new schema initial commit
All checks were successful
continuous-integration/drone/push Build is passing
All checks were successful
continuous-integration/drone/push Build is passing
This commit is contained in:
115
models/secret.go
115
models/secret.go
@@ -6,16 +6,19 @@ import (
|
||||
"crypto/rand"
|
||||
"encoding/hex"
|
||||
"errors"
|
||||
"fmt"
|
||||
"io"
|
||||
"log"
|
||||
"strings"
|
||||
|
||||
"github.com/jmoiron/sqlx"
|
||||
)
|
||||
|
||||
// We use the json:"-" field tag to prevent showing these details to the user
|
||||
type Secret struct {
|
||||
SecretId int `db:"SecretId" json:"-"`
|
||||
RoleId int `db:"RoleId" json:"-"`
|
||||
SecretId int `db:"SecretId" json:"-"`
|
||||
//RoleId int `db:"RoleId" json:"-"`
|
||||
SafeId int `db:"SafeId"`
|
||||
DeviceName string `db:"DeviceName"`
|
||||
DeviceCategory string `db:"DeviceCategory"`
|
||||
UserName string `db:"UserName"`
|
||||
@@ -29,7 +32,7 @@ func (s *Secret) SaveSecret() (*Secret, error) {
|
||||
var err error
|
||||
|
||||
log.Printf("SaveSecret storing values '%v'\n", s)
|
||||
result, err := db.NamedExec((`INSERT INTO secrets (RoleId, DeviceName, DeviceCategory, UserName, Secret) VALUES (:RoleId, :DeviceName, :DeviceCategory, :UserName, :Secret)`), s)
|
||||
result, err := db.NamedExec((`INSERT INTO secrets (SafeId, DeviceName, DeviceCategory, UserName, Secret) VALUES (:SafeId, :DeviceName, :DeviceCategory, :UserName, :Secret)`), s)
|
||||
|
||||
if err != nil {
|
||||
log.Printf("StoreSecret error executing sql record : '%s'\n", err)
|
||||
@@ -43,6 +46,96 @@ func (s *Secret) SaveSecret() (*Secret, error) {
|
||||
return s, nil
|
||||
}
|
||||
|
||||
// TODO - use this function when user has access to multiple safes
|
||||
func SecretsGetMultipleSafes(s *Secret, adminRole bool, safeIds []int) ([]Secret, error) {
|
||||
var err error
|
||||
var secretResults []Secret
|
||||
|
||||
/*
|
||||
// First use an "In Query" to expand the list of safe Ids to query
|
||||
// As per https://jmoiron.github.io/sqlx/#inQueries
|
||||
|
||||
query, args, _ := sqlx.In("SELECT * FROM secrets WHERE DeviceName LIKE ? AND DeviceCategory LIKE ? AND UserName = ? and SafeId IN (?);", s.DeviceName, s.DeviceCategory, s.UserName, safeIds)
|
||||
|
||||
// sqlx.In returns queries with the `?` bindvar, we can rebind it for our backend
|
||||
query = db.Rebind(query)
|
||||
rows, err := db.Queryx(query, args)
|
||||
*/
|
||||
|
||||
// Generate placeholders for the IN clause to match multiple SafeId values
|
||||
placeholders := make([]string, len(safeIds))
|
||||
for i := range safeIds {
|
||||
placeholders[i] = "?"
|
||||
}
|
||||
placeholderStr := strings.Join(placeholders, ",")
|
||||
|
||||
query := fmt.Sprintf("SELECT * FROM secrets WHERE SafeId IN (%s) ", placeholderStr)
|
||||
args := []interface{}{}
|
||||
|
||||
// Add the Safe Ids
|
||||
for _, g := range safeIds {
|
||||
args = append(args, g)
|
||||
}
|
||||
|
||||
// Add any other parameters
|
||||
if s.DeviceName != "" {
|
||||
query += " AND DeviceName LIKE ? "
|
||||
args = append(args, s.DeviceName)
|
||||
}
|
||||
|
||||
if s.DeviceCategory != "" {
|
||||
query += " AND DeviceCategory LIKE ? "
|
||||
args = append(args, s.DeviceCategory)
|
||||
}
|
||||
|
||||
if s.UserName != "" {
|
||||
query += " AND UserName LIKE ? "
|
||||
args = append(args, s.UserName)
|
||||
}
|
||||
|
||||
/*
|
||||
// Construct the query
|
||||
query := fmt.Sprintf("SELECT * FROM users WHERE username = ? AND group IN (%s)", placeholderStr)
|
||||
args := make([]interface{}, 0, len(groups)+1)
|
||||
args = append(args, username)
|
||||
for _, g := range safeIds {
|
||||
args = append(args, g)
|
||||
}
|
||||
*/
|
||||
|
||||
// Execute the query
|
||||
rows, err := db.Queryx(query, args...)
