adding target to app token

2025-02-12 03:29:16 +00:00 · 2022-01-22 11:04:29 -08:00 · 2022-01-22 11:04:29 -08:00 · 76c31b15ae
commit 76c31b15ae
parent 4082476d73
5 changed files with 44 additions and 8 deletions
--- a/net/server/internal/api_getProfile.go
+++ b/net/server/internal/api_getProfile.go
@ -6,7 +6,7 @@ import (

 func GetProfile(w http.ResponseWriter, r *http.Request) {

-  account, code, err := BearerAppToken(r, true);
+  account, code, err := BearerAppyToken(r, true);
  if err != nil {
    ErrResponse(w, code, err)
    return
--- a/net/server/internal/api_setProfile.go
+++ b/net/server/internal/api_setProfile.go
@ -8,7 +8,7 @@ import (

 func SetProfile(w http.ResponseWriter, r *http.Request) {

-  account, code, err := BearerAppToken(r, true);
+  account, code, err := BearerAppyToken(r, true);
  if err != nil {
    ErrResponse(w, code, err)
    return
--- a/net/server/internal/authUtil.go
+++ b/net/server/internal/authUtil.go
@ -115,8 +115,44 @@ func BearerAppToken(r *http.Request, detail bool) (*store.Account, int, error) {
  return &app.Account, http.StatusOK, nil
 }

+func BearerAppyToken(r *http.Request, detail bool) (*store.Account, int, error) {
+
+  // parse bearer authentication
+  auth := r.Header.Get("Authorization")
+  token := strings.TrimSpace(strings.TrimPrefix(auth, "Bearer"))
+  target, access, err := ParseToken(token)
+  if err != nil {
+    return nil, http.StatusBadRequest, err
+  }
+
+  // find token record
+  var app store.App
+  if detail {
+    if err := store.DB.Preload("Account.AccountDetail").Where("account_id = ? AND token = ?", target, access).First(&app).Error; err != nil {
+      if errors.Is(err, gorm.ErrRecordNotFound) {
+        return nil, http.StatusNotFound, err
+      } else {
+        return nil, http.StatusInternalServerError, err
+      }
+    }
+  } else {
+    if err := store.DB.Preload("Account").Where("token = ?", token).First(&app).Error; err != nil {
+      if errors.Is(err, gorm.ErrRecordNotFound) {
+        return nil, http.StatusNotFound, err
+      } else {
+        return nil, http.StatusInternalServerError, err
+      }
+    }
+  }
+  if app.Account.Disabled {
+    return nil, http.StatusGone, errors.New("account is inactive")
+  }
+
+  return &app.Account, http.StatusOK, nil
+}
+
 func ParseToken(token string) (string, string, error) {
-  split := strings.Split(token, ":")
+  split := strings.Split(token, ".")
  if len(split) != 2 {
    return "", "", errors.New("invalid token format")
  }
--- a/net/server/internal/main_test.go
+++ b/net/server/internal/main_test.go
@ -7,7 +7,7 @@ import (

 func TestMain(m *testing.M) {

-  SetHideLog(true)
+//  SetHideLog(true)
  SetKeySize(2048)
  store.SetPath("file::memory:?cache=shared");
  //store.SetPath("databag.db");
--- a/net/server/internal/ucAttachApp_test.go
+++ b/net/server/internal/ucAttachApp_test.go
@ -22,7 +22,8 @@ func TestAttachAccount(t *testing.T) {
  SetBearerAuth(r, account);
  SetCredentials(r, "attachapp:pass")
  AddAccount(w, r)
-  assert.NoError(t, ReadResponse(w, nil))
+  var profile Profile
+  assert.NoError(t, ReadResponse(w, &profile))

  // acquire new token for attaching app
  r, w, _ = NewRequest("POST", "/account/apps", nil)
@ -79,15 +80,14 @@ func TestAttachAccount(t *testing.T) {
    Description: "databaggerr",
  };
  r, w, _ = NewRequest("PUT", "/profile/data", &profileData)
-  SetBearerAuth(r, access)
+  SetBearerAuth(r, profile.Guid + "." + access)
  SetProfile(w, r)
  assert.NoError(t, ReadResponse(w, nil))

  // get profile
  r, w, _ = NewRequest("GET", "/profile", nil)
-  SetBearerAuth(r, access)
+  SetBearerAuth(r, profile.Guid + "." + access)
  GetProfile(w, r)
-  var profile Profile
  assert.NoError(t, ReadResponse(w, &profile))
  assert.Equal(t, guid, profile.Guid)
  assert.Equal(t, "attachapp", profile.Handle)