new schema initial commit
All checks were successful
continuous-integration/drone/push Build is passing
All checks were successful
continuous-integration/drone/push Build is passing
This commit is contained in:
@@ -13,11 +13,14 @@ type RetrieveInput struct {
|
||||
DeviceName string `json:"deviceName"`
|
||||
DeviceCategory string `json:"deviceCategory"`
|
||||
UserName string `json:"userName"`
|
||||
SafeId int `json:"safeId"`
|
||||
SafeName string `json:"safeName"`
|
||||
}
|
||||
|
||||
type ListSecret struct {
|
||||
SecretId int `db:"SecretId" json:"-"`
|
||||
RoleId int `db:"RoleId" json:"-"`
|
||||
SecretId int `db:"SecretId" json:"-"`
|
||||
//RoleId int `db:"RoleId" json:"-"`
|
||||
SafeId int `db:"SafeId"`
|
||||
DeviceName string `db:"DeviceName"`
|
||||
DeviceCategory string `db:"DeviceCategory"`
|
||||
UserName string `db:"UserName"`
|
||||
@@ -27,6 +30,7 @@ type ListSecret struct {
|
||||
func RetrieveSecret(c *gin.Context) {
|
||||
var input RetrieveInput
|
||||
var results []models.Secret
|
||||
var userIsAdmin bool = false
|
||||
|
||||
// Validate the input matches our struct
|
||||
if err := c.ShouldBindJSON(&input); err != nil {
|
||||
@@ -35,22 +39,55 @@ func RetrieveSecret(c *gin.Context) {
|
||||
}
|
||||
log.Printf("RetrieveSecret received JSON input '%v'\n", input)
|
||||
|
||||
// Get the user and role id of the requestor
|
||||
u, err := models.GetUserRoleFromToken(c)
|
||||
if err != nil {
|
||||
c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
|
||||
return
|
||||
}
|
||||
/*
|
||||
// Get the user and role id of the requestor
|
||||
u, err := models.UserGetRoleFromToken(c)
|
||||
if err != nil {
|
||||
c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
|
||||
return
|
||||
}
|
||||
*/
|
||||
|
||||
// Populate fields
|
||||
s := models.Secret{}
|
||||
s.RoleId = u.RoleId
|
||||
//s.RoleId = u.RoleId
|
||||
s.DeviceName = input.DeviceName
|
||||
s.DeviceCategory = input.DeviceCategory
|
||||
s.UserName = input.UserName
|
||||
|
||||
// Don't apply a role filter if user has admin role
|
||||
results, err = models.GetSecrets(&s, u.Admin)
|
||||
user_id, err := token.ExtractTokenID(c)
|
||||
if err != nil {
|
||||
c.JSON(http.StatusBadRequest, gin.H{"error": "error determining user"})
|
||||
return
|
||||
}
|
||||
|
||||
// Work out which safe to query for this user if the safe was not specified
|
||||
safeList, err := models.UserGetSafesAllowed(int(user_id))
|
||||
|
||||
// If there was only one result then just use that
|
||||
if len(safeList) == 0 {
|
||||
// check if the user is an admin, if not then they seem to have access to zero safes
|
||||
if !models.UserCheckIfAdmin(int(user_id)) {
|
||||
c.JSON(http.StatusBadRequest, gin.H{"error": "user has no access to any secrets"})
|
||||
return
|
||||
}
|
||||
// Don't apply a role filter if user has admin role
|
||||
results, err = models.GetSecrets(&s, userIsAdmin)
|
||||
} else if len(safeList) == 1 {
|
||||
s.SafeId = safeList[0].SafeId
|
||||
userIsAdmin = safeList[0].AdminUser || safeList[0].AdminGroup
|
||||
// Don't apply a role filter if user has admin role
|
||||
results, err = models.GetSecrets(&s, userIsAdmin)
|
||||
} else {
|
||||
// TODO - this is tricky. How to query multiple safes?
|
||||
|
||||
var safeIds []int
|
||||
for _, safe := range safeList {
|
||||
safeIds = append(safeIds, safe.SafeId)
|
||||
}
|
||||
|
||||
results, err = models.SecretsGetMultipleSafes(&s, false, safeIds)
|
||||
}
|
||||
|
||||
if err != nil {
|
||||
c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
|
||||
@@ -99,18 +136,56 @@ func RetrieveSecretByDevicecategory(c *gin.Context) {
|
||||
}
|
||||
|
||||
func retrieveSpecifiedSecret(s *models.Secret, c *gin.Context) {
|
||||
// Get the user and role id of the requestor
|
||||
u, err := models.GetUserRoleFromToken(c)
|
||||
/*
|
||||
// Get the user and role id of the requestor
|
||||
u, err := models.UserGetRoleFromToken(c)
|
||||
if err != nil {
|
||||
c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
|
||||
return
|
||||
}
|
||||
s.RoleId = u.RoleId
|
||||
|
||||
results, err := models.GetSecrets(s, false)
|
||||
if err != nil {
|
||||
c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
|
||||
return
|
||||
}
|
||||
*/
|
||||
|
||||
var results []models.Secret
|
||||
var userIsAdmin = false
|
||||
user_id, err := token.ExtractTokenID(c)
|
||||
if err != nil {
|
||||
c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
|
||||
c.JSON(http.StatusBadRequest, gin.H{"error": "error determining user"})
|
||||
return
|
||||
}
|
||||
s.RoleId = u.RoleId
|
||||
|
||||
results, err := models.GetSecrets(s, false)
|
||||
if err != nil {
|
||||
c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
|
||||
return
|
||||
// Work out which safe to query for this user if the safe was not specified
|
||||
safeList, err := models.UserGetSafesAllowed(int(user_id))
|
||||
|
||||
// If there was only one result then just use that
|
||||
if len(safeList) == 0 {
|
||||
// check if the user is an admin, if not then they seem to have access to zero safes
|
||||
if !models.UserCheckIfAdmin(int(user_id)) {
|
||||
c.JSON(http.StatusBadRequest, gin.H{"error": "user has no access to any secrets"})
|
||||
return
|
||||
}
|
||||
// Don't apply a role filter if user has admin role
|
||||
results, err = models.GetSecrets(s, userIsAdmin)
|
||||
} else if len(safeList) == 1 {
|
||||
s.SafeId = safeList[0].SafeId
|
||||
userIsAdmin = safeList[0].AdminUser || safeList[0].AdminGroup
|
||||
// Don't apply a role filter if user has admin role
|
||||
results, err = models.GetSecrets(s, userIsAdmin)
|
||||
} else {
|
||||
// TODO - this is tricky. How to query multiple safes?
