moving profile to token based auth

2025-02-12 03:29:16 +00:00 · 2022-03-19 23:01:18 -07:00 · 2022-03-19 23:01:18 -07:00 · 3c3771ece4
commit 3c3771ece4
parent d6dff01317
4 changed files with 70 additions and 36 deletions
--- a/doc/api.oa3
+++ b/doc/api.oa3
@ -464,29 +464,6 @@ paths:
        '500':
          description: internal server error
                
-  /account/profile/image:
-    get:
-      tags:
-        - account
-      description: Get profile image. Access granted to account's username and password
-      operationId: get-account-image
-      security:
-        - basicAuth: []
-      responses: 
-        '200':
-          description: success
-          content:
-            application/octet-stream: # content specific
-              schema:
-                type: string
-                format: binary
-        '401':
-          description: permission denied
-        '405':
-          description: invalid image
-        '500':
-          description: internal server error
-          
  /account/assets/{assetId}:
    get:
      tags:
@ -700,8 +677,13 @@ paths:
        - profile
      description: Get profile of accunt. Access granted to app token of account holder.
      operationId: get-profile
-      security:
-        - bearerAuth: []
+      parameters:
+        - name: agent
+          in: query
+          description: agent token
+          required: false
+          schema:
+            type: string
      responses:
        '200':
          description: success
@ -722,8 +704,13 @@ paths:
        - profile
      description: Set profile data. Access granted to app tokens of account holder.
      operationId: set-profile
-      security:
-        - bearerAuth: []
+      parameters:
+        - name: agent
+          in: query
+          description: agent token 
+          required: false
+          schema:
+            type: string
      responses:
        '200':
          description: success
@ -777,8 +764,13 @@ paths:
        - profile
      description: Set base64 encode image data for profile. Access granted to app tokens of account holder.
      operationId: set-profile-image
-      security:
-        - bearerAuth: []
+      parameters:
+        - name: agent
+          in: query
+          description: agent token 
+          required: false
+          schema:
+            type: string
      responses:
        '200':
          description: success
@ -806,15 +798,19 @@ paths:
        - profile
      description: Get a profile data message. Access granted to app token of account holder or contact token of connected contact.
      operationId: get-profile-message
-      security:
-        - bearerAuth: []
      parameters:
-        - in: header
-          name: TokenType
+        - name: agent
+          in: query
+          description: agent token 
+          required: false
+          schema:
+            type: string
+        - name: contact
+          in: query
+          description: contact token 
+          required: false
          schema:
            type: string
-            enum: [ app, contact ]
-          required: true
      responses:
        '200':
          description: success
--- a/net/server/internal/api_getProfile.go
+++ b/net/server/internal/api_getProfile.go
@ -6,8 +6,9 @@ import (

 func GetProfile(w http.ResponseWriter, r *http.Request) {

-  account, code, err := BearerAppToken(r, true);
+  account, code, err := ParamAgentToken(r, true);
  if err != nil {
+PrintMsg(r);
    ErrResponse(w, code, err)
    return
  }
--- a/net/server/internal/testApp.go
+++ b/net/server/internal/testApp.go
@ -3,6 +3,7 @@ package databag
 import (
  "time"
  "errors"
+  "strings"
  "strconv"
  "sync"
  "encoding/json"
@ -849,22 +850,42 @@ func TestApiRequest(endpoint func(http.ResponseWriter, *http.Request), params *T
  if rest == "" {
    rest = "GET"
  }
+
+  if params.tokenType == APP_TOKENAPP {
+    if !strings.Contains(params.query, "?") {
+      params.query += "?"
+    } else {
+      params.query += "&"
+    }
+    params.query += "agent=" + params.token
+  } else if params.tokenType == APP_TOKENCONTACT {
+    if !strings.Contains(params.query, "?") {
+      params.query += "?"
+    } else {
+      params.query += "&"
+    }
+    params.query += "contact=" + params.token
+  }
+
  if r, w, err = NewRequest(rest, params.query, params.body); err != nil {
    return
  }
  r = mux.SetURLVars(r, params.path)
+
  if params.tokenType != "" {
    r.Header.Add("TokenType", params.tokenType)
  }
  if params.token != "" {
    SetBearerAuth(r, params.token)
  }
+
  if params.authorization != "" {
    SetBasicAuth(r, params.authorization)
  }
  if params.credentials != "" {
    SetCredentials(r, params.credentials)
  }
+
  endpoint(w, r)

  res := w.Result()
--- a/net/server/internal/testUtil.go
+++ b/net/server/internal/testUtil.go
@ -111,6 +111,22 @@ func ApiTestMsg(
  var r *http.Request
  var w *httptest.ResponseRecorder

+  if tokenType == APP_TOKENAPP {
+    if !strings.Contains(name, "?") {
+      name += "?"
+    } else {
+      name += "&"
+    }
+    name += "agent=" + token
+  } else if tokenType == APP_TOKENCONTACT {
+    if !strings.Contains(name, "?") {
+      name += "?"
+    } else {
+      name += "&"
+    }
+    name += "contact=" + token
+  }
+
  if r, w, err = NewRequest(requestType, name, body); err != nil {
    return
  }