From b9880227edd8523a2f4f90fbb3100489fcdb5d9c Mon Sep 17 00:00:00 2001 From: Roland Osborne Date: Sat, 22 Jan 2022 21:47:39 -0800 Subject: [PATCH] adding contact access to profile message --- doc/api.oa3 | 7 +++ net/server/internal/api_getProfileMessage.go | 50 ++++++++++++++++++-- net/server/internal/appValues.go | 2 + net/server/internal/contact_test.go | 1 + net/server/internal/ucConnectContact_test.go | 1 + 5 files changed, 57 insertions(+), 4 deletions(-) diff --git a/doc/api.oa3 b/doc/api.oa3 index 7c440a0e..10a57098 100644 --- a/doc/api.oa3 +++ b/doc/api.oa3 @@ -806,6 +806,13 @@ paths: operationId: get-profile-message security: - bearerAuth: [] + parameters: + - in: header + name: TokenType + schema: + type: string + enum: [ app, contact ] + required: true responses: '200': description: success diff --git a/net/server/internal/api_getProfileMessage.go b/net/server/internal/api_getProfileMessage.go index 4244d698..f6cd905a 100644 --- a/net/server/internal/api_getProfileMessage.go +++ b/net/server/internal/api_getProfileMessage.go @@ -1,17 +1,59 @@ package databag import ( + "strings" + "errors" "net/http" + "gorm.io/gorm" + "databag/internal/store" ) func GetProfileMessage(w http.ResponseWriter, r *http.Request) { - account, code, res := BearerAppToken(r, true); - if res != nil { - ErrResponse(w, code, res) + // extract token + tokenType := r.Header.Get("TokenType") + auth := r.Header.Get("Authorization") + token := strings.TrimSpace(strings.TrimPrefix(auth, "Bearer")) + target, access, err := ParseToken(token) + if err != nil { + ErrResponse(w, http.StatusBadRequest, errors.New("invalid bearer token")) + return + } + + // load account record + var account *store.Account + if tokenType == APP_TOKENAPP { + var app store.App + if err := store.DB.Preload("Account.AccountDetail").Where("account_id = ? AND token = ?", target, access).First(&app).Error; err != nil { + if errors.Is(err, gorm.ErrRecordNotFound) { + ErrResponse(w, http.StatusNotFound, err); + } else { + ErrResponse(w, http.StatusInternalServerError, err); + } + return + } + account = &app.Account + } else if tokenType == APP_TOKENCONTACT { + var card store.Card + if err := store.DB.Preload("Account.AccountDetail").Where("account_id = ? AND InToken = ?", target, access).First(&card).Error; err != nil { + if errors.Is(err, gorm.ErrRecordNotFound) { + ErrResponse(w, http.StatusNotFound, err) + } else { + ErrResponse(w, http.StatusInternalServerError, err) + } + return + } + account = &card.Account + } else { + ErrResponse(w, http.StatusBadRequest, errors.New("invalid token type")) + } + detail := &account.AccountDetail + + // check if account is active + if account.Disabled { + ErrResponse(w, http.StatusGone, errors.New("account is not active")) return } - detail := account.AccountDetail // generate identity DataMessage identity := Identity{ diff --git a/net/server/internal/appValues.go b/net/server/internal/appValues.go index 796322df..04e7cf10 100644 --- a/net/server/internal/appValues.go +++ b/net/server/internal/appValues.go @@ -22,6 +22,8 @@ const APP_CARDCONNECTING = "connecting" const APP_CARDCONNECTED = "connected" const APP_MODULEPROFILE = "profile" const APP_MODULECONTENT = "content" +const APP_TOKENAPP = "app" +const APP_TOKENCONTACT = "contact" func AppCardStatus(status string) bool { if status == APP_CARDPENDING { diff --git a/net/server/internal/contact_test.go b/net/server/internal/contact_test.go index d04b71ed..ab3b8c64 100644 --- a/net/server/internal/contact_test.go +++ b/net/server/internal/contact_test.go @@ -62,6 +62,7 @@ func ConnectTestContacts(t *testing.T, accessA string, accessB string) (contact // get A identity message r, w, _ := NewRequest("GET", "/profile/message", nil) + r.Header.Add("TokenType", APP_TOKENAPP) SetBearerAuth(r, access[0]) GetProfileMessage(w, r) assert.NoError(t, ReadResponse(w, &msg)) diff --git a/net/server/internal/ucConnectContact_test.go b/net/server/internal/ucConnectContact_test.go index bd453b96..b5b9cfa9 100644 --- a/net/server/internal/ucConnectContact_test.go +++ b/net/server/internal/ucConnectContact_test.go @@ -22,6 +22,7 @@ func TestConnectContact(t *testing.T) { // get A identity message r, w, _ := NewRequest("GET", "/profile/message", nil) + r.Header.Add("TokenType", APP_TOKENAPP) SetBearerAuth(r, access[0]) GetProfileMessage(w, r) assert.NoError(t, ReadResponse(w, &msg))