Semaphore/api/projects/keys.go

package projects

import (
	log "github.com/Sirupsen/logrus"
	"github.com/ansible-semaphore/semaphore/api/helpers"
	"github.com/ansible-semaphore/semaphore/db"
	"net/http"

	"github.com/gorilla/context"
)

// KeyMiddleware ensures a key exists and loads it to the context
func KeyMiddleware(next http.Handler) http.Handler {
	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		project := context.Get(r, "project").(db.Project)
		keyID, err := helpers.GetIntParam("key_id", w, r)
		if err != nil {
			return
		}

		key, err := helpers.Store(r).GetAccessKey(project.ID, keyID)

		if err != nil {
			helpers.WriteError(w, err)
			return
		}

		context.Set(r, "accessKey", key)
		next.ServeHTTP(w, r)
	})
}

// GetKeys retrieves sorted keys from the database
func GetKeys(w http.ResponseWriter, r *http.Request) {
	if key := context.Get(r, "accessKey"); key != nil {
		k := key.(db.AccessKey)
		k.Secret = nil
		helpers.WriteJSON(w, http.StatusOK, k)
		return
	}

	project := context.Get(r, "project").(db.Project)
	var keys []db.AccessKey

	params := db.RetrieveQueryParams{
		SortBy: r.URL.Query().Get("sort"),
		SortInverted: r.URL.Query().Get("order") == desc,
	}

	keys, err := helpers.Store(r).GetAccessKeys(project.ID, params)

	for _, k := range keys {
		k.Secret = nil
	}

	if err != nil {
		helpers.WriteError(w, err)
		return
	}

	helpers.WriteJSON(w, http.StatusOK, keys)
}

// AddKey adds a new key to the database
func AddKey(w http.ResponseWriter, r *http.Request) {
	project := context.Get(r, "project").(db.Project)
	var key db.AccessKey

	if !helpers.Bind(w, r, &key) {
		return
	}

	if key.ProjectID == nil || *key.ProjectID != project.ID {
		helpers.WriteJSON(w, http.StatusBadRequest, map[string]string{
			"error": "Project ID in body and URL must be the same",
		})
		return
	}

	switch key.Type {
	case db.AccessKeyNone:
		break
	case db.AccessKeySSH:
		if key.Secret == nil || len(*key.Secret) == 0 {
			helpers.WriteJSON(w, http.StatusBadRequest, map[string]string{
				"error": "SSH Secret empty",
			})
			return
		}
	default:
		helpers.WriteJSON(w, http.StatusBadRequest, map[string]string{
			"error": "Invalid key type",
		})
		return
	}

	if key.Secret != nil {
		*key.Secret += "\n"
	}

	err := key.EncryptSecret()

	if err != nil {
		helpers.WriteError(w, err)
		return
	}

	newKey, err := helpers.Store(r).CreateAccessKey(key)

	if err != nil {
		helpers.WriteError(w, err)
		return
	}

	user := context.Get(r, "user").(*db.User)

	objType := "key"

	desc := "Access Key " + key.Name + " created"
	_, err = helpers.Store(r).CreateEvent(db.Event{
		UserID:      &user.ID,
		ProjectID:   newKey.ProjectID,
		ObjectType:  &objType,
		ObjectID:    &newKey.ID,
		Description: &desc,
	})

	if err != nil {
		log.Error(err)
	}

	w.WriteHeader(http.StatusNoContent)
}

// UpdateKey updates key in database
// nolint: gocyclo
func UpdateKey(w http.ResponseWriter, r *http.Request) {
	var key db.AccessKey
	oldKey := context.Get(r, "accessKey").(db.AccessKey)

	if !helpers.Bind(w, r, &key) {
		return
	}

	switch key.Type {
	case db.AccessKeyNone:
	case db.AccessKeySSH:
	default:
		helpers.WriteJSON(w, http.StatusBadRequest, map[string]string{
			"error": "Invalid key type",
		})
		return
	}

	if key.Type == db.AccessKeyNone {
		key.Secret = nil
	} else if key.Secret == nil || len(*key.Secret) == 0 {
		// override secret
		key.Secret = oldKey.Secret
	} else {
		*key.Secret += "\n"

		err := key.EncryptSecret()

		if err != nil {
			helpers.WriteError(w, err)
			return
		}
	}

	if err := helpers.Store(r).UpdateAccessKey(key); err != nil {
		helpers.WriteError(w, err)
		return
	}

	user := context.Get(r, "user").(*db.User)

	desc := "Access Key " + key.Name + " updated"
	objType := "key"

