add last updated tracking for secrets
All checks were successful
continuous-integration/drone/push Build is passing
All checks were successful
continuous-integration/drone/push Build is passing
This commit is contained in:
@@ -5,6 +5,7 @@ import (
|
|||||||
"log"
|
"log"
|
||||||
"net/http"
|
"net/http"
|
||||||
"smt/models"
|
"smt/models"
|
||||||
|
"time"
|
||||||
|
|
||||||
"github.com/gin-gonic/gin"
|
"github.com/gin-gonic/gin"
|
||||||
)
|
)
|
||||||
@@ -25,6 +26,7 @@ type ListSecret struct {
|
|||||||
DeviceCategory string `db:"DeviceCategory" json:"deviceCategory"`
|
DeviceCategory string `db:"DeviceCategory" json:"deviceCategory"`
|
||||||
UserName string `db:"UserName" json:"userName"`
|
UserName string `db:"UserName" json:"userName"`
|
||||||
Secret string `db:"Secret" json:"-"`
|
Secret string `db:"Secret" json:"-"`
|
||||||
|
LastUpdated time.Time `db:"LastUpdated" json:"lastUpdated"`
|
||||||
}
|
}
|
||||||
|
|
||||||
func RetrieveSecret(c *gin.Context) {
|
func RetrieveSecret(c *gin.Context) {
|
||||||
|
|||||||
@@ -11,6 +11,7 @@ import (
|
|||||||
"log"
|
"log"
|
||||||
"smt/utils"
|
"smt/utils"
|
||||||
"strings"
|
"strings"
|
||||||
|
"time"
|
||||||
)
|
)
|
||||||
|
|
||||||
const nonceSize = 12
|
const nonceSize = 12
|
||||||
@@ -23,6 +24,7 @@ type Secret struct {
|
|||||||
DeviceCategory string `db:"DeviceCategory" json:"deviceCategory"`
|
DeviceCategory string `db:"DeviceCategory" json:"deviceCategory"`
|
||||||
UserName string `db:"UserName" json:"userName"`
|
UserName string `db:"UserName" json:"userName"`
|
||||||
Secret string `db:"Secret" json:"secret"`
|
Secret string `db:"Secret" json:"secret"`
|
||||||
|
LastUpdated time.Time `db:"LastUpdated" json:"lastUpdated"`
|
||||||
}
|
}
|
||||||
|
|
||||||
// SecretRestricted is for when we want to output a Secret but not the protected information
|
// SecretRestricted is for when we want to output a Secret but not the protected information
|
||||||
@@ -33,6 +35,7 @@ type SecretRestricted struct {
|
|||||||
DeviceCategory string `db:"DeviceCategory" json:"deviceCategory"`
|
DeviceCategory string `db:"DeviceCategory" json:"deviceCategory"`
|
||||||
UserName string `db:"UserName" json:"userName"`
|
UserName string `db:"UserName" json:"userName"`
|
||||||
Secret string `db:"Secret" json:"-"`
|
Secret string `db:"Secret" json:"-"`
|
||||||
|
LastUpdated time.Time `db:"LastUpdated" json:"lastUpdated"`
|
||||||
}
|
}
|
||||||
|
|
||||||
// Used for querying all secrets the user has access to
|
// Used for querying all secrets the user has access to
|
||||||
@@ -51,11 +54,15 @@ func (s Secret) GetId() int {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func (s *Secret) SaveSecret() (*Secret, error) {
|
func (s *Secret) SaveSecret() (*Secret, error) {
|
||||||
|
|
||||||
var err error
|
var err error
|
||||||
|
|
||||||
|
// Populate timestamp field if not already set
|
||||||
|
if s.LastUpdated.IsZero() {
|
||||||
|
s.LastUpdated = time.Now().UTC()
|
||||||
|
}
|
||||||
|
|
||||||
log.Printf("SaveSecret storing values '%v'\n", s)
|
log.Printf("SaveSecret storing values '%v'\n", s)
|
||||||
result, err := db.NamedExec((`INSERT INTO secrets (SafeId, DeviceName, DeviceCategory, UserName, Secret) VALUES (:SafeId, :DeviceName, :DeviceCategory, :UserName, :Secret)`), s)
|
result, err := db.NamedExec((`INSERT INTO secrets (SafeId, DeviceName, DeviceCategory, UserName, Secret, LastUpdated) VALUES (:SafeId, :DeviceName, :DeviceCategory, :UserName, :Secret, :LastUpdated)`), s)
|
||||||
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Printf("StoreSecret error executing sql record : '%s'\n", err)
|
log.Printf("StoreSecret error executing sql record : '%s'\n", err)
|
||||||
@@ -79,7 +86,7 @@ func SecretsGetAllowed(s *Secret, userId int) ([]UserSecret, error) {
|
|||||||
queryArgs := []interface{}{}
|
queryArgs := []interface{}{}
|
||||||
query := `
|
query := `
|
||||||
