Semaphore/api/projects/keys.go

package projects

import (
	"database/sql"

	database "github.com/ansible-semaphore/semaphore/db"
	"github.com/ansible-semaphore/semaphore/models"
	"github.com/ansible-semaphore/semaphore/util"
	"github.com/gin-gonic/gin"
	"github.com/masterminds/squirrel"
)

func KeyMiddleware(w http.ResponseWriter, r *http.Request) {
	project := c.MustGet("project").(models.Project)
	keyID, err := util.GetIntParam("key_id", c)
	if err != nil {
		return
	}

	var key models.AccessKey
	if err := database.Mysql.SelectOne(&key, "select * from access_key where project_id=? and id=?", project.ID, keyID); err != nil {
		if err == sql.ErrNoRows {
			w.WriteHeader(http.StatusNotFound)
			return
		}

		panic(err)
	}

	c.Set("accessKey", key)
	c.Next()
}

func GetKeys(w http.ResponseWriter, r *http.Request) {
	project := c.MustGet("project").(models.Project)
	var keys []models.AccessKey

	q := squirrel.Select("id, name, type, project_id, `key`, removed").
		From("access_key").
		Where("project_id=?", project.ID)

	if len(c.Query("type")) > 0 {
		q = q.Where("type=?", c.Query("type"))
	}

	query, args, _ := q.ToSql()
	if _, err := database.Mysql.Select(&keys, query, args...); err != nil {
		panic(err)
	}

	c.JSON(200, keys)
}

func AddKey(w http.ResponseWriter, r *http.Request) {
	project := c.MustGet("project").(models.Project)
	var key models.AccessKey

	if err := c.Bind(&key); err != nil {
		return
	}

	switch key.Type {
	case "aws", "gcloud", "do":
		break
	case "ssh":
		if key.Secret == nil || len(*key.Secret) == 0 {
			c.JSON(400, map[string]string{
				"error": "SSH Secret empty",
			})
			return
		}
	default:
		c.JSON(400, map[string]string{
			"error": "Invalid key type",
		})
		return
	}

	secret := *key.Secret + "\n"

	res, err := database.Mysql.Exec("insert into access_key set name=?, type=?, project_id=?, `key`=?, secret=?", key.Name, key.Type, project.ID, key.Key, secret)
	if err != nil {
		panic(err)
	}

	insertID, _ := res.LastInsertId()
	insertIDInt := int(insertID)
	objType := "key"

	desc := "Access Key " + key.Name + " created"
	if err := (models.Event{
		ProjectID:   &project.ID,
		ObjectType:  &objType,
		ObjectID:    &insertIDInt,
		Description: &desc,
	}.Insert()); err != nil {
		panic(err)
	}

	w.WriteHeader(http.StatusNoContent)
}

func UpdateKey(w http.ResponseWriter, r *http.Request) {
	var key models.AccessKey
	oldKey := c.MustGet("accessKey").(models.AccessKey)

	if err := c.Bind(&key); err != nil {
		return
	}

	switch key.Type {
	case "aws", "gcloud", "do":
		break
	case "ssh":
		if key.Secret == nil || len(*key.Secret) == 0 {
			c.JSON(400, map[string]string{
				"error": "SSH Secret empty",
			})
			return
		}
	default:
		c.JSON(400, map[string]string{
			"error": "Invalid key type",
		})
		return
	}

	if key.Secret == nil || len(*key.Secret) == 0 {
		// override secret
		key.Secret = oldKey.Secret
	} else {
		secret := *key.Secret + "\n"
		key.Secret = &secret
	}

	if _, err := database.Mysql.Exec("update access_key set name=?, type=?, `key`=?, secret=? where id=?", key.Name, key.Type, key.Key, key.Secret, oldKey.ID); err != nil {
		panic(err)
	}

	desc := "Access Key " + key.Name + " updated"
	objType := "key"
	if err := (models.Event{
		ProjectID:   oldKey.ProjectID,
		Description: &desc,
		ObjectID:    &oldKey.ID,
		ObjectType:  &objType,
	}.Insert()); err != nil {
		panic(err)
	}

	w.WriteHeader(http.StatusNoContent)
}

func RemoveKey(w http.ResponseWriter, r *http.Request) {
	key := c.MustGet("accessKey").(models.AccessKey)