	_, err := helpers.Store(r).CreateEvent(db.Event{
		UserID:      &user.ID,
		ProjectID:   oldKey.ProjectID,
		Description: &desc,
		ObjectID:    &oldKey.ID,
		ObjectType:  &objType,
	})

	if err != nil {
		log.Error(err)
		return
	}

	w.WriteHeader(http.StatusNoContent)
}

// RemoveKey deletes a key from the database
func RemoveKey(w http.ResponseWriter, r *http.Request) {
	key := context.Get(r, "accessKey").(db.AccessKey)

	var err error

	softDeletion := r.URL.Query().Get("setRemoved") == "1"

	if softDeletion {
		err = helpers.Store(r).DeleteAccessKeySoft(*key.ProjectID, key.ID)
	} else {
		err = helpers.Store(r).DeleteAccessKey(*key.ProjectID, key.ID)
		if err == db.ErrInvalidOperation {
			helpers.WriteJSON(w, http.StatusBadRequest, map[string]interface{}{
				"error": "Inventory is in use by one or more templates",
				"inUse": true,
			})
			return
		}
	}

	if err != nil {
		helpers.WriteError(w, err)
		return
	}

	user := context.Get(r, "user").(*db.User)

	desc := "Access Key " + key.Name + " deleted"

	_, err = helpers.Store(r).CreateEvent(db.Event{
		UserID:      &user.ID,
		ProjectID:   key.ProjectID,
		Description: &desc,
	})

	if err != nil {
		log.Error(err)
	}

	w.WriteHeader(http.StatusNoContent)
}
Project ui, ws - [wip] ws support 2016-04-02 14:40:07 +02:00			`package projects`

access key ui & api 2016-04-04 01:10:12 +02:00			`import (`
fix(be): delete global Mysql variable and add interface Store for dialect-independent communication with database. 2020-12-01 20:06:49 +01:00			`log "github.com/Sirupsen/logrus"`
refactor(be): template and environment endpoints use Store Rename util to helpers Bind returns bool instead of error 2020-12-03 14:51:15 +01:00			`"github.com/ansible-semaphore/semaphore/api/helpers"`
refactor(be): return models to db package 2020-12-04 23:41:26 +01:00			`"github.com/ansible-semaphore/semaphore/db"`
fix(be): delete global Mysql variable and add interface Store for dialect-independent communication with database. 2020-12-01 20:06:49 +01:00			`"net/http"`
Remove mulekick, move functions to util 2019-07-09 19:45:27 +02:00
🎉 gin -> net/http 2017-02-23 00:21:49 +01:00			`"github.com/gorilla/context"`
access key ui & api 2016-04-04 01:10:12 +02:00			`)`
Project ui, ws - [wip] ws support 2016-04-02 14:40:07 +02:00
add gometalinter to tools and run it in circle. extract some error checking and logging in places where linting needed or errors not checked 2018-03-27 22:12:47 +02:00			`// KeyMiddleware ensures a key exists and loads it to the context`
Remove mulekick router, use mux directly Revert one more commit 2019-07-09 18:14:06 +02:00			`func KeyMiddleware(next http.Handler) http.Handler {`
			`return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {`
refactor(be): return models to db package 2020-12-04 23:41:26 +01:00			`project := context.Get(r, "project").(db.Project)`
refactor(be): template and environment endpoints use Store Rename util to helpers Bind returns bool instead of error 2020-12-03 14:51:15 +01:00			`keyID, err := helpers.GetIntParam("key_id", w, r)`
Remove mulekick router, use mux directly Revert one more commit 2019-07-09 18:14:06 +02:00			`if err != nil {`
API Tokens, Documentation - API Tokens - More documentation - Update API 2016-04-09 21:09:57 +02:00			`return`
			`}`

