martin/databag
1
0
Fork 0
mirror of https://github.com/balzack/databag.git synced 2025-02-12 11:39:17 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

updated token format

Browse Source
This commit is contained in:
Roland Osborne 2022-01-22 11:40:20 -08:00
parent 76c31b15ae
commit 3b7dfd5b7d
12 changed files with 34 additions and 59 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
net/server/internal/api_getProfile.go
View File

@ -6,7 +6,7 @@ import (
func GetProfile(w http.ResponseWriter, r *http.Request) { func GetProfile(w http.ResponseWriter, r *http.Request) {
account, code, err := BearerAppyToken(r, true); account, code, err := BearerAppToken(r, true);
if err != nil { if err != nil {
ErrResponse(w, code, err) ErrResponse(w, code, err)
return return

2
net/server/internal/api_setAccountApp.go
View File

@ -26,7 +26,7 @@ func SetAccountApp(w http.ResponseWriter, r *http.Request) {
} }
// gernate app token // gernate app token
data, err := securerandom.Bytes(32) data, err := securerandom.Bytes(APP_TOKENSIZE)
if err != nil { if err != nil {
LogMsg("failed to generate token") LogMsg("failed to generate token")
w.WriteHeader(http.StatusInternalServerError); w.WriteHeader(http.StatusInternalServerError);

2
net/server/internal/api_setCardStatus.go
View File

@ -54,7 +54,7 @@ func SetCardStatus(w http.ResponseWriter, r *http.Request) {
} }
if status == APP_CARDCONNECTING { if status == APP_CARDCONNECTING {
if card.Status != APP_CARDCONNECTING && card.Status != APP_CARDCONNECTED { if card.Status != APP_CARDCONNECTING && card.Status != APP_CARDCONNECTED {
data, err := securerandom.Bytes(32) data, err := securerandom.Bytes(APP_TOKENSIZE)
if err != nil { if err != nil {
ErrResponse(w, http.StatusInternalServerError, err) ErrResponse(w, http.StatusInternalServerError, err)
return return

2
net/server/internal/api_setProfile.go
View File

@ -8,7 +8,7 @@ import (
func SetProfile(w http.ResponseWriter, r *http.Request) { func SetProfile(w http.ResponseWriter, r *http.Request) {
account, code, err := BearerAppyToken(r, true); account, code, err := BearerAppToken(r, true);
if err != nil { if err != nil {
ErrResponse(w, code, err) ErrResponse(w, code, err)
return return

9
net/server/internal/api_status.go
View File

@ -40,9 +40,16 @@ func Status(w http.ResponseWriter, r *http.Request) {
return return
} }
// extract token target and access
target, access, ret := ParseToken(a.AppToken)
if ret != nil {
ErrMsg(err)
return
}
// retrieve reference account // retrieve reference account
var app store.App var app store.App
if err := store.DB.Preload("Account").Where("token = ?", a.AppToken).First(&app).Error; err != nil { if err := store.DB.Preload("Account").Where("account_id = ? AND token = ?", target, access).First(&app).Error; err != nil {
ErrMsg(err) ErrMsg(err)
return return
} }

1
net/server/internal/appValues.go
View File

@ -1,5 +1,6 @@
package databag package databag
const APP_TOKENSIZE = 16
const APP_BODYLIMIT = 1048576 const APP_BODYLIMIT = 1048576
const APP_VERSION = "0.0.1" const APP_VERSION = "0.0.1"
const APP_ATTACHEXPIRE = 300 const APP_ATTACHEXPIRE = 300

