object based on specified data + s := models.Secret{UserName: userName} + + retrieveSpecifiedSecret(&s, c) +} + func retrieveSpecifiedSecret(s *models.Secret, c *gin.Context) { /* // Get the user and role id of the requestor diff --git a/main.go b/main.go index f557aab..f13c7ea 100644 --- a/main.go +++ b/main.go @@ -270,6 +270,9 @@ func main() { // Other functions for admin adminOnly.POST("/unlock", controllers.Unlock) adminOnly.GET("/logs", controllers.GetAuditLogsHandler) + // TODO + //adminOnly.GET("/logs/secret/:id", controllers.GetAuditLogsBySecretHandler) + //adminOnly.GET("/logs/user/:id", controllers.GetAuditLogsByUserHandler) // Get secrets secretRoutes := router.Group("/api/secret") @@ -293,6 +296,7 @@ func main() { // See https://gin-gonic.com/docs/examples/param-in-path/ secretRoutes.GET("/retrieve/name/:devicename", controllers.RetrieveSecretByDevicename) secretRoutes.GET("/retrieve/category/:devicecategory", controllers.RetrieveSecretByDevicecategory) + secretRoutes.GET("/retrieve/user/:username", controllers.RetrieveSecretByUsername) // Initializing the server in a goroutine so that // it won't block the graceful shutdown handling below