refactor(be): migrate key to Store 2020-12-08 08:23:33 +01:00			`key, err := helpers.Store(r).GetAccessKey(project.ID, keyID)`
Remove mulekick router, use mux directly Revert one more commit 2019-07-09 18:14:06 +02:00
refactor(be): migrate key to Store 2020-12-08 08:23:33 +01:00			`if err != nil {`
			`helpers.WriteError(w, err)`
			`return`
Remove mulekick router, use mux directly Revert one more commit 2019-07-09 18:14:06 +02:00			`}`
API Tokens, Documentation - API Tokens - More documentation - Update API 2016-04-09 21:09:57 +02:00
Remove mulekick router, use mux directly Revert one more commit 2019-07-09 18:14:06 +02:00			`context.Set(r, "accessKey", key)`
			`next.ServeHTTP(w, r)`
			`})`
beginning to running tasks 2016-04-04 15:44:34 +02:00			`}`

add gometalinter to tools and run it in circle. extract some error checking and logging in places where linting needed or errors not checked 2018-03-27 22:12:47 +02:00			`// GetKeys retrieves sorted keys from the database`
mux != Koa, undo refactor before it gets worse 2019-07-09 18:11:01 +02:00			`func GetKeys(w http.ResponseWriter, r *http.Request) {`
fix(web2): small bugs on many pages 2020-11-04 20:30:36 +01:00			`if key := context.Get(r, "accessKey"); key != nil {`
feat(be): do not return private key in rest api 2021-08-30 22:48:53 +02:00			`k := key.(db.AccessKey)`
			`k.Secret = nil`
			`helpers.WriteJSON(w, http.StatusOK, k)`
fix(web2): small bugs on many pages 2020-11-04 20:30:36 +01:00			`return`
			`}`

refactor(be): return models to db package 2020-12-04 23:41:26 +01:00			`project := context.Get(r, "project").(db.Project)`
			`var keys []db.AccessKey`
mux != Koa, undo refactor before it gets worse 2019-07-09 18:11:01 +02:00
refactor(be): migrate key to Store 2020-12-08 08:23:33 +01:00			`params := db.RetrieveQueryParams{`
			`SortBy: r.URL.Query().Get("sort"),`
			`SortInverted: r.URL.Query().Get("order") == desc,`
mux != Koa, undo refactor before it gets worse 2019-07-09 18:11:01 +02:00			`}`

refactor(be): migrate key to Store 2020-12-08 08:23:33 +01:00			`keys, err := helpers.Store(r).GetAccessKeys(project.ID, params)`
mux != Koa, undo refactor before it gets worse 2019-07-09 18:11:01 +02:00
feat(be): do not return private key in rest api 2021-08-30 22:48:53 +02:00			`for _, k := range keys {`
			`k.Secret = nil`
			`}`

refactor(be): migrate key to Store 2020-12-08 08:23:33 +01:00			`if err != nil {`
			`helpers.WriteError(w, err)`
			`return`
mux != Koa, undo refactor before it gets worse 2019-07-09 18:11:01 +02:00			`}`

refactor(be): template and environment endpoints use Store Rename util to helpers Bind returns bool instead of error 2020-12-03 14:51:15 +01:00			`helpers.WriteJSON(w, http.StatusOK, keys)`
Project ui, ws - [wip] ws support 2016-04-02 14:40:07 +02:00			`}`

add gometalinter to tools and run it in circle. extract some error checking and logging in places where linting needed or errors not checked 2018-03-27 22:12:47 +02:00			`// AddKey adds a new key to the database`
mux != Koa, undo refactor before it gets worse 2019-07-09 18:11:01 +02:00			`func AddKey(w http.ResponseWriter, r *http.Request) {`
refactor(be): return models to db package 2020-12-04 23:41:26 +01:00			`project := context.Get(r, "project").(db.Project)`
			`var key db.AccessKey`
mux != Koa, undo refactor before it gets worse 2019-07-09 18:11:01 +02:00
refactor(be): template and environment endpoints use Store Rename util to helpers Bind returns bool instead of error 2020-12-03 14:51:15 +01:00			`if !helpers.Bind(w, r, &key) {`
mux != Koa, undo refactor before it gets worse 2019-07-09 18:11:01 +02:00			`return`
			`}`