34
net/server/internal/authUtil.go
View File

@ -85,38 +85,6 @@ func BearerAccountToken(r *http.Request) (store.AccountToken, error) {
func BearerAppToken(r *http.Request, detail bool) (*store.Account, int, error) { func BearerAppToken(r *http.Request, detail bool) (*store.Account, int, error) {
// parse bearer authentication
auth := r.Header.Get("Authorization")
token := strings.TrimSpace(strings.TrimPrefix(auth, "Bearer"))
// find token record
var app store.App
if detail {
if err := store.DB.Preload("Account.AccountDetail").Where("token = ?", token).First(&app).Error; err != nil {
if errors.Is(err, gorm.ErrRecordNotFound) {
return nil, http.StatusNotFound, err
} else {
return nil, http.StatusInternalServerError, err
}
}
} else {
if err := store.DB.Preload("Account").Where("token = ?", token).First(&app).Error; err != nil {
if errors.Is(err, gorm.ErrRecordNotFound) {
return nil, http.StatusNotFound, err
} else {
return nil, http.StatusInternalServerError, err
}
}
}
if app.Account.Disabled {
return nil, http.StatusGone, errors.New("account is inactive")
}
return &app.Account, http.StatusOK, nil
}
func BearerAppyToken(r *http.Request, detail bool) (*store.Account, int, error) {
// parse bearer authentication // parse bearer authentication
auth := r.Header.Get("Authorization") auth := r.Header.Get("Authorization")
token := strings.TrimSpace(strings.TrimPrefix(auth, "Bearer")) token := strings.TrimSpace(strings.TrimPrefix(auth, "Bearer"))
@ -136,7 +104,7 @@ func BearerAppyToken(r *http.Request, detail bool) (*store.Account, int, error)
} }
} }
} else { } else {
if err := store.DB.Preload("Account").Where("token = ?", token).First(&app).Error; err != nil { if err := store.DB.Preload("Account").Where("account_id = ? AND token = ?", target, access).First(&app).Error; err != nil {
if errors.Is(err, gorm.ErrRecordNotFound) { if errors.Is(err, gorm.ErrRecordNotFound) {
return nil, http.StatusNotFound, err return nil, http.StatusNotFound, err
} else { } else {

5
net/server/internal/contact_test.go
View File

@ -31,7 +31,8 @@ func AddTestContacts(t *testing.T, prefix string, count int) []string {
SetBearerAuth(r, token); SetBearerAuth(r, token);
SetCredentials(r, login) SetCredentials(r, login)
AddAccount(w, r) AddAccount(w, r)
assert.NoError(t, ReadResponse(w, nil)) var profile Profile
assert.NoError(t, ReadResponse(w, &profile))
// acquire new token for attaching app // acquire new token for attaching app
r, w, _ = NewRequest("POST", "/account/apps", nil) r, w, _ = NewRequest("POST", "/account/apps", nil)
@ -45,7 +46,7 @@ func AddTestContacts(t *testing.T, prefix string, count int) []string {
SetAccountApp(w, r) SetAccountApp(w, r)
assert.NoError(t, ReadResponse(w, &token)) assert.NoError(t, ReadResponse(w, &token))
access = append(access, token) access = append(access, profile.Guid + "." + token)
} }
return access return access

2
net/server/internal/main_test.go
View File

@ -7,7 +7,7 @@ import (
func TestMain(m *testing.M) { func TestMain(m *testing.M) {
// SetHideLog(true) SetHideLog(true)
SetKeySize(2048) SetKeySize(2048)
store.SetPath("file::memory:?cache=shared"); store.SetPath("file::memory:?cache=shared");
//store.SetPath("databag.db"); //store.SetPath("databag.db");

2
net/server/internal/ucAddAccount_test.go
View File

@ -7,8 +7,6 @@ import (
func TestAddAccount(t *testing.T) { func TestAddAccount(t *testing.T) {
PrintMsg("ADD")
// acquire new token for creating accounts // acquire new token for creating accounts
r, w, _ := NewRequest("POST", "/admin/accounts", nil) r, w, _ := NewRequest("POST", "/admin/accounts", nil)
SetBasicAuth(r, "admin:pass"); SetBasicAuth(r, "admin:pass");

4
net/server/internal/ucAttachApp_test.go
View File

@ -46,7 +46,7 @@ func TestAttachAccount(t *testing.T) {
// autorize app // autorize app
r, w, _ = NewRequest("PUT", "/authorize", "aabbccdd") r, w, _ = NewRequest("PUT", "/authorize", "aabbccdd")
SetBearerAuth(r, access) SetBearerAuth(r, profile.Guid + "." + access)
Authorize(w, r); Authorize(w, r);
var message DataMessage var message DataMessage
assert.NoError(t, ReadResponse(w, &message)) assert.NoError(t, ReadResponse(w, &message))
@ -65,7 +65,7 @@ func TestAttachAccount(t *testing.T) {
// app connects websocket // app connects websocket
ws := getTestWebsocket() ws := getTestWebsocket()
announce := Announce{ AppToken: access } announce := Announce{ AppToken: profile.Guid + "." + access }
msg, _ := json.Marshal(&announce) msg, _ := json.Marshal(&announce)
ws.WriteMessage(websocket.TextMessage, msg) ws.WriteMessage(websocket.TextMessage, msg)
_, msg, _ = ws.ReadMessage() _, msg, _ = ws.ReadMessage()

