nathan/smt
1
0
Fork 0
Code Issues 4 Pull Requests Packages Projects Releases 2 Wiki Activity
Files
69a25fbb094ce3009ac7822cc077e1b9ab778db4
smt/controllers/retrieveSecrets.go
Nathan Coad 69a25fbb09
All checks were successful
continuous-integration/drone/push Build is passing
Details
add username to secret retrieve audit log
2024-01-23 11:48:11 +11:00

280 lines
7.0 KiB
Go
Raw Blame History

package controllers
import (
"fmt"
"log"
"net/http"
"smt/models"
"time"
"github.com/gin-gonic/gin"
)
type RetrieveInput struct {
SecretId int `json:"secretId"`
DeviceName string `json:"deviceName"`
DeviceCategory string `json:"deviceCategory"`
UserName string `json:"userName"`
SafeId int `json:"safeId"`
SafeName string `json:"safeName"`
}
type ListSecret struct {
SecretId int `db:"SecretId" json:"secretId"`
SafeId int `db:"SafeId" json:"safeId"`
DeviceName string `db:"DeviceName" json:"deviceName"`
DeviceCategory string `db:"DeviceCategory" json:"deviceCategory"`
UserName string `db:"UserName" json:"userName"`
Secret string `db:"Secret" json:"-"`
LastUpdated time.Time `db:"LastUpdated" json:"lastUpdated"`
}
func RetrieveSecret(c *gin.Context) {
var input RetrieveInput
//var results []models.Secret
//var userIsAdmin bool = false
// Validate the input matches our struct
if err := c.ShouldBindJSON(&input); err != nil {
c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
return
}
log.Printf("RetrieveSecret received JSON input '%v'\n", input)
/*
// Get the user and role id of the requestor
u, err := models.UserGetRoleFromToken(c)
if err != nil {
c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
return
}
*/
// Populate fields
s := models.Secret{}
s.DeviceName = input.DeviceName
s.DeviceCategory = input.DeviceCategory
s.UserName = input.UserName
if input.SecretId > 0 {
s.SecretId = input.SecretId
}
retrieveSpecifiedSecret(&s, c)
}
func RetrieveSecretByDevicename(c *gin.Context) {
DeviceName := c.Param("devicename")
if DeviceName == "" {
c.JSON(http.StatusBadRequest, gin.H{"error": "no devicename value specified"})
return
}
// Create object based on specified data
s := models.Secret{DeviceName: DeviceName}
//s.DeviceName = DeviceName
retrieveSpecifiedSecret(&s, c)
}
func RetrieveSecretByDevicecategory(c *gin.Context) {
DeviceCategory := c.Param("devicecategory")
if DeviceCategory == "" {
c.JSON(http.StatusBadRequest, gin.H{"error": "no devicecategory value specified"})
return
}
// Create object based on specified data
s := models.Secret{DeviceCategory: DeviceCategory}
retrieveSpecifiedSecret(&s, c)
}
func RetrieveSecretByUsername(c *gin.Context) {
userName := c.Param("username")
if userName == "" {
c.JSON(http.StatusBadRequest, gin.H{"error": "no username value specified"})
return
}
// Create object based on specified data
s := models.Secret{UserName: userName}
retrieveSpecifiedSecret(&s, c)
}
func retrieveSpecifiedSecret(s *models.Secret, c *gin.Context) {
var UserId int
var results []models.Secret
// Get userId that we stored in the context earlier
if val, ok := c.Get("user-id"); !ok {
c.JSON(http.StatusBadRequest, gin.H{"error": "error determining user"})
return
} else {
UserId = val.(int)
}
// Work out which safe to query for this user if the safe was not specified
safeList, err := models.UserGetSafesAllowed(int(UserId))
if err != nil {
c.JSON(http.StatusBadRequest, gin.H{"error": "error determining user safes"})
return
}
// If there was only one result then just use that
if len(safeList) == 0 {
errString := "no matching secret or user has no access to specified secret"
log.Printf("retrieveSpecifiedSecret %s\n", errString)