refactor(be): migrate key to Store 2020-12-08 08:23:33 +01:00			`if key.ProjectID == nil \|\| *key.ProjectID != project.ID {`
			`helpers.WriteJSON(w, http.StatusBadRequest, map[string]string{`
fix(fe): add field project_id to each mutation request from class ItemFormBase.js 2021-04-22 12:36:23 +02:00			`"error": "Project ID in body and URL must be the same",`
refactor(be): migrate key to Store 2020-12-08 08:23:33 +01:00			`})`
			`return`
			`}`

mux != Koa, undo refactor before it gets worse 2019-07-09 18:11:01 +02:00			`switch key.Type {`
refactor(be): remove unused columns 2021-08-30 16:24:20 +02:00			`case db.AccessKeyNone:`
mux != Koa, undo refactor before it gets worse 2019-07-09 18:11:01 +02:00			`break`
refactor(be): remove unused columns 2021-08-30 16:24:20 +02:00			`case db.AccessKeySSH:`
mux != Koa, undo refactor before it gets worse 2019-07-09 18:11:01 +02:00			`if key.Secret == nil \|\| len(*key.Secret) == 0 {`
refactor(be): template and environment endpoints use Store Rename util to helpers Bind returns bool instead of error 2020-12-03 14:51:15 +01:00			`helpers.WriteJSON(w, http.StatusBadRequest, map[string]string{`
mux != Koa, undo refactor before it gets worse 2019-07-09 18:11:01 +02:00			`"error": "SSH Secret empty",`
Improved UI - Fixes #94 - Fixes admin permissions (needed to manipulate users) 2016-06-17 22:16:46 +02:00			`})`
			`return`
			`}`
mux != Koa, undo refactor before it gets worse 2019-07-09 18:11:01 +02:00			`default:`
refactor(be): template and environment endpoints use Store Rename util to helpers Bind returns bool instead of error 2020-12-03 14:51:15 +01:00			`helpers.WriteJSON(w, http.StatusBadRequest, map[string]string{`
mux != Koa, undo refactor before it gets worse 2019-07-09 18:11:01 +02:00			`"error": "Invalid key type",`
			`})`
			`return`
			`}`

refactor(be): remove unused columns 2021-08-30 16:24:20 +02:00			`if key.Secret != nil {`
			`*key.Secret += "\n"`
			`}`
refactor(be): migrate key to Store 2020-12-08 08:23:33 +01:00
feat: removed public key. fix: encrypt private key for new access key 2021-08-31 07:47:19 +02:00			`err := key.EncryptSecret()`

			`if err != nil {`
			`helpers.WriteError(w, err)`
			`return`
			`}`

refactor(be): migrate key to Store 2020-12-08 08:23:33 +01:00			`newKey, err := helpers.Store(r).CreateAccessKey(key)`
mux != Koa, undo refactor before it gets worse 2019-07-09 18:11:01 +02:00
			`if err != nil {`
refactor(be): migrate key to Store 2020-12-08 08:23:33 +01:00			`helpers.WriteError(w, err)`
			`return`
mux != Koa, undo refactor before it gets worse 2019-07-09 18:11:01 +02:00			`}`

feat(be): add user id to activity log 2021-08-20 08:28:50 +02:00			`user := context.Get(r, "user").(*db.User)`

mux != Koa, undo refactor before it gets worse 2019-07-09 18:11:01 +02:00			`objType := "key"`

			`desc := "Access Key " + key.Name + " created"`
refactor(be): return models to db package 2020-12-04 23:41:26 +01:00			`_, err = helpers.Store(r).CreateEvent(db.Event{`
feat(be): add user id to activity log 2021-08-20 08:28:50 +02:00			`UserID: &user.ID,`
refactor(be): migrate key to Store 2020-12-08 08:23:33 +01:00			`ProjectID: newKey.ProjectID,`
mux != Koa, undo refactor before it gets worse 2019-07-09 18:11:01 +02:00			`ObjectType: &objType,`
refactor(be): migrate key to Store 2020-12-08 08:23:33 +01:00			`ObjectID: &newKey.ID,`
mux != Koa, undo refactor before it gets worse 2019-07-09 18:11:01 +02:00			`Description: &desc,`
fix(be): delete global Mysql variable and add interface Store for dialect-independent communication with database. 2020-12-01 20:06:49 +01:00			`})`

