From b57a4ed95c10427f7d4233a05fa30d61f6acfe76 Mon Sep 17 00:00:00 2001 From: Nathan Coad Date: Tue, 9 Jan 2024 15:44:30 +1100 Subject: [PATCH] try to improve ListSecrets --- controllers/retrieve_secrets.go | 72 ++++++++++++++++++++------------- controllers/store_secrets.go | 6 +-- 2 files changed, 47 insertions(+), 31 deletions(-) diff --git a/controllers/retrieve_secrets.go b/controllers/retrieve_secrets.go index 885787d..72cd6bb 100644 --- a/controllers/retrieve_secrets.go +++ b/controllers/retrieve_secrets.go @@ -1,6 +1,7 @@ package controllers import ( + "fmt" "log" "net/http" "smt/models" @@ -221,7 +222,7 @@ func ListSecrets(c *gin.Context) { var UserId int var output []ListSecret - var results []models.Secret + //var results []models.Secret s := models.Secret{} // Get userId that we stored in the context earlier @@ -232,41 +233,56 @@ func ListSecrets(c *gin.Context) { UserId = val.(int) } - // Work out which safe to query for this user if the safe was not specified - safeList, err := models.UserGetSafesAllowed(int(UserId)) - + secretList, err := models.SecretsGetAllowed(&s, UserId) if err != nil { - c.JSON(http.StatusBadRequest, gin.H{"error": "error determining user safes"}) - return - } - - // If there was only one result then just use that - if len(safeList) == 0 { - errString := "no matching secret or user has no access to specified secret" + errString := fmt.Sprintf("error getting allowed secrets : '%s'", err) log.Printf("ListSecrets %s\n", errString) c.JSON(http.StatusBadRequest, gin.H{"error": errString}) return - } else if len(safeList) == 1 { - s.SafeId = safeList[0].SafeId - results, err = models.SecretsGetMultipleSafes(&s, []int{s.SafeId}) - } else { - // Create a list of all the safes this user can access - var safeIds []int - for _, safe := range safeList { - safeIds = append(safeIds, safe.SafeId) + } + + // Extract the normal secret fields from the allowed list + for _, secret := range secretList { + output = append(output, ListSecret(secret.Secret)) + } + + /* + // Work out which safe to query for this user if the safe was not specified + safeList, err := models.UserGetSafesAllowed(int(UserId)) + + if err != nil { + c.JSON(http.StatusBadRequest, gin.H{"error": "error determining user safes"}) + return } - results, err = models.SecretsGetMultipleSafes(&s, safeIds) - } + // If there was only one result then just use that + if len(safeList) == 0 { + errString := "no matching secret or user has no access to specified secret" + log.Printf("ListSecrets %s\n", errString) + c.JSON(http.StatusBadRequest, gin.H{"error": errString}) + return + } else if len(safeList) == 1 { + s.SafeId = safeList[0].SafeId + results, err = models.SecretsGetMultipleSafes(&s, []int{s.SafeId}) + } else { + // Create a list of all the safes this user can access + var safeIds []int + for _, safe := range safeList { + safeIds = append(safeIds, safe.SafeId) + } - if err != nil { - c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()}) - return - } + results, err = models.SecretsGetMultipleSafes(&s, safeIds) + } - for _, v := range results { - output = append(output, ListSecret(v)) - } + if err != nil { + c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()}) + return + } + + for _, v := range results { + output = append(output, ListSecret(v)) + } + */ // output results as json c.JSON(http.StatusOK, gin.H{"message": "success", "data": output}) diff --git a/controllers/store_secrets.go b/controllers/store_secrets.go index e8a2be0..12bdb68 100644 --- a/controllers/store_secrets.go +++ b/controllers/store_secrets.go @@ -336,7 +336,7 @@ func UpdateSecret(c *gin.Context) { func DeleteSecret(c *gin.Context) { var err error var input SecretInput - var user_id int + var UserId int if err := c.ShouldBindJSON(&input); err != nil { c.JSON(http.StatusBadRequest, gin.H{"error": "DeleteSecret error binding to input JSON : " + err.Error()}) @@ -350,7 +350,7 @@ func DeleteSecret(c *gin.Context) { c.JSON(http.StatusBadRequest, gin.H{"error": "error determining user"}) return } else { - user_id = val.(int) + UserId = val.(int) //log.Printf("user_id: %v\n", user_id) } @@ -361,7 +361,7 @@ func DeleteSecret(c *gin.Context) { s.DeviceName = input.DeviceName s.DeviceCategory = input.DeviceCategory - secretList, err := models.SecretsGetAllowed(&s, user_id) + secretList, err := models.SecretsGetAllowed(&s, UserId) if err != nil { errString := fmt.Sprintf("error getting allowed secrets : '%s'", err) log.Printf("DeleteSecret %s\n", errString)