|
||||
|
||||
var safeIds []int
|
||||
for _, safe := range safeList {
|
||||
safeIds = append(safeIds, safe.SafeId)
|
||||
}
|
||||
|
||||
results, err = models.SecretsGetMultipleSafes(s, false, safeIds)
|
||||
}
|
||||
|
||||
if len(results) == 1 {
|
||||
@@ -125,69 +200,75 @@ func retrieveSpecifiedSecret(s *models.Secret, c *gin.Context) {
|
||||
}
|
||||
}
|
||||
func ListSecrets(c *gin.Context) {
|
||||
var results []models.Secret
|
||||
|
||||
var output []ListSecret
|
||||
// TODO implement with new schema
|
||||
/*
|
||||
var results []models.Secret
|
||||
// Get the user and role id of the requestor
|
||||
u, err := models.UserGetRoleFromToken(c)
|
||||
if err != nil {
|
||||
c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
|
||||
return
|
||||
}
|
||||
|
||||
// Get the user and role id of the requestor
|
||||
u, err := models.GetUserRoleFromToken(c)
|
||||
if err != nil {
|
||||
c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
|
||||
return
|
||||
}
|
||||
// If user is admin then list everything, otherwise only list for current role
|
||||
results, err = models.GetSecrets(&models.Secret{RoleId: u.RoleId}, u.Admin)
|
||||
|
||||
// If user is admin then list everything, otherwise only list for current role
|
||||
results, err = models.GetSecrets(&models.Secret{RoleId: u.RoleId}, u.Admin)
|
||||
if err != nil {
|
||||
c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
|
||||
return
|
||||
}
|
||||
|
||||
if err != nil {
|
||||
c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
|
||||
return
|
||||
}
|
||||
|
||||
for _, v := range results {
|
||||
output = append(output, ListSecret(v))
|
||||
}
|
||||
for _, v := range results {
|
||||
output = append(output, ListSecret(v))
|
||||
}
|
||||
*/
|
||||
// output results as json
|
||||
c.JSON(http.StatusOK, gin.H{"message": "success", "data": output})
|
||||
|
||||
}
|
||||
|
||||
func RetrieveMultpleSecrets(c *gin.Context) {
|
||||
var input RetrieveInput
|
||||
// TODO implement with new schema
|
||||
/*
|
||||
var input RetrieveInput
|
||||
|
||||
// Validate the input matches our struct
|
||||
if err := c.ShouldBindJSON(&input); err != nil {
|
||||
c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
|
||||
return
|
||||
}
|
||||
log.Printf("StoreSecret received JSON input '%v'\n", input)
|
||||
// Validate the input matches our struct
|
||||
if err := c.ShouldBindJSON(&input); err != nil {
|
||||
c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
|
||||
return
|
||||
}
|
||||
log.Printf("StoreSecret received JSON input '%v'\n", input)
|
||||
|
||||
// Get the user and role id of the requestor
|
||||
user_id, err := token.ExtractTokenID(c)
|
||||
// Get the user and role id of the requestor
|
||||
user_id, err := token.ExtractTokenID(c)
|
||||
|
||||
if err != nil {
|
||||
c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
|
||||
return
|
||||
}
|
||||
if err != nil {
|
||||
c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
|
||||
return
|
||||
}
|
||||
|
||||
u, err := models.GetUserRoleByID(user_id)
|
||||
u, err := models.GetUserRoleByID(user_id)
|
||||
|
||||
if err != nil {
|
||||
c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
|
||||
return
|
||||
}
|
||||
if err != nil {
|
||||
c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
|
||||
return
|
||||
}
|
||||
|
||||
// Populate fields
|
||||
s := models.Secret{}
|
||||
s.RoleId = u.RoleId
|
||||
s.DeviceName = input.DeviceName
|
||||
s.DeviceCategory = input.DeviceCategory
|
||||
// Populate fields
|
||||
s := models.Secret{}
|
||||
s.RoleId = u.RoleId
|
||||
s.DeviceName = input.DeviceName
|
||||
s.DeviceCategory = input.DeviceCategory
|
||||
|
||||
results, err := models.GetSecrets(&s, false)
|
||||
if err != nil {
|
||||
c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
|
||||
return
|
||||
}
|
||||
results, err := models.GetSecrets(&s, false)
|
||||
if err != nil {
|
||||
c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
|
||||
return
|
||||
}
|
||||
|
||||
// output results as json
|
||||
c.JSON(http.StatusOK, gin.H{"message": "success", "data": results})
|
||||
// output results as json
|
||||
c.JSON(http.StatusOK, gin.H{"message": "success", "data": results})
|
||||
*/
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user