216 lines
5.4 KiB
Go
216 lines
5.4 KiB
Go
package apis
|
|
|
|
import (
|
|
"clortho/lib/db"
|
|
"clortho/lib/keys"
|
|
"github.com/gin-gonic/gin"
|
|
"net/http"
|
|
"strconv"
|
|
)
|
|
|
|
type keyRequest struct {
|
|
Content string `json:"content" binding:"required"`
|
|
Name string `json:"name" binding:"required"`
|
|
UserID uint `json:"userId" binding:"required"`
|
|
}
|
|
|
|
func InitKeysEndpoints(r *gin.RouterGroup) {
|
|
group := r.Group("/keys")
|
|
group.Use(LoggedInMiddleware())
|
|
group.GET("/", getKeys)
|
|
group.GET("/:id", getKey)
|
|
group.POST("/", AdminMiddleware(), createKey)
|
|
group.PUT("/:id", AdminMiddleware(), updateKey)
|
|
group.DELETE("/:id", AdminMiddleware(), deleteKey)
|
|
|
|
// Endpoints for user keys
|
|
r.GET("/users/:userId/keys", getUserKeys)
|
|
r.POST("/users/:userId/keys", AdminMiddleware(), createUserKey)
|
|
}
|
|
|
|
// KeyOwnerOrAdminMiddleware checks if the current user is the owner of the key or an admin
|
|
func KeyOwnerOrAdminMiddleware() gin.HandlerFunc {
|
|
return func(c *gin.Context) {
|
|
// Get the current user from the session
|
|
sessionInterface, _ := c.Get("session")
|
|
session := sessionInterface.(*db.UserSession)
|
|
userID := session.User.ID
|
|
|
|
// Get the key ID from the URL parameter
|
|
keyID, err := strconv.ParseUint(c.Param("id"), 10, 32)
|
|
if err != nil {
|
|
c.JSON(http.StatusBadRequest, gin.H{"error": "Invalid key ID"})
|
|
c.Abort()
|
|
return
|
|
}
|
|
|
|
// Check if the user can access the key
|
|
canAccess, err := keys.CanAccessKey(userID, uint(keyID))
|
|
if err != nil {
|
|
c.JSON(http.StatusNotFound, gin.H{"error": "Key not found"})
|
|
c.Abort()
|
|
return
|
|
}
|
|
|
|
if !canAccess {
|
|
c.JSON(http.StatusForbidden, gin.H{"error": "You don't have permission to access this key"})
|
|
c.Abort()
|
|
return
|
|
}
|
|
|
|
c.Next()
|
|
}
|
|
}
|
|
|
|
func getKeys(c *gin.Context) {
|
|
// Get the current user from the session
|
|
sessionInterface, _ := c.Get("session")
|
|
session := sessionInterface.(*db.UserSession)
|
|
|
|
// If the user is an admin, return all keys
|
|
if session.User.Admin {
|
|
keyList := keys.GetKeys()
|
|
c.JSON(http.StatusOK, keyList)
|
|
return
|
|
}
|
|
|
|
// Otherwise, return only the user's keys
|
|
keyList := keys.GetKeysByUser(session.User.ID)
|
|
c.JSON(http.StatusOK, keyList)
|
|
}
|
|
|
|
func getUserKeys(c *gin.Context) {
|
|
// Get the current user from the session
|
|
sessionInterface, _ := c.Get("session")
|
|
session := sessionInterface.(*db.UserSession)
|
|
|
|
// Get the user ID from the URL parameter
|
|
userID, err := strconv.ParseUint(c.Param("userId"), 10, 32)
|
|
if err != nil {
|
|
c.JSON(http.StatusBadRequest, gin.H{"error": "Invalid user ID"})
|
|
return
|
|
}
|
|
|
|
// If the user is not an admin and not the owner, return forbidden
|
|
if !session.User.Admin && session.User.ID != uint(userID) {
|
|
c.JSON(http.StatusForbidden, gin.H{"error": "You don't have permission to access these keys"})
|
|
return
|
|
}
|
|
|
|
// Get the keys for the specified user
