From 3c3771ece4723d471e75e14bb32f2c2631dc0424 Mon Sep 17 00:00:00 2001
From: Roland Osborne <rolandosborne@gmail.com>
Date: Sat, 19 Mar 2022 23:01:18 -0700
Subject: [PATCH] moving profile to token based auth

---
 doc/api.oa3                           | 66 +++++++++++++--------------
 net/server/internal/api_getProfile.go |  3 +-
 net/server/internal/testApp.go        | 21 +++++++++
 net/server/internal/testUtil.go       | 16 +++++++
 4 files changed, 70 insertions(+), 36 deletions(-)

diff --git a/doc/api.oa3 b/doc/api.oa3
index 1f9b4e5e..ebe47733 100644
--- a/doc/api.oa3
+++ b/doc/api.oa3
@@ -464,29 +464,6 @@ paths:
         '500':
           description: internal server error
                 
-  /account/profile/image:
-    get:
-      tags:
-        - account
-      description: Get profile image. Access granted to account's username and password
-      operationId: get-account-image
-      security:
-        - basicAuth: []
-      responses: 
-        '200':
-          description: success
-          content:
-            application/octet-stream: # content specific
-              schema:
-                type: string
-                format: binary
-        '401':
-          description: permission denied
-        '405':
-          description: invalid image
-        '500':
-          description: internal server error
-          
   /account/assets/{assetId}:
     get:
       tags:
@@ -700,8 +677,13 @@ paths:
         - profile
       description: Get profile of accunt. Access granted to app token of account holder.
       operationId: get-profile
-      security:
-        - bearerAuth: []
+      parameters:
+        - name: agent
+          in: query
+          description: agent token
+          required: false
+          schema:
+            type: string
       responses:
         '200':
           description: success
@@ -722,8 +704,13 @@ paths:
         - profile
       description: Set profile data. Access granted to app tokens of account holder.
       operationId: set-profile
-      security:
-        - bearerAuth: []
+      parameters:
+        - name: agent
+          in: query
+          description: agent token 
+          required: false
+          schema:
+            type: string
       responses:
         '200':
           description: success
@@ -777,8 +764,13 @@ paths:
         - profile
       description: Set base64 encode image data for profile. Access granted to app tokens of account holder.
       operationId: set-profile-image
-      security:
-        - bearerAuth: []
+      parameters:
+        - name: agent
+          in: query
+          description: agent token 
+          required: false
+          schema:
+            type: string
       responses:
         '200':
           description: success
@@ -806,15 +798,19 @@ paths:
         - profile
       description: Get a profile data message. Access granted to app token of account holder or contact token of connected contact.
       operationId: get-profile-message
-      security:
-        - bearerAuth: []
       parameters:
-        - in: header
-          name: TokenType
+        - name: agent
+          in: query
+          description: agent token 
+          required: false
+          schema:
+            type: string
+        - name: contact
+          in: query
+          description: contact token 
+          required: false
           schema:
             type: string
-            enum: [ app, contact ]
-          required: true
       responses:
         '200':
           description: success
diff --git a/net/server/internal/api_getProfile.go b/net/server/internal/api_getProfile.go
index 1320844d..6c5a77d5 100644
--- a/net/server/internal/api_getProfile.go
+++ b/net/server/internal/api_getProfile.go
@@ -6,8 +6,9 @@ import (
 
 func GetProfile(w http.ResponseWriter, r *http.Request) {
 
-  account, code, err := BearerAppToken(r, true);
+  account, code, err := ParamAgentToken(r, true);
   if err != nil {
+PrintMsg(r);
     ErrResponse(w, code, err)
     return
   }
diff --git a/net/server/internal/testApp.go b/net/server/internal/testApp.go
index f4b278c8..c93b071a 100644
--- a/net/server/internal/testApp.go
+++ b/net/server/internal/testApp.go
@@ -3,6 +3,7 @@ package databag
 import (
   "time"
   "errors"
+  "strings"
   "strconv"
   "sync"
   "encoding/json"
@@ -849,22 +850,42 @@ func TestApiRequest(endpoint func(http.ResponseWriter, *http.Request), params *T
   if rest == "" {
     rest = "GET"
   }
+
+  if params.tokenType == APP_TOKENAPP {
+    if !strings.Contains(params.query, "?") {
+      params.query += "?"
+    } else {
+      params.query += "&"
+    }
+    params.query += "agent=" + params.token
+  } else if params.tokenType == APP_TOKENCONTACT {
+    if !strings.Contains(params.query, "?") {
+      params.query += "?"
+    } else {
+      params.query += "&"
+    }
+    params.query += "contact=" + params.token
+  }
+
   if r, w, err = NewRequest(rest, params.query, params.body); err != nil {
     return
   }
   r = mux.SetURLVars(r, params.path)
+
   if params.tokenType != "" {
     r.Header.Add("TokenType", params.tokenType)
   }
   if params.token != "" {
     SetBearerAuth(r, params.token)
   }
+
   if params.authorization != "" {
     SetBasicAuth(r, params.authorization)
   }
   if params.credentials != "" {
     SetCredentials(r, params.credentials)
   }
+
   endpoint(w, r)
 
   res := w.Result()
diff --git a/net/server/internal/testUtil.go b/net/server/internal/testUtil.go
index d4bbabc9..6381f873 100644
--- a/net/server/internal/testUtil.go
+++ b/net/server/internal/testUtil.go
@@ -111,6 +111,22 @@ func ApiTestMsg(
   var r *http.Request
   var w *httptest.ResponseRecorder
 
+  if tokenType == APP_TOKENAPP {
+    if !strings.Contains(name, "?") {
+      name += "?"
+    } else {
+      name += "&"
+    }
+    name += "agent=" + token
+  } else if tokenType == APP_TOKENCONTACT {
+    if !strings.Contains(name, "?") {
+      name += "?"
+    } else {
+      name += "&"
+    }
+    name += "contact=" + token
+  }
+
   if r, w, err = NewRequest(requestType, name, body); err != nil {
     return
   }