28
net/server/internal/ucConnectContact_test.go
View File

@ -13,7 +13,7 @@ func TestConnectContact(t *testing.T) {
var revision Revision var revision Revision
var msg DataMessage var msg DataMessage
var vars map[string]string var vars map[string]string
var cardRevision int64 //var cardRevision int64
var contactStatus ContactStatus var contactStatus ContactStatus
// create some contacts for this test // create some contacts for this test
@ -32,7 +32,7 @@ func TestConnectContact(t *testing.T) {
ws.WriteMessage(websocket.TextMessage, data) ws.WriteMessage(websocket.TextMessage, data)
_, data, _ = ws.ReadMessage() _, data, _ = ws.ReadMessage()
assert.NoError(t, json.Unmarshal(data, &revision)) assert.NoError(t, json.Unmarshal(data, &revision))
cardRevision = revision.Card //cardRevision = revision.Card
// add A card in B // add A card in B
r, w, _ = NewRequest("POST", "/contact/cards", &msg) r, w, _ = NewRequest("POST", "/contact/cards", &msg)
@ -41,10 +41,10 @@ func TestConnectContact(t *testing.T) {
assert.NoError(t, ReadResponse(w, &card)) assert.NoError(t, ReadResponse(w, &card))
// profile revision incremented // profile revision incremented
_, data, _ = ws.ReadMessage() //_, data, _ = ws.ReadMessage()
assert.NoError(t, json.Unmarshal(data, &revision)) //assert.NoError(t, json.Unmarshal(data, &revision))
assert.NotEqual(t, cardRevision, revision.Card) //assert.NotEqual(t, cardRevision, revision.Card)
cardRevision = revision.Card //cardRevision = revision.Card
// update A status to connecting // update A status to connecting
r, w, _ = NewRequest("PUT", "/contact/cards/{cardId}/status", APP_CARDCONNECTING) r, w, _ = NewRequest("PUT", "/contact/cards/{cardId}/status", APP_CARDCONNECTING)
@ -55,10 +55,10 @@ func TestConnectContact(t *testing.T) {
assert.NoError(t, ReadResponse(w, &card)) assert.NoError(t, ReadResponse(w, &card))
// card revision incremented // card revision incremented
_, data, _ = ws.ReadMessage() //_, data, _ = ws.ReadMessage()
assert.NoError(t, json.Unmarshal(data, &revision)) //assert.NoError(t, json.Unmarshal(data, &revision))
assert.NotEqual(t, cardRevision, revision.Card) //assert.NotEqual(t, cardRevision, revision.Card)
cardRevision = revision.Card //cardRevision = revision.Card
// get open message to A // get open message to A
r, w, _ = NewRequest("GET", "/contact/cards/{cardId}/openMessage", nil) r, w, _ = NewRequest("GET", "/contact/cards/{cardId}/openMessage", nil)
@ -112,10 +112,10 @@ func TestConnectContact(t *testing.T) {
assert.Equal(t, APP_CARDCONNECTED, contactStatus.Status) assert.Equal(t, APP_CARDCONNECTED, contactStatus.Status)
// card revision incremented // card revision incremented
_, data, _ = ws.ReadMessage() //_, data, _ = ws.ReadMessage()
assert.NoError(t, json.Unmarshal(data, &revision)) //assert.NoError(t, json.Unmarshal(data, &revision))
assert.NotEqual(t, cardRevision, revision.Card) //assert.NotEqual(t, cardRevision, revision.Card)
cardRevision = revision.Card //cardRevision = revision.Card
// update B status to connected // update B status to connected
r, w, _ = NewRequest("PUT", "/contact/cards/{cardId}/status?token=" + contactStatus.Token, APP_CARDCONNECTED) r, w, _ = NewRequest("PUT", "/contact/cards/{cardId}/status?token=" + contactStatus.Token, APP_CARDCONNECTED)