|
|
keyList := keys.GetKeysByUser(uint(userID))
|
|
c.JSON(http.StatusOK, keyList)
|
|
}
|
|
|
|
func getKey(c *gin.Context) {
|
|
// Use the KeyOwnerOrAdminMiddleware to check access
|
|
KeyOwnerOrAdminMiddleware()(c)
|
|
if c.IsAborted() {
|
|
return
|
|
}
|
|
|
|
// Get the key ID from the URL parameter
|
|
keyID, _ := strconv.ParseUint(c.Param("id"), 10, 32)
|
|
|
|
// Get the key
|
|
key, err := keys.GetKey(uint(keyID))
|
|
if err != nil {
|
|
c.JSON(http.StatusNotFound, gin.H{"error": "Key not found"})
|
|
return
|
|
}
|
|
|
|
c.JSON(http.StatusOK, key)
|
|
}
|
|
|
|
func createKey(c *gin.Context) {
|
|
var req keyRequest
|
|
if err := c.BindJSON(&req); err != nil {
|
|
c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
|
|
return
|
|
}
|
|
|
|
// Create the key
|
|
key, err := keys.CreateKey(req.UserID, req.Name, req.Content)
|
|
if err != nil {
|
|
c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
|
|
return
|
|
}
|
|
|
|
c.JSON(http.StatusCreated, key)
|
|
}
|
|
|
|
func updateKey(c *gin.Context) {
|
|
// Use the KeyOwnerOrAdminMiddleware to check access
|
|
KeyOwnerOrAdminMiddleware()(c)
|
|
if c.IsAborted() {
|
|
return
|
|
}
|
|
|
|
// Get the key ID from the URL parameter
|
|
keyID, _ := strconv.ParseUint(c.Param("id"), 10, 32)
|
|
|
|
var req keyRequest
|
|
if err := c.BindJSON(&req); err != nil {
|
|
c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
|
|
return
|
|
}
|
|
|
|
// Update the key
|
|
key, err := keys.UpdateKey(uint(keyID), req.Name, req.Content)
|
|
if err != nil {
|
|
c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
|
|
return
|
|
}
|
|
|
|
c.JSON(http.StatusOK, key)
|
|
}
|
|
|
|
func deleteKey(c *gin.Context) {
|
|
// Use the KeyOwnerOrAdminMiddleware to check access
|
|
KeyOwnerOrAdminMiddleware()(c)
|
|
if c.IsAborted() {
|
|
return
|
|
}
|
|
|
|
// Get the key ID from the URL parameter
|
|
keyID, _ := strconv.ParseUint(c.Param("id"), 10, 32)
|
|
|
|
// Delete the key
|
|
err := keys.DeleteKey(uint(keyID))
|
|
if err != nil {
|
|
c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
|
|
return
|
|
}
|
|
|
|
c.JSON(http.StatusOK, gin.H{"message": "Key deleted successfully"})
|
|
}
|
|
|
|
// createUserKey creates a new key for a specific user
|
|
func createUserKey(c *gin.Context) {
|
|
// Get the user ID from the URL parameter
|
|
userID, err := strconv.ParseUint(c.Param("userId"), 10, 32)
|
|
if err != nil {
|
|
c.JSON(http.StatusBadRequest, gin.H{"error": "Invalid user ID"})
|
|
return
|
|
}
|
|
|
|
// Parse the request body
|
|
var req struct {
|
|
Content string `json:"content" binding:"required"`
|
|
Name string `json:"name" binding:"required"`
|
|
}
|
|
if err := c.BindJSON(&req); err != nil {
|
|
c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
|
|
return
|
|
}
|
|
|
|
// Create the key
|
|
key, err := keys.CreateKey(uint(userID), req.Name, req.Content)
|
|
if err != nil {
|
|
c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
|
|
return
|
|
}
|
|
|
|
c.JSON(http.StatusCreated, key)
|
|
}
|