			`if err != nil {`
			`log.Error(err)`
mux != Koa, undo refactor before it gets worse 2019-07-09 18:11:01 +02:00			`}`

			`w.WriteHeader(http.StatusNoContent)`
access key ui & api 2016-04-04 01:10:12 +02:00			`}`

add gometalinter to tools and run it in circle. extract some error checking and logging in places where linting needed or errors not checked 2018-03-27 22:12:47 +02:00			`// UpdateKey updates key in database`
			`// nolint: gocyclo`
mux != Koa, undo refactor before it gets worse 2019-07-09 18:11:01 +02:00			`func UpdateKey(w http.ResponseWriter, r *http.Request) {`
refactor(be): return models to db package 2020-12-04 23:41:26 +01:00			`var key db.AccessKey`
			`oldKey := context.Get(r, "accessKey").(db.AccessKey)`
mux != Koa, undo refactor before it gets worse 2019-07-09 18:11:01 +02:00
refactor(be): template and environment endpoints use Store Rename util to helpers Bind returns bool instead of error 2020-12-03 14:51:15 +01:00			`if !helpers.Bind(w, r, &key) {`
mux != Koa, undo refactor before it gets worse 2019-07-09 18:11:01 +02:00			`return`
			`}`

			`switch key.Type {`
refactor(be): remove unused columns 2021-08-30 16:24:20 +02:00			`case db.AccessKeyNone:`
			`case db.AccessKeySSH:`
mux != Koa, undo refactor before it gets worse 2019-07-09 18:11:01 +02:00			`default:`
refactor(be): template and environment endpoints use Store Rename util to helpers Bind returns bool instead of error 2020-12-03 14:51:15 +01:00			`helpers.WriteJSON(w, http.StatusBadRequest, map[string]string{`
mux != Koa, undo refactor before it gets worse 2019-07-09 18:11:01 +02:00			`"error": "Invalid key type",`
			`})`
			`return`
			`}`

feat(be): do not return private key in rest api 2021-08-30 22:48:53 +02:00			`if key.Type == db.AccessKeyNone {`
			`key.Secret = nil`
			`} else if key.Secret == nil \|\| len(*key.Secret) == 0 {`
mux != Koa, undo refactor before it gets worse 2019-07-09 18:11:01 +02:00			`// override secret`
			`key.Secret = oldKey.Secret`
			`} else {`
feat(be): add access key encryption 2021-08-31 01:02:41 +02:00			`*key.Secret += "\n"`

			`err := key.EncryptSecret()`

			`if err != nil {`
			`helpers.WriteError(w, err)`
			`return`
			`}`
mux != Koa, undo refactor before it gets worse 2019-07-09 18:11:01 +02:00			`}`

refactor(be): migrate key to Store 2020-12-08 08:23:33 +01:00			`if err := helpers.Store(r).UpdateAccessKey(key); err != nil {`
			`helpers.WriteError(w, err)`
			`return`
mux != Koa, undo refactor before it gets worse 2019-07-09 18:11:01 +02:00			`}`

feat(be): add user id to activity log 2021-08-20 08:28:50 +02:00			`user := context.Get(r, "user").(*db.User)`

mux != Koa, undo refactor before it gets worse 2019-07-09 18:11:01 +02:00			`desc := "Access Key " + key.Name + " updated"`
			`objType := "key"`
fix(be): delete global Mysql variable and add interface Store for dialect-independent communication with database. 2020-12-01 20:06:49 +01:00
refactor(be): return models to db package 2020-12-04 23:41:26 +01:00			`_, err := helpers.Store(r).CreateEvent(db.Event{`
feat(be): add user id to activity log 2021-08-20 08:28:50 +02:00			`UserID: &user.ID,`
mux != Koa, undo refactor before it gets worse 2019-07-09 18:11:01 +02:00			`ProjectID: oldKey.ProjectID,`
			`Description: &desc,`
			`ObjectID: &oldKey.ID,`
			`ObjectType: &objType,`
fix(be): delete global Mysql variable and add interface Store for dialect-independent communication with database. 2020-12-01 20:06:49 +01:00			`})`

