add list secret api endpoint

README.md

@@ -59,8 +59,8 @@ POST `/api/admin/register`
 Data
 ```
 {
-    "UserName": "", 
+    "username": "", 
-    "Password": "",
+    "password": "",
     "RoleId": 2
 }
 ```
@@ -73,8 +73,8 @@ POST `/api/login`
 Data
 ```
 {
-    "UserName": "", 
+    "username": "", 
-    "Password": ""
+    "password": ""
 }
 ```
 This API call will return a JWT token that must be present for any other API calls to succeed. The validity duration of this token is based on the configured TOKEN_HOUR_LIFESPAN value. JWT token is returned as value of `access_token`.

controllers/retrieve_secrets.go

@@ -14,6 +14,15 @@ type RetrieveInput struct {
 	DeviceCategory string `json:"deviceCategory"`
 }
 
+type ListSecret struct {
+	SecretId       int    `db:"SecretId" json:"-"`
+	RoleId         int    `db:"RoleId" json:"-"`
+	DeviceName     string `db:"DeviceName"`
+	DeviceCategory string `db:"DeviceCategory"`
+	UserName       string `db:"UserName"`
+	Secret         string `db:"Secret" json:"-"`
+}
+
 func RetrieveSecret(c *gin.Context) {
 	var input RetrieveInput
 	var results []models.Secret
@@ -117,6 +126,36 @@ func retrieveSpecifiedSecret(s *models.Secret, c *gin.Context) {
 		return
 	}
 }
+func ListSecrets(c *gin.Context) {
+	var results []models.Secret
+	var output []ListSecret
+
+	// Get the user and role id of the requestor
+	u, err := models.GetUserRoleFromToken(c)
+	if err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
+		return
+	}
+
+	// If user is admin then list everything, otherwise only list for current role
+	if u.Admin {
+		results, err = models.GetSecrets(&models.Secret{}, false)
+	} else {
+		results, err = models.GetSecrets(&models.Secret{RoleId: u.RoleId}, true)
+	}
+
+	if err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
+		return
+	}
+
+	for _, v := range results {
+		output = append(output, ListSecret(v))
+	}
+	// output results as json
+	c.JSON(http.StatusOK, gin.H{"message": "success", "data": output})
+
+}
 
 func RetrieveMultpleSecrets(c *gin.Context) {
 	var input RetrieveInput

main.go

@@ -148,6 +148,7 @@ func main() {
 	protected := router.Group("/api/secret")
 	protected.Use(middlewares.JwtAuthMiddleware())
 	protected.POST("/retrieve", controllers.RetrieveSecret)
+	protected.POST("/list", controllers.ListSecrets)
 	protected.POST("/retrieveMultiple", controllers.RetrieveMultpleSecrets)
 	protected.POST("/store", controllers.StoreSecret)
 	protected.POST("/update", controllers.UpdateSecret)

models/secret.go

@@ -63,9 +63,10 @@ func GetSecrets(s *Secret, adminRole bool) ([]Secret, error) {
 		} else if s.DeviceCategory != "" {
 			rows, err = db.Queryx("SELECT * FROM secrets WHERE DeviceCategory LIKE ?", s.DeviceCategory)
 		} else {
-			log.Printf("GetSecret no valid search options specified\n")
+			rows, err = db.Queryx("SELECT * FROM secrets")
-			err = errors.New("no valid search options specified")
+			//log.Printf("GetSecret no valid search options specified\n")
-			return secretResults, err
+			//err = errors.New("no valid search options specified")
+			//return secretResults, err
 		}
 	} else {
 		// Determine whether to query for a specific device or a category of devices
@@ -77,9 +78,10 @@ func GetSecrets(s *Secret, adminRole bool) ([]Secret, error) {
 		} else if s.DeviceCategory != "" {
 			rows, err = db.Queryx("SELECT * FROM secrets WHERE DeviceCategory LIKE ? AND RoleId = ?", s.DeviceCategory, s.RoleId)
 		} else {
-			log.Printf("GetSecret no valid search options specified\n")
+			rows, err = db.Queryx("SELECT * FROM secrets WHERE RoleId = ?", s.RoleId)
-			err = errors.New("no valid search options specified")
+			//log.Printf("GetSecret no valid search options specified\n")
-			return secretResults, err
+			//err = errors.New("no valid search options specified")
+			//return secretResults, err
 		}
 	}