	templatesC, err := database.Mysql.SelectInt("select count(1) from project__template where project_id=? and ssh_key_id=?", *key.ProjectID, key.ID)
	if err != nil {
		panic(err)
	}

	inventoryC, err := database.Mysql.SelectInt("select count(1) from project__inventory where project_id=? and ssh_key_id=?", *key.ProjectID, key.ID)
	if err != nil {
		panic(err)
	}

	if templatesC > 0 || inventoryC > 0 {
		if len(c.Query("setRemoved")) == 0 {
			c.JSON(400, map[string]interface{}{
				"error": "Key is in use by one or more templates / inventory",
				"inUse": true,
			})

			return
		}

		if _, err := database.Mysql.Exec("update access_key set removed=1 where id=?", key.ID); err != nil {
			panic(err)
		}

		w.WriteHeader(http.StatusNoContent)
		return
	}

	if _, err := database.Mysql.Exec("delete from access_key where id=?", key.ID); err != nil {
		panic(err)
	}

	desc := "Access Key " + key.Name + " deleted"
	if err := (models.Event{
		ProjectID:   key.ProjectID,
		Description: &desc,
	}.Insert()); err != nil {
		panic(err)
	}

	w.WriteHeader(http.StatusNoContent)
}
Project ui, ws - [wip] ws support 2016-04-02 14:40:07 +02:00			`package projects`

access key ui & api 2016-04-04 01:10:12 +02:00			`import (`
API Tokens, Documentation - API Tokens - More documentation - Update API 2016-04-09 21:09:57 +02:00			`"database/sql"`

refactoring 2016-05-24 11:55:48 +02:00			`database "github.com/ansible-semaphore/semaphore/db"`
access key ui & api 2016-04-04 01:10:12 +02:00			`"github.com/ansible-semaphore/semaphore/models"`
			`"github.com/ansible-semaphore/semaphore/util"`
			`"github.com/gin-gonic/gin"`
			`"github.com/masterminds/squirrel"`
			`)`
Project ui, ws - [wip] ws support 2016-04-02 14:40:07 +02:00
begin refactor gin -> net/http 2017-02-22 23:17:36 +01:00			`func KeyMiddleware(w http.ResponseWriter, r *http.Request) {`
API Tokens, Documentation - API Tokens - More documentation - Update API 2016-04-09 21:09:57 +02:00			`project := c.MustGet("project").(models.Project)`
			`keyID, err := util.GetIntParam("key_id", c)`
			`if err != nil {`
			`return`
			`}`

			`var key models.AccessKey`
			`if err := database.Mysql.SelectOne(&key, "select * from access_key where project_id=? and id=?", project.ID, keyID); err != nil {`
			`if err == sql.ErrNoRows {`
begin refactor gin -> net/http 2017-02-22 23:17:36 +01:00			`w.WriteHeader(http.StatusNotFound)`
API Tokens, Documentation - API Tokens - More documentation - Update API 2016-04-09 21:09:57 +02:00			`return`
			`}`

			`panic(err)`
			`}`

			`c.Set("accessKey", key)`
beginning to running tasks 2016-04-04 15:44:34 +02:00			`c.Next()`
			`}`

begin refactor gin -> net/http 2017-02-22 23:17:36 +01:00			`func GetKeys(w http.ResponseWriter, r *http.Request) {`
access key ui & api 2016-04-04 01:10:12 +02:00			`project := c.MustGet("project").(models.Project)`
			`var keys []models.AccessKey`

Improved UI - Fixes #94 - Fixes admin permissions (needed to manipulate users) 2016-06-17 22:16:46 +02:00			q := squirrel.Select("id, name, type, project_id, `key`, removed").
access key ui & api 2016-04-04 01:10:12 +02:00			`From("access_key").`
beginning to running tasks 2016-04-04 15:44:34 +02:00			`Where("project_id=?", project.ID)`

			`if len(c.Query("type")) > 0 {`
			`q = q.Where("type=?", c.Query("type"))`
			`}`

			`query, args, _ := q.ToSql()`
access key ui & api 2016-04-04 01:10:12 +02:00			`if _, err := database.Mysql.Select(&keys, query, args...); err != nil {`
			`panic(err)`
			`}`