SELECT users.UserId AS UserUserId, permissions.*,
|
SELECT users.UserId AS UserUserId, permissions.*,
|
||||||
secrets.SecretId, secrets.SafeId, secrets.DeviceName, secrets.DeviceCategory, secrets.UserName
|
secrets.SecretId, secrets.SafeId, secrets.DeviceName, secrets.DeviceCategory, secrets.UserName, secrets.LastUpdated
|
||||||
FROM users
|
FROM users
|
||||||
INNER JOIN groups ON users.GroupId = groups.GroupId
|
INNER JOIN groups ON users.GroupId = groups.GroupId
|
||||||
INNER JOIN permissions ON groups.GroupId = permissions.GroupId
|
INNER JOIN permissions ON groups.GroupId = permissions.GroupId
|
||||||
@@ -112,7 +119,7 @@ func SecretsGetAllowed(s *Secret, userId int) ([]UserSecret, error) {
|
|||||||
query += `
|
query += `
|
||||||
UNION
|
UNION
|
||||||
SELECT users.UserId AS UserUserId, permissions.*,
|
SELECT users.UserId AS UserUserId, permissions.*,
|
||||||
secrets.SecretId, secrets.SafeId, secrets.DeviceName, secrets.DeviceCategory, secrets.UserName
|
secrets.SecretId, secrets.SafeId, secrets.DeviceName, secrets.DeviceCategory, secrets.UserName, secrets.LastUpdated
|
||||||
FROM users
|
FROM users
|
||||||
INNER JOIN permissions ON users.UserId = permissions.UserId
|
INNER JOIN permissions ON users.UserId = permissions.UserId
|
||||||
INNER JOIN safes on permissions.SafeId = safes.SafeId
|
INNER JOIN safes on permissions.SafeId = safes.SafeId
|
||||||
@@ -256,6 +263,11 @@ func (s *Secret) UpdateSecret() (*Secret, error) {
|
|||||||
|
|
||||||
var err error
|
var err error
|
||||||
|
|
||||||
|
// Populate timestamp field if not already set
|
||||||
|
if s.LastUpdated.IsZero() {
|
||||||
|
s.LastUpdated = time.Now().UTC()
|
||||||
|
}
|
||||||
|
|
||||||
log.Printf("UpdateSecret storing values '%v'\n", s)
|
log.Printf("UpdateSecret storing values '%v'\n", s)
|
||||||
|
|
||||||
if s.SecretId == 0 {
|
if s.SecretId == 0 {
|
||||||
@@ -264,7 +276,7 @@ func (s *Secret) UpdateSecret() (*Secret, error) {
|
|||||||
return s, err
|
return s, err
|
||||||
}
|
}
|
||||||
|
|
||||||
result, err := db.NamedExec((`UPDATE secrets SET DeviceName = :DeviceName, DeviceCategory = :DeviceCategory, UserName = :UserName, Secret = :Secret WHERE SecretId = :SecretId`), s)
|
result, err := db.NamedExec((`UPDATE secrets SET DeviceName = :DeviceName, DeviceCategory = :DeviceCategory, UserName = :UserName, Secret = :Secret, LastUpdated = :LastUpdated WHERE SecretId = :SecretId`), s)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Printf("UpdateSecret error executing sql record : '%s'\n", err)
|
log.Printf("UpdateSecret error executing sql record : '%s'\n", err)
|
||||||
return &Secret{}, err
|
return &Secret{}, err
|
||||||
|
|||||||
@@ -68,6 +68,7 @@ const createSecrets string = `
|
|||||||
DeviceCategory VARCHAR,
|
DeviceCategory VARCHAR,
|
||||||
UserName VARCHAR,
|
UserName VARCHAR,
|
||||||
Secret VARCHAR,
|
Secret VARCHAR,
|
||||||
|
LastUpdated datetime,
|
||||||
FOREIGN KEY (SafeId) REFERENCES safes(SafeId)
|
FOREIGN KEY (SafeId) REFERENCES safes(SafeId)
|
||||||
);
|
);
|
||||||
`
|
`
|
||||||
@@ -380,6 +381,16 @@ func CreateTables() {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
secretsLastUpdatedCheck, _ := CheckColumnExists("secrets", "LastUpdated")
|
||||||
|
if !secretsLastUpdatedCheck {
|
||||||
|
// Add the column for LastUpdated in the secrets table
|
||||||
|
_, err := db.Exec("ALTER TABLE secrets ADD COLUMN LastUpdated datetime;")
|
||||||
|
if err != nil {
|
||||||
|
log.Printf("Error altering secrets table to add LastUpdated column : '%s'\n", err)
|
||||||
|
os.Exit(1)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
// Database updates added after initial version released
|
// Database updates added after initial version released
|
||||||
ldapCheck, _ := CheckColumnExists("roles", "LdapGroup")
|
ldapCheck, _ := CheckColumnExists("roles", "LdapGroup")
|
||||||
|
|||||||
Reference in New Issue
Block a user