From b9a0c3ec0a34a985f6184b6fbf6e4326bbd2060e Mon Sep 17 00:00:00 2001
From: Nathan Coad <nathan@thecoads.com>
Date: Wed, 5 Apr 2023 11:31:42 +1000
Subject: [PATCH] add list secret api endpoint

---
 README.md                       |  8 +++----
 controllers/retrieve_secrets.go | 39 +++++++++++++++++++++++++++++++++
 main.go                         |  1 +
 models/secret.go                | 14 +++++++-----
 4 files changed, 52 insertions(+), 10 deletions(-)

diff --git a/README.md b/README.md
index 05c7f37..00ab3c4 100644
--- a/README.md
+++ b/README.md
@@ -59,8 +59,8 @@ POST `/api/admin/register`
 Data
 ```
 {
-    "UserName": "", 
-    "Password": "",
+    "username": "", 
+    "password": "",
     "RoleId": 2
 }
 ```
@@ -73,8 +73,8 @@ POST `/api/login`
 Data
 ```
 {
-    "UserName": "", 
-    "Password": ""
+    "username": "", 
+    "password": ""
 }
 ```
 This API call will return a JWT token that must be present for any other API calls to succeed. The validity duration of this token is based on the configured TOKEN_HOUR_LIFESPAN value. JWT token is returned as value of `access_token`.
diff --git a/controllers/retrieve_secrets.go b/controllers/retrieve_secrets.go
index 642c221..1c0f0a1 100644
--- a/controllers/retrieve_secrets.go
+++ b/controllers/retrieve_secrets.go
@@ -14,6 +14,15 @@ type RetrieveInput struct {
 	DeviceCategory string `json:"deviceCategory"`
 }
 
+type ListSecret struct {
+	SecretId       int    `db:"SecretId" json:"-"`
+	RoleId         int    `db:"RoleId" json:"-"`
+	DeviceName     string `db:"DeviceName"`
+	DeviceCategory string `db:"DeviceCategory"`
+	UserName       string `db:"UserName"`
+	Secret         string `db:"Secret" json:"-"`
+}
+
 func RetrieveSecret(c *gin.Context) {
 	var input RetrieveInput
 	var results []models.Secret
@@ -117,6 +126,36 @@ func retrieveSpecifiedSecret(s *models.Secret, c *gin.Context) {
 		return
 	}
 }
+func ListSecrets(c *gin.Context) {
+	var results []models.Secret
+	var output []ListSecret
+
+	// Get the user and role id of the requestor
+	u, err := models.GetUserRoleFromToken(c)
+	if err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
+		return
+	}
+
+	// If user is admin then list everything, otherwise only list for current role
+	if u.Admin {
+		results, err = models.GetSecrets(&models.Secret{}, false)
+	} else {
+		results, err = models.GetSecrets(&models.Secret{RoleId: u.RoleId}, true)
+	}
+
+	if err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
+		return
+	}
+
+	for _, v := range results {
+		output = append(output, ListSecret(v))
+	}
+	// output results as json
+	c.JSON(http.StatusOK, gin.H{"message": "success", "data": output})
+
+}
 
 func RetrieveMultpleSecrets(c *gin.Context) {
 	var input RetrieveInput
diff --git a/main.go b/main.go
index 2814ee1..7ce6ffb 100644
--- a/main.go
+++ b/main.go
@@ -148,6 +148,7 @@ func main() {
 	protected := router.Group("/api/secret")
 	protected.Use(middlewares.JwtAuthMiddleware())
 	protected.POST("/retrieve", controllers.RetrieveSecret)
+	protected.POST("/list", controllers.ListSecrets)
 	protected.POST("/retrieveMultiple", controllers.RetrieveMultpleSecrets)
 	protected.POST("/store", controllers.StoreSecret)
 	protected.POST("/update", controllers.UpdateSecret)
diff --git a/models/secret.go b/models/secret.go
index a36ad32..ac27752 100644
--- a/models/secret.go
+++ b/models/secret.go
@@ -63,9 +63,10 @@ func GetSecrets(s *Secret, adminRole bool) ([]Secret, error) {
 		} else if s.DeviceCategory != "" {
 			rows, err = db.Queryx("SELECT * FROM secrets WHERE DeviceCategory LIKE ?", s.DeviceCategory)
 		} else {
-			log.Printf("GetSecret no valid search options specified\n")
-			err = errors.New("no valid search options specified")
-			return secretResults, err
+			rows, err = db.Queryx("SELECT * FROM secrets")
+			//log.Printf("GetSecret no valid search options specified\n")
+			//err = errors.New("no valid search options specified")
+			//return secretResults, err
 		}
 	} else {
 		// Determine whether to query for a specific device or a category of devices
@@ -77,9 +78,10 @@ func GetSecrets(s *Secret, adminRole bool) ([]Secret, error) {
 		} else if s.DeviceCategory != "" {
 			rows, err = db.Queryx("SELECT * FROM secrets WHERE DeviceCategory LIKE ? AND RoleId = ?", s.DeviceCategory, s.RoleId)
 		} else {
-			log.Printf("GetSecret no valid search options specified\n")
-			err = errors.New("no valid search options specified")
-			return secretResults, err
+			rows, err = db.Queryx("SELECT * FROM secrets WHERE RoleId = ?", s.RoleId)
+			//log.Printf("GetSecret no valid search options specified\n")
+			//err = errors.New("no valid search options specified")
+			//return secretResults, err
 		}
 	}