			`c.JSON(200, keys)`
Project ui, ws - [wip] ws support 2016-04-02 14:40:07 +02:00			`}`

begin refactor gin -> net/http 2017-02-22 23:17:36 +01:00			`func AddKey(w http.ResponseWriter, r *http.Request) {`
access key ui & api 2016-04-04 01:10:12 +02:00			`project := c.MustGet("project").(models.Project)`
			`var key models.AccessKey`

			`if err := c.Bind(&key); err != nil {`
			`return`
			`}`

			`switch key.Type {`
Improved UI - Fixes #94 - Fixes admin permissions (needed to manipulate users) 2016-06-17 22:16:46 +02:00			`case "aws", "gcloud", "do":`
access key ui & api 2016-04-04 01:10:12 +02:00			`break`
Improved UI - Fixes #94 - Fixes admin permissions (needed to manipulate users) 2016-06-17 22:16:46 +02:00			`case "ssh":`
			`if key.Secret == nil \|\| len(*key.Secret) == 0 {`
			`c.JSON(400, map[string]string{`
			`"error": "SSH Secret empty",`
			`})`
			`return`
			`}`
access key ui & api 2016-04-04 01:10:12 +02:00			`default:`
Improved UI - Fixes #94 - Fixes admin permissions (needed to manipulate users) 2016-06-17 22:16:46 +02:00			`c.JSON(400, map[string]string{`
			`"error": "Invalid key type",`
			`})`
access key ui & api 2016-04-04 01:10:12 +02:00			`return`
			`}`

fix #183 2016-12-21 09:56:38 +01:00			`secret := *key.Secret + "\n"`

			res, err := database.Mysql.Exec("insert into access_key set name=?, type=?, project_id=?, `key`=?, secret=?", key.Name, key.Type, project.ID, key.Key, secret)
Route output of tasks to correct users 2016-04-17 12:41:36 +02:00			`if err != nil {`
			`panic(err)`
			`}`

			`insertID, _ := res.LastInsertId()`
			`insertIDInt := int(insertID)`
			`objType := "key"`

			`desc := "Access Key " + key.Name + " created"`
			`if err := (models.Event{`
			`ProjectID: &project.ID,`
			`ObjectType: &objType,`
			`ObjectID: &insertIDInt,`
			`Description: &desc,`
			`}.Insert()); err != nil {`
access key ui & api 2016-04-04 01:10:12 +02:00			`panic(err)`
			`}`

begin refactor gin -> net/http 2017-02-22 23:17:36 +01:00			`w.WriteHeader(http.StatusNoContent)`
access key ui & api 2016-04-04 01:10:12 +02:00			`}`

begin refactor gin -> net/http 2017-02-22 23:17:36 +01:00			`func UpdateKey(w http.ResponseWriter, r *http.Request) {`
API Tokens, Documentation - API Tokens - More documentation - Update API 2016-04-09 21:09:57 +02:00			`var key models.AccessKey`
			`oldKey := c.MustGet("accessKey").(models.AccessKey)`

			`if err := c.Bind(&key); err != nil {`
			`return`
			`}`

			`switch key.Type {`
Improved UI - Fixes #94 - Fixes admin permissions (needed to manipulate users) 2016-06-17 22:16:46 +02:00			`case "aws", "gcloud", "do":`
API Tokens, Documentation - API Tokens - More documentation - Update API 2016-04-09 21:09:57 +02:00			`break`
Improved UI - Fixes #94 - Fixes admin permissions (needed to manipulate users) 2016-06-17 22:16:46 +02:00			`case "ssh":`
			`if key.Secret == nil \|\| len(*key.Secret) == 0 {`
			`c.JSON(400, map[string]string{`
			`"error": "SSH Secret empty",`
			`})`
			`return`
			`}`
API Tokens, Documentation - API Tokens - More documentation - Update API 2016-04-09 21:09:57 +02:00			`default:`
Improved UI - Fixes #94 - Fixes admin permissions (needed to manipulate users) 2016-06-17 22:16:46 +02:00			`c.JSON(400, map[string]string{`
			`"error": "Invalid key type",`
			`})`
API Tokens, Documentation - API Tokens - More documentation - Update API 2016-04-09 21:09:57 +02:00			`return`
			`}`

