nathan/smt
1
0
Fork 0
Code Issues 4 Pull Requests Packages Projects Releases 2 Wiki Activity

updates
All checks were successful
continuous-integration/drone/push Build is passing
Details

Browse Source
This commit is contained in:
Nathan Coad
2024-01-08 15:35:13 +11:00
parent d1857f2db1
commit ac60d1daef
4 changed files with 97 additions and 74 deletions
Download Patch File Download Diff File Expand all files Collapse all files

120
controllers/retrieve_secrets.go
View File

@@ -29,8 +29,8 @@ type ListSecret struct {
func RetrieveSecret(c *gin.Context) {
var input RetrieveInput
var results []models.Secret
var userIsAdmin bool = false
//var results []models.Secret
//var userIsAdmin bool = false
// Validate the input matches our struct
if err := c.ShouldBindJSON(&input); err != nil {
@@ -55,55 +55,67 @@ func RetrieveSecret(c *gin.Context) {
s.DeviceCategory = input.DeviceCategory
s.UserName = input.UserName
user_id, err := token.ExtractTokenID(c)
if err != nil {
c.JSON(http.StatusBadRequest, gin.H{"error": "error determining user"})
return
}
retrieveSpecifiedSecret(&s, c)
// Work out which safe to query for this user if the safe was not specified
safeList, err := models.UserGetSafesAllowed(int(user_id))
// If there was only one result then just use that
if len(safeList) == 0 {
// check if the user is an admin, if not then they seem to have access to zero safes
if !models.UserCheckIfAdmin(int(user_id)) {
c.JSON(http.StatusBadRequest, gin.H{"error": "user has no access to any secrets"})
/*
user_id, err := token.ExtractTokenID(c)
if err != nil {
c.JSON(http.StatusBadRequest, gin.H{"error": "error determining user"})
return
}
// Don't apply a role filter if user has admin role
results, err = models.GetSecrets(&s, userIsAdmin)
} else if len(safeList) == 1 {
s.SafeId = safeList[0].SafeId
userIsAdmin = safeList[0].AdminUser || safeList[0].AdminGroup
// Don't apply a role filter if user has admin role
results, err = models.GetSecrets(&s, userIsAdmin)
} else {
// TODO - this is tricky. How to query multiple safes?
var safeIds []int
for _, safe := range safeList {
safeIds = append(safeIds, safe.SafeId)
// Work out which safe to query for this user if the safe was not specified
safeList, err := models.UserGetSafesAllowed(int(user_id))
if err != nil {
c.JSON(http.StatusBadRequest, gin.H{"error": "error determining user safes"})
return
}
results, err = models.SecretsGetMultipleSafes(&s, false, safeIds)
}
// If there was only one result then just use that
if len(safeList) == 0 {
// check if the user is an admin, if not then they seem to have access to zero safes
if !models.UserCheckIfAdmin(int(user_id)) {
c.JSON(http.StatusBadRequest, gin.H{"error": "user has no access to any secrets"})
return
} else {
// Don't apply a role filter if user has admin role
results, err = models.SecretsGetMultipleSafes(&s, true, []int{})
}
if err != nil {
c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
return
}
} else if len(safeList) == 1 {
s.SafeId = safeList[0].SafeId
userIsAdmin = safeList[0].AdminUser || safeList[0].AdminGroup
// Don't apply a role filter if user has admin role
//results, err = models.GetSecrets(&s, userIsAdmin)
results, err = models.SecretsGetMultipleSafes(&s, userIsAdmin, []int{s.SafeId})
} else {
// Create a list of all the safes this user can access
var safeIds []int
for _, safe := range safeList {
safeIds = append(safeIds, safe.SafeId)
}
if len(results) == 1 {
// output results as json
c.JSON(http.StatusOK, gin.H{"message": "success", "data": results})
} else if len(results) > 1 {
c.JSON(http.StatusBadRequest, gin.H{"error": "found multiple matching secrets, use retrieveMultiple instead"})
return
} else {
c.JSON(http.StatusBadRequest, gin.H{"error": "found no matching secrets"})
return
}
results, err = models.SecretsGetMultipleSafes(&s, false, safeIds)
}
if err != nil {
c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
return
}
if len(results) == 1 {
// output results as json
c.JSON(http.StatusOK, gin.H{"message": "success", "data": results})
} else if len(results) > 1 {
c.JSON(http.StatusBadRequest, gin.H{"error": "found multiple matching secrets, use retrieveMultiple instead"})
return
} else {
c.JSON(http.StatusBadRequest, gin.H{"error": "found no matching secrets"})
return
}
*/
}
func RetrieveSecretByDevicename(c *gin.Context) {
@@ -163,23 +175,30 @@ func retrieveSpecifiedSecret(s *models.Secret, c *gin.Context) {
// Work out which safe to query for this user if the safe was not specified
safeList, err := models.UserGetSafesAllowed(int(user_id))
if err != nil {
c.JSON(http.StatusBadRequest, gin.H{"error": "error determining user safes"})
return
}
// If there was only one result then just use that
if len(safeList) == 0 {
// check if the user is an admin, if not then they seem to have access to zero safes
if !models.UserCheckIfAdmin(int(user_id)) {
c.JSON(http.StatusBadRequest, gin.H{"error": "user has no access to any secrets"})
return
} else {
// Don't apply a role filter if user has admin role
results, err = models.SecretsGetMultipleSafes(s, true, []int{})
}
// Don't apply a role filter if user has admin role
results, err = models.GetSecrets(s, userIsAdmin)
} else if len(safeList) == 1 {
s.SafeId = safeList[0].SafeId
userIsAdmin = safeList[0].AdminUser || safeList[0].AdminGroup
// Don't apply a role filter if user has admin role
results, err = models.GetSecrets(s, userIsAdmin)
//results, err = models.GetSecrets(&s, userIsAdmin)
results, err = models.SecretsGetMultipleSafes(s, userIsAdmin, []int{s.SafeId})
} else {
// TODO - this is tricky. How to query multiple safes?
// Create a list of all the safes this user can access
var safeIds []int
for _, safe := range safeList {
safeIds = append(safeIds, safe.SafeId)
@@ -188,6 +207,11 @@ func retrieveSpecifiedSecret(s *models.Secret, c *gin.Context) {
results, err = models.SecretsGetMultipleSafes(s, false, safeIds)
}
if err != nil {
c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
return
}
if len(results) == 1 {
// output results as json
c.JSON(http.StatusOK, gin.H{"message": "success", "data": results})