|
||||
|
||||
if err != nil {
|
||||
log.Printf("SecretsGetMultipleSafes error executing sql record : '%s'\n", err)
|
||||
return secretResults, err
|
||||
} else {
|
||||
// parse all the results into a slice
|
||||
for rows.Next() {
|
||||
var r Secret
|
||||
err = rows.StructScan(&r)
|
||||
if err != nil {
|
||||
log.Printf("SecretsGetMultipleSafes error parsing sql record : '%s'\n", err)
|
||||
return secretResults, err
|
||||
}
|
||||
|
||||
// Decrypt the secret
|
||||
_, err = r.DecryptSecret()
|
||||
if err != nil {
|
||||
//log.Printf("GetSecret unable to decrypt stored secret '%v' : '%s'\n", r.Secret, err)
|
||||
log.Printf("SecretsGetMultipleSafes unable to decrypt stored secret : '%s'\n", err)
|
||||
return secretResults, err
|
||||
} else {
|
||||
secretResults = append(secretResults, r)
|
||||
}
|
||||
|
||||
}
|
||||
log.Printf("SecretsGetMultipleSafes retrieved '%d' results\n", len(secretResults))
|
||||
}
|
||||
|
||||
return secretResults, nil
|
||||
}
|
||||
|
||||
// Returns all matching secrets, up to caller to determine how to deal with multiple results
|
||||
func GetSecrets(s *Secret, adminRole bool) ([]Secret, error) {
|
||||
var err error
|
||||
@@ -79,21 +172,21 @@ func GetSecrets(s *Secret, adminRole bool) ([]Secret, error) {
|
||||
// Determine whether to query for a specific device or a category of devices
|
||||
// Prefer querying device name than category
|
||||
if s.DeviceName != "" && s.DeviceCategory != "" && s.UserName != "" {
|
||||
rows, err = db.Queryx("SELECT * FROM secrets WHERE DeviceName LIKE ? AND DeviceCategory LIKE ? AND UserName = ? AND RoleId = ?", s.DeviceName, s.DeviceCategory, s.UserName, s.RoleId)
|
||||
rows, err = db.Queryx("SELECT * FROM secrets WHERE DeviceName LIKE ? AND DeviceCategory LIKE ? AND UserName = ? AND SafeId = ?", s.DeviceName, s.DeviceCategory, s.UserName, s.SafeId)
|
||||
} else if s.DeviceName != "" && s.UserName != "" {
|
||||
rows, err = db.Queryx("SELECT * FROM secrets WHERE DeviceName LIKE ? AND UserName = ? AND RoleId = ?", s.DeviceName, s.UserName, s.RoleId)
|
||||
rows, err = db.Queryx("SELECT * FROM secrets WHERE DeviceName LIKE ? AND UserName = ? AND SafeId = ?", s.DeviceName, s.UserName, s.SafeId)
|
||||
} else if s.DeviceCategory != "" && s.UserName != "" {
|
||||
rows, err = db.Queryx("SELECT * FROM secrets WHERE DeviceCategory LIKE ? AND UserName = ? AND RoleId = ?", s.DeviceCategory, s.UserName, s.RoleId)
|
||||
rows, err = db.Queryx("SELECT * FROM secrets WHERE DeviceCategory LIKE ? AND UserName = ? AND SafeId = ?", s.DeviceCategory, s.UserName, s.SafeId)
|
||||
} else if s.DeviceName != "" && s.DeviceCategory != "" {
|
||||
rows, err = db.Queryx("SELECT * FROM secrets WHERE DeviceName LIKE ? AND DeviceCategory LIKE ? AND RoleId = ?", s.DeviceName, s.DeviceCategory, s.RoleId)
|
||||
rows, err = db.Queryx("SELECT * FROM secrets WHERE DeviceName LIKE ? AND DeviceCategory LIKE ? AND SafeId = ?", s.DeviceName, s.DeviceCategory, s.SafeId)
|
||||
} else if s.DeviceName != "" {
|
||||
rows, err = db.Queryx("SELECT * FROM secrets WHERE DeviceName LIKE ? AND RoleId = ?", s.DeviceName, s.RoleId)
|
||||
rows, err = db.Queryx("SELECT * FROM secrets WHERE DeviceName LIKE ? AND SafeId = ?", s.DeviceName, s.SafeId)
|
||||
} else if s.DeviceCategory != "" {
|
||||
rows, err = db.Queryx("SELECT * FROM secrets WHERE DeviceCategory LIKE ? AND RoleId = ?", s.DeviceCategory, s.RoleId)
|
||||
rows, err = db.Queryx("SELECT * FROM secrets WHERE DeviceCategory LIKE ? AND SafeId = ?", s.DeviceCategory, s.SafeId)
|
||||
} else if s.UserName != "" {
|
||||
rows, err = db.Queryx("SELECT * FROM secrets WHERE UserName LIKE ? AND RoleId = ?", s.UserName, s.RoleId)
|
||||
rows, err = db.Queryx("SELECT * FROM secrets WHERE UserName LIKE ? AND SafeId = ?", s.UserName, s.SafeId)
|
||||
} else {
|
||||
rows, err = db.Queryx("SELECT * FROM secrets WHERE RoleId = ?", s.RoleId)
|
||||
rows, err = db.Queryx("SELECT * FROM secrets WHERE RoleId = ?", s.SafeId)
|
||||
//log.Printf("GetSecret no valid search options specified\n")
|
||||
//err = errors.New("no valid search options specified")
|
||||
//return secretResults, err
|
||||
|
||||
Reference in New Issue
Block a user