c.JSON(http.StatusBadRequest, gin.H{"error": errString})
return
} else if len(safeList) == 1 {
s.SafeId = safeList[0].SafeId
results, err = models.SecretsGetFromMultipleSafes(s, []int{s.SafeId})
} else {
// Create a list of all the safes this user can access
var safeIds []int
for _, safe := range safeList {
safeIds = append(safeIds, safe.SafeId)
}
results, err = models.SecretsGetFromMultipleSafes(s, safeIds)
}
if err != nil {
c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
return
}
if len(results) == 0 {
c.JSON(http.StatusBadRequest, gin.H{"error": "found no matching secrets"})
return
}
// Create audit record for results
for i := range results {
a := models.Audit{
UserId: UserId,
SecretId: results[i].SecretId,
IpAddress: c.ClientIP(),
EventText: fmt.Sprintf("User %s retrieved Secret Id %d", results[0].UserName, results[i].SecretId),
}
a.AuditLogAdd()
}
// output results as json
c.JSON(http.StatusOK, gin.H{"message": "success", "data": results, "count": len(results)})
/*
if len(results) == 1 {
// Create audit record
a := models.Audit{
UserId: UserId,
SecretId: results[0].SecretId,
IpAddress: c.ClientIP(),
EventText: fmt.Sprintf("Retrieved Secret Id %d", results[0].SecretId),
}
a.AuditLogAdd()
// output results as json
c.JSON(http.StatusOK, gin.H{"message": "success", "data": results})
} else if len(results) > 1 {
c.JSON(http.StatusBadRequest, gin.H{"error": "found multiple matching secrets"})
return
} else {
c.JSON(http.StatusBadRequest, gin.H{"error": "found no matching secrets"})
return
}
*/
}
func ListSecrets(c *gin.Context) {
var UserId int
var output []ListSecret
//var results []models.Secret
s := models.Secret{}
// Get userId that we stored in the context earlier
if val, ok := c.Get("user-id"); !ok {
c.JSON(http.StatusBadRequest, gin.H{"error": "error determining user"})
return
} else {
UserId = val.(int)
}
secretList, err := models.SecretsGetAllowed(&s, UserId)
if err != nil {
errString := fmt.Sprintf("error getting allowed secrets : '%s'", err)
log.Printf("ListSecrets %s\n", errString)
c.JSON(http.StatusBadRequest, gin.H{"error": errString})
return
}
// Extract the normal secret fields from the allowed list
for _, secret := range secretList {
output = append(output, ListSecret(secret.Secret))
}
// Create audit record
a := models.Audit{
UserId: UserId,
IpAddress: c.ClientIP(),
EventText: fmt.Sprintf("Listed %d secrets accessible to user", len(output)),
}
a.AuditLogAdd()
// output results as json
c.JSON(http.StatusOK, gin.H{"message": "success", "data": output})
}
func RetrieveMultpleSecrets(c *gin.Context) {
// TODO implement with new schema
/*
var input RetrieveInput
// Validate the input matches our struct
if err := c.ShouldBindJSON(&input); err != nil {
c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
return
}
log.Printf("StoreSecret received JSON input '%v'\n", input)
// Get the user and role id of the requestor
user_id, err := token.ExtractTokenID(c)
if err != nil {
c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
return
}
u, err := models.GetUserRoleByID(user_id)
if err != nil {
c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
return
}
// Populate fields
s := models.Secret{}
s.RoleId = u.RoleId
s.DeviceName = input.DeviceName
s.DeviceCategory = input.DeviceCategory
results, err := models.GetSecrets(&s, false)
if err != nil {
c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
return
}
// output results as json
c.JSON(http.StatusOK, gin.H{"message": "success", "data": results})
*/
}
Reference in New Issue View Git Blame Copy Permalink