nathan/smt
1
0
Fork 0
Code Issues 4 Pull Requests Packages Projects Releases 2 Wiki Activity

try to improve ListSecrets
All checks were successful
continuous-integration/drone/push Build is passing
Details

Browse Source
This commit is contained in:
Nathan Coad
2024-01-09 15:44:30 +11:00
parent 13d5df2953
commit b57a4ed95c
2 changed files with 47 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

72
controllers/retrieve_secrets.go
View File

@@ -1,6 +1,7 @@
package controllers
import (
"fmt"
"log"
"net/http"
"smt/models"
@@ -221,7 +222,7 @@ func ListSecrets(c *gin.Context) {
var UserId int
var output []ListSecret
var results []models.Secret
//var results []models.Secret
s := models.Secret{}
// Get userId that we stored in the context earlier
@@ -232,41 +233,56 @@ func ListSecrets(c *gin.Context) {
UserId = val.(int)
}
// Work out which safe to query for this user if the safe was not specified
safeList, err := models.UserGetSafesAllowed(int(UserId))
secretList, err := models.SecretsGetAllowed(&s, UserId)
if err != nil {
c.JSON(http.StatusBadRequest, gin.H{"error": "error determining user safes"})
return
}
// If there was only one result then just use that
if len(safeList) == 0 {
errString := "no matching secret or user has no access to specified secret"
errString := fmt.Sprintf("error getting allowed secrets : '%s'", err)
log.Printf("ListSecrets %s\n", errString)
c.JSON(http.StatusBadRequest, gin.H{"error": errString})
return
} else if len(safeList) == 1 {
s.SafeId = safeList[0].SafeId
results, err = models.SecretsGetMultipleSafes(&s, []int{s.SafeId})
} else {
// Create a list of all the safes this user can access
var safeIds []int
for _, safe := range safeList {
safeIds = append(safeIds, safe.SafeId)
}
// Extract the normal secret fields from the allowed list
for _, secret := range secretList {
output = append(output, ListSecret(secret.Secret))
}
/*
// Work out which safe to query for this user if the safe was not specified
safeList, err := models.UserGetSafesAllowed(int(UserId))
if err != nil {
c.JSON(http.StatusBadRequest, gin.H{"error": "error determining user safes"})
return
}
results, err = models.SecretsGetMultipleSafes(&s, safeIds)
}
// If there was only one result then just use that
if len(safeList) == 0 {
errString := "no matching secret or user has no access to specified secret"
log.Printf("ListSecrets %s\n", errString)
c.JSON(http.StatusBadRequest, gin.H{"error": errString})
return
} else if len(safeList) == 1 {
s.SafeId = safeList[0].SafeId
results, err = models.SecretsGetMultipleSafes(&s, []int{s.SafeId})
} else {
// Create a list of all the safes this user can access
var safeIds []int
for _, safe := range safeList {
safeIds = append(safeIds, safe.SafeId)
}
if err != nil {
c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
return
}
results, err = models.SecretsGetMultipleSafes(&s, safeIds)
}
for _, v := range results {
output = append(output, ListSecret(v))
}
if err != nil {
c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
return
}
for _, v := range results {
output = append(output, ListSecret(v))
}
*/
// output results as json
c.JSON(http.StatusOK, gin.H{"message": "success", "data": output})