From 76c31b15aea2097be15554c41976faa03aeb5ce8 Mon Sep 17 00:00:00 2001 From: Roland Osborne Date: Sat, 22 Jan 2022 11:04:29 -0800 Subject: [PATCH] adding target to app token --- net/server/internal/api_getProfile.go | 2 +- net/server/internal/api_setProfile.go | 2 +- net/server/internal/authUtil.go | 38 ++++++++++++++++++++++++- net/server/internal/main_test.go | 2 +- net/server/internal/ucAttachApp_test.go | 8 +++--- 5 files changed, 44 insertions(+), 8 deletions(-) diff --git a/net/server/internal/api_getProfile.go b/net/server/internal/api_getProfile.go index 0194980f..a5886aea 100644 --- a/net/server/internal/api_getProfile.go +++ b/net/server/internal/api_getProfile.go @@ -6,7 +6,7 @@ import ( func GetProfile(w http.ResponseWriter, r *http.Request) { - account, code, err := BearerAppToken(r, true); + account, code, err := BearerAppyToken(r, true); if err != nil { ErrResponse(w, code, err) return diff --git a/net/server/internal/api_setProfile.go b/net/server/internal/api_setProfile.go index 46f80f49..f4410573 100644 --- a/net/server/internal/api_setProfile.go +++ b/net/server/internal/api_setProfile.go @@ -8,7 +8,7 @@ import ( func SetProfile(w http.ResponseWriter, r *http.Request) { - account, code, err := BearerAppToken(r, true); + account, code, err := BearerAppyToken(r, true); if err != nil { ErrResponse(w, code, err) return diff --git a/net/server/internal/authUtil.go b/net/server/internal/authUtil.go index c25444a9..b8708063 100644 --- a/net/server/internal/authUtil.go +++ b/net/server/internal/authUtil.go @@ -115,8 +115,44 @@ func BearerAppToken(r *http.Request, detail bool) (*store.Account, int, error) { return &app.Account, http.StatusOK, nil } +func BearerAppyToken(r *http.Request, detail bool) (*store.Account, int, error) { + + // parse bearer authentication + auth := r.Header.Get("Authorization") + token := strings.TrimSpace(strings.TrimPrefix(auth, "Bearer")) + target, access, err := ParseToken(token) + if err != nil { + return nil, http.StatusBadRequest, err + } + + // find token record + var app store.App + if detail { + if err := store.DB.Preload("Account.AccountDetail").Where("account_id = ? AND token = ?", target, access).First(&app).Error; err != nil { + if errors.Is(err, gorm.ErrRecordNotFound) { + return nil, http.StatusNotFound, err + } else { + return nil, http.StatusInternalServerError, err + } + } + } else { + if err := store.DB.Preload("Account").Where("token = ?", token).First(&app).Error; err != nil { + if errors.Is(err, gorm.ErrRecordNotFound) { + return nil, http.StatusNotFound, err + } else { + return nil, http.StatusInternalServerError, err + } + } + } + if app.Account.Disabled { + return nil, http.StatusGone, errors.New("account is inactive") + } + + return &app.Account, http.StatusOK, nil +} + func ParseToken(token string) (string, string, error) { - split := strings.Split(token, ":") + split := strings.Split(token, ".") if len(split) != 2 { return "", "", errors.New("invalid token format") } diff --git a/net/server/internal/main_test.go b/net/server/internal/main_test.go index 2e781185..364e7a38 100644 --- a/net/server/internal/main_test.go +++ b/net/server/internal/main_test.go @@ -7,7 +7,7 @@ import ( func TestMain(m *testing.M) { - SetHideLog(true) +// SetHideLog(true) SetKeySize(2048) store.SetPath("file::memory:?cache=shared"); //store.SetPath("databag.db"); diff --git a/net/server/internal/ucAttachApp_test.go b/net/server/internal/ucAttachApp_test.go index b84ab160..73f5a908 100644 --- a/net/server/internal/ucAttachApp_test.go +++ b/net/server/internal/ucAttachApp_test.go @@ -22,7 +22,8 @@ func TestAttachAccount(t *testing.T) { SetBearerAuth(r, account); SetCredentials(r, "attachapp:pass") AddAccount(w, r) - assert.NoError(t, ReadResponse(w, nil)) + var profile Profile + assert.NoError(t, ReadResponse(w, &profile)) // acquire new token for attaching app r, w, _ = NewRequest("POST", "/account/apps", nil) @@ -79,15 +80,14 @@ func TestAttachAccount(t *testing.T) { Description: "databaggerr", }; r, w, _ = NewRequest("PUT", "/profile/data", &profileData) - SetBearerAuth(r, access) + SetBearerAuth(r, profile.Guid + "." + access) SetProfile(w, r) assert.NoError(t, ReadResponse(w, nil)) // get profile r, w, _ = NewRequest("GET", "/profile", nil) - SetBearerAuth(r, access) + SetBearerAuth(r, profile.Guid + "." + access) GetProfile(w, r) - var profile Profile assert.NoError(t, ReadResponse(w, &profile)) assert.Equal(t, guid, profile.Guid) assert.Equal(t, "attachapp", profile.Handle)