			`if err != nil {`
			`log.Error(err)`
			`return`
mux != Koa, undo refactor before it gets worse 2019-07-09 18:11:01 +02:00			`}`

			`w.WriteHeader(http.StatusNoContent)`
Project ui, ws - [wip] ws support 2016-04-02 14:40:07 +02:00			`}`

add gometalinter to tools and run it in circle. extract some error checking and logging in places where linting needed or errors not checked 2018-03-27 22:12:47 +02:00			`// RemoveKey deletes a key from the database`
mux != Koa, undo refactor before it gets worse 2019-07-09 18:11:01 +02:00			`func RemoveKey(w http.ResponseWriter, r *http.Request) {`
refactor(be): return models to db package 2020-12-04 23:41:26 +01:00			`key := context.Get(r, "accessKey").(db.AccessKey)`
mux != Koa, undo refactor before it gets worse 2019-07-09 18:11:01 +02:00
refactor(be): migrate key to Store 2020-12-08 08:23:33 +01:00			`var err error`
mux != Koa, undo refactor before it gets worse 2019-07-09 18:11:01 +02:00
fix(be): remove boltdb user 2021-05-16 23:44:42 +02:00			`softDeletion := r.URL.Query().Get("setRemoved") == "1"`
mux != Koa, undo refactor before it gets worse 2019-07-09 18:11:01 +02:00
refactor(be): migrate key to Store 2020-12-08 08:23:33 +01:00			`if softDeletion {`
			`err = helpers.Store(r).DeleteAccessKeySoft(*key.ProjectID, key.ID)`
			`} else {`
			`err = helpers.Store(r).DeleteAccessKey(*key.ProjectID, key.ID)`
			`if err == db.ErrInvalidOperation {`
refactor(be): template and environment endpoints use Store Rename util to helpers Bind returns bool instead of error 2020-12-03 14:51:15 +01:00			`helpers.WriteJSON(w, http.StatusBadRequest, map[string]interface{}{`
refactor(be): migrate key to Store 2020-12-08 08:23:33 +01:00			`"error": "Inventory is in use by one or more templates",`
mux != Koa, undo refactor before it gets worse 2019-07-09 18:11:01 +02:00			`"inUse": true,`
			`})`
Improved UI - Fixes #94 - Fixes admin permissions (needed to manipulate users) 2016-06-17 22:16:46 +02:00			`return`
			`}`
mux != Koa, undo refactor before it gets worse 2019-07-09 18:11:01 +02:00			`}`

refactor(be): migrate key to Store 2020-12-08 08:23:33 +01:00			`if err != nil {`
			`helpers.WriteError(w, err)`
			`return`
mux != Koa, undo refactor before it gets worse 2019-07-09 18:11:01 +02:00			`}`

feat(be): add user id to activity log 2021-08-20 08:28:50 +02:00			`user := context.Get(r, "user").(*db.User)`

mux != Koa, undo refactor before it gets worse 2019-07-09 18:11:01 +02:00			`desc := "Access Key " + key.Name + " deleted"`
fix(be): delete global Mysql variable and add interface Store for dialect-independent communication with database. 2020-12-01 20:06:49 +01:00
refactor(be): return models to db package 2020-12-04 23:41:26 +01:00			`_, err = helpers.Store(r).CreateEvent(db.Event{`
feat(be): add user id to activity log 2021-08-20 08:28:50 +02:00			`UserID: &user.ID,`
mux != Koa, undo refactor before it gets worse 2019-07-09 18:11:01 +02:00			`ProjectID: key.ProjectID,`
			`Description: &desc,`
fix(be): delete global Mysql variable and add interface Store for dialect-independent communication with database. 2020-12-01 20:06:49 +01:00			`})`

			`if err != nil {`
			`log.Error(err)`
mux != Koa, undo refactor before it gets worse 2019-07-09 18:11:01 +02:00			`}`

			`w.WriteHeader(http.StatusNoContent)`
Project ui, ws - [wip] ws support 2016-04-02 14:40:07 +02:00			`}`