nathan/smt
1
0
Fork 0
Code Issues 4 Pull Requests Packages Projects Releases 2 Wiki Activity
Files
5cc67501d3583f085867d4ff4befff8d985162d1
smt/controllers/store_secrets.go

165 lines
4.2 KiB
Go
Raw Blame History

package controllers
import (
"ccsecrets/models"
"errors"
"log"
"net/http"
"github.com/gin-gonic/gin"
)
// bindings are validated by https://github.com/go-playground/validator
type StoreInput struct {
RoleId int `json:"roleId"`
DeviceName string `json:"deviceName"`
DeviceCategory string `json:"deviceCategory"`
UserName string `json:"userName" binding:"required"`
SecretValue string `json:"secretValue" binding:"required"`
}
func StoreSecret(c *gin.Context) {
var err error
var input StoreInput
if err := c.ShouldBindJSON(&input); err != nil {
c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
return
}
log.Printf("StoreSecret received JSON input '%v'\n", input)
// Populate fields
s := models.Secret{}
s.UserName = input.UserName
s.DeviceName = input.DeviceName
s.DeviceCategory = input.DeviceCategory
// Default role ID is 1 if not defined
if input.RoleId != 0 {
s.RoleId = input.RoleId
} else {
s.RoleId = 1
}
if input.DeviceCategory == "" && input.DeviceName == "" {
c.JSON(http.StatusBadRequest, gin.H{"error": "cannot store secret with empty deviceName and empty deviceCategory"})
return
}
// If this secret already exists in the database then generate an error
checkExists, err := models.GetSecrets(&s)
if err != nil {
c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
return
}
if len(checkExists) > 0 {
log.Printf("StoreSecret not storing secret with '%d' already matching secrets.\n", len(checkExists))
c.JSON(http.StatusBadRequest, gin.H{"error": "StoreSecret attempting to store secret already defined. API calls for update/delete don't yet exist"})
return
}
// Encrypt secret
s.Secret = input.SecretValue
_, err = s.EncryptSecret()
if err != nil {
c.JSON(http.StatusBadRequest, gin.H{"Error encrypting secret": err.Error()})
return
}
_, err = s.SaveSecret()
if err != nil {
c.JSON(http.StatusBadRequest, gin.H{"Error saving secret": err.Error()})
return
}
c.JSON(http.StatusOK, gin.H{"message": "secret stored successfully"})
}
func UpdateSecret(c *gin.Context) {
var err error
var input StoreInput
if err := c.ShouldBindJSON(&input); err != nil {
c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
return
}
log.Printf("UpdateSecret received JSON input '%v'\n", input)
// Get the user and role id of the requestor
u, err := models.GetUserRoleFromToken(c)
if err != nil {
c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
return
}
// Verify that the user role is not readonly
if u.ReadOnly {
c.JSON(http.StatusForbidden, gin.H{"error": "user role does not permit updates"})
return
}
// Populate fields
s := models.Secret{}
s.UserName = input.UserName
s.DeviceName = input.DeviceName
s.DeviceCategory = input.DeviceCategory
// Default role ID is 1 if not defined
if input.RoleId != 0 {
s.RoleId = input.RoleId
} else {
s.RoleId = 1
}
// Confirm that the secret already exists
checkExists, err := models.GetSecrets(&s)
if err != nil {
c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
return
}
if len(checkExists) == 0 {
err = errors.New("UpdateSecret could not find existing secret to update")
c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
return
} else if len(checkExists) == 1 {
// Set the secret id with the one retrieved from the database
s.SecretId = checkExists[0].SecretId
// check for empty fields in the update request and update from the existing record
if s.UserName == "" {
s.UserName = checkExists[0].UserName
}
if s.DeviceCategory == "" {
s.DeviceCategory = checkExists[0].DeviceCategory
}
if s.DeviceName == "" {
s.DeviceName = checkExists[0].DeviceName
}
// Encrypt secret
s.Secret = input.SecretValue
_, err = s.EncryptSecret()
if err != nil {
c.JSON(http.StatusBadRequest, gin.H{"Error encrypting secret": err.Error()})
return
}
_, err = s.UpdateSecret()
if err != nil {
c.JSON(http.StatusBadRequest, gin.H{"Error saving secret": err.Error()})
return
}
c.JSON(http.StatusOK, gin.H{"message": "secret updated successfully"})
} else {
err = errors.New("UpdateSecret found multiple secrets matching input data, be more specific")
c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
return
}
}
Reference in New Issue View Git Blame Copy Permalink