Improved UI - Fixes #94 - Fixes admin permissions (needed to manipulate users) 2016-06-17 22:16:46 +02:00			`if key.Secret == nil \|\| len(*key.Secret) == 0 {`
			`// override secret`
			`key.Secret = oldKey.Secret`
fix #183 2016-12-21 09:56:38 +01:00			`} else {`
			`secret := *key.Secret + "\n"`
			`key.Secret = &secret`
Improved UI - Fixes #94 - Fixes admin permissions (needed to manipulate users) 2016-06-17 22:16:46 +02:00			`}`

			if _, err := database.Mysql.Exec("update access_key set name=?, type=?, `key`=?, secret=? where id=?", key.Name, key.Type, key.Key, key.Secret, oldKey.ID); err != nil {
API Tokens, Documentation - API Tokens - More documentation - Update API 2016-04-09 21:09:57 +02:00			`panic(err)`
			`}`

Route output of tasks to correct users 2016-04-17 12:41:36 +02:00			`desc := "Access Key " + key.Name + " updated"`
			`objType := "key"`
			`if err := (models.Event{`
			`ProjectID: oldKey.ProjectID,`
			`Description: &desc,`
			`ObjectID: &oldKey.ID,`
			`ObjectType: &objType,`
			`}.Insert()); err != nil {`
			`panic(err)`
			`}`

begin refactor gin -> net/http 2017-02-22 23:17:36 +01:00			`w.WriteHeader(http.StatusNoContent)`
Project ui, ws - [wip] ws support 2016-04-02 14:40:07 +02:00			`}`

begin refactor gin -> net/http 2017-02-22 23:17:36 +01:00			`func RemoveKey(w http.ResponseWriter, r *http.Request) {`
API Tokens, Documentation - API Tokens - More documentation - Update API 2016-04-09 21:09:57 +02:00			`key := c.MustGet("accessKey").(models.AccessKey)`
access key ui & api 2016-04-04 01:10:12 +02:00
Improved UI - Fixes #94 - Fixes admin permissions (needed to manipulate users) 2016-06-17 22:16:46 +02:00			`templatesC, err := database.Mysql.SelectInt("select count(1) from project__template where project_id=? and ssh_key_id=?", *key.ProjectID, key.ID)`
			`if err != nil {`
			`panic(err)`
			`}`

			`inventoryC, err := database.Mysql.SelectInt("select count(1) from project__inventory where project_id=? and ssh_key_id=?", *key.ProjectID, key.ID)`
			`if err != nil {`
			`panic(err)`
			`}`

			`if templatesC > 0 \|\| inventoryC > 0 {`
			`if len(c.Query("setRemoved")) == 0 {`
			`c.JSON(400, map[string]interface{}{`
			`"error": "Key is in use by one or more templates / inventory",`
			`"inUse": true,`
			`})`

			`return`
			`}`

			`if _, err := database.Mysql.Exec("update access_key set removed=1 where id=?", key.ID); err != nil {`
			`panic(err)`
			`}`

begin refactor gin -> net/http 2017-02-22 23:17:36 +01:00			`w.WriteHeader(http.StatusNoContent)`
Improved UI - Fixes #94 - Fixes admin permissions (needed to manipulate users) 2016-06-17 22:16:46 +02:00			`return`
			`}`

Complete documentation 2016-04-09 21:38:14 +02:00			`if _, err := database.Mysql.Exec("delete from access_key where id=?", key.ID); err != nil {`
access key ui & api 2016-04-04 01:10:12 +02:00			`panic(err)`
			`}`

Route output of tasks to correct users 2016-04-17 12:41:36 +02:00			`desc := "Access Key " + key.Name + " deleted"`
			`if err := (models.Event{`
			`ProjectID: key.ProjectID,`
			`Description: &desc,`
			`}.Insert()); err != nil {`
			`panic(err)`
			`}`

begin refactor gin -> net/http 2017-02-22 23:17:36 +01:00			`w.WriteHeader(http.StatusNoContent)`
Project ui, ws - [wip] ws support 2016-04-02 14:40:07 +02:00			`}`