Semaphore/api/user.go

package api

import (
	"crypto/rand"
	"encoding/base64"
	"io"
	"strings"
	"time"

	database "github.com/ansible-semaphore/semaphore/db"
	"github.com/ansible-semaphore/semaphore/models"
	"github.com/gin-gonic/gin"
)

func getUser(w http.ResponseWriter, r *http.Request) {
	if u, exists := c.Get("_user"); exists {
		c.JSON(200, u)
		return
	}

	c.JSON(200, c.MustGet("user"))
}

func getAPITokens(w http.ResponseWriter, r *http.Request) {
	user := c.MustGet("user").(*models.User)

	var tokens []models.APIToken
	if _, err := database.Mysql.Select(&tokens, "select * from user__token where user_id=?", user.ID); err != nil {
		panic(err)
	}

	c.JSON(200, tokens)
}

func createAPIToken(w http.ResponseWriter, r *http.Request) {
	user := c.MustGet("user").(*models.User)
	tokenID := make([]byte, 32)
	if _, err := io.ReadFull(rand.Reader, tokenID); err != nil {
		panic(err)
	}

	token := models.APIToken{
		ID:      strings.ToLower(base64.URLEncoding.EncodeToString(tokenID)),
		Created: time.Now(),
		UserID:  user.ID,
		Expired: false,
	}

	if err := database.Mysql.Insert(&token); err != nil {
		panic(err)
	}

	c.JSON(201, token)
}

func expireAPIToken(w http.ResponseWriter, r *http.Request) {
	user := c.MustGet("user").(*models.User)

	tokenID := c.Param("token_id")
	res, err := database.Mysql.Exec("update user__token set expired=1 where id=? and user_id=?", tokenID, user.ID)
	if err != nil {
		panic(err)
	}

	affected, err := res.RowsAffected()
	if err != nil {
		panic(err)
	}

	if affected == 0 {
		w.WriteHeader(http.StatusBadRequest)
		return
	}

	w.WriteHeader(http.StatusNoContent)
}
refactoring 2016-05-24 11:55:48 +02:00			`package api`
API Tokens, Documentation - API Tokens - More documentation - Update API 2016-04-09 21:09:57 +02:00
			`import (`
			`"crypto/rand"`
			`"encoding/base64"`
			`"io"`
			`"strings"`
			`"time"`

refactoring 2016-05-24 11:55:48 +02:00			`database "github.com/ansible-semaphore/semaphore/db"`
API Tokens, Documentation - API Tokens - More documentation - Update API 2016-04-09 21:09:57 +02:00			`"github.com/ansible-semaphore/semaphore/models"`
			`"github.com/gin-gonic/gin"`
			`)`

begin refactor gin -> net/http 2017-02-22 23:17:36 +01:00			`func getUser(w http.ResponseWriter, r *http.Request) {`
Improve setup, upgrade, new API - Improve upgrade process (fixes #106) - Improve upgrade UI - Delete Users API - Get user API - User update API - Security improvement (does not spill secret over api) - Improve setup (fixes #100) 2016-05-23 21:29:38 +02:00			`if u, exists := c.Get("_user"); exists {`
			`c.JSON(200, u)`
			`return`
			`}`

API Tokens, Documentation - API Tokens - More documentation - Update API 2016-04-09 21:09:57 +02:00			`c.JSON(200, c.MustGet("user"))`
			`}`

begin refactor gin -> net/http 2017-02-22 23:17:36 +01:00			`func getAPITokens(w http.ResponseWriter, r *http.Request) {`
API Tokens, Documentation - API Tokens - More documentation - Update API 2016-04-09 21:09:57 +02:00			`user := c.MustGet("user").(*models.User)`

			`var tokens []models.APIToken`
			`if _, err := database.Mysql.Select(&tokens, "select * from user__token where user_id=?", user.ID); err != nil {`
			`panic(err)`
			`}`

			`c.JSON(200, tokens)`
			`}`

begin refactor gin -> net/http 2017-02-22 23:17:36 +01:00			`func createAPIToken(w http.ResponseWriter, r *http.Request) {`
API Tokens, Documentation - API Tokens - More documentation - Update API 2016-04-09 21:09:57 +02:00			`user := c.MustGet("user").(*models.User)`
			`tokenID := make([]byte, 32)`
			`if _, err := io.ReadFull(rand.Reader, tokenID); err != nil {`
			`panic(err)`
			`}`

			`token := models.APIToken{`
			`ID: strings.ToLower(base64.URLEncoding.EncodeToString(tokenID)),`
			`Created: time.Now(),`
			`UserID: user.ID,`
			`Expired: false,`
			`}`

			`if err := database.Mysql.Insert(&token); err != nil {`
			`panic(err)`
			`}`

			`c.JSON(201, token)`
			`}`

begin refactor gin -> net/http 2017-02-22 23:17:36 +01:00			`func expireAPIToken(w http.ResponseWriter, r *http.Request) {`
API Tokens, Documentation - API Tokens - More documentation - Update API 2016-04-09 21:09:57 +02:00			`user := c.MustGet("user").(*models.User)`

			`tokenID := c.Param("token_id")`
			`res, err := database.Mysql.Exec("update user__token set expired=1 where id=? and user_id=?", tokenID, user.ID)`
			`if err != nil {`
			`panic(err)`
			`}`

			`affected, err := res.RowsAffected()`
			`if err != nil {`
			`panic(err)`
			`}`

🎉 remove redis dependency - Remove mandrill - Remove redis - Sessions & more transparency into who's logged into your user - Session is stored in cookies (map of two integers.) - Encrypted sessions, configurable keys (auto-generated) 2016-04-30 14:28:47 +02:00			`if affected == 0 {`
begin refactor gin -> net/http 2017-02-22 23:17:36 +01:00			`w.WriteHeader(http.StatusBadRequest)`
🎉 remove redis dependency - Remove mandrill - Remove redis - Sessions & more transparency into who's logged into your user - Session is stored in cookies (map of two integers.) - Encrypted sessions, configurable keys (auto-generated) 2016-04-30 14:28:47 +02:00			`return`
API Tokens, Documentation - API Tokens - More documentation - Update API 2016-04-09 21:09:57 +02:00			`}`

begin refactor gin -> net/http 2017-02-22 23:17:36 +01:00			`w.WriteHeader(http.StatusNoContent)`
API Tokens, Documentation - API Tokens - More documentation - Update API 2016-04-09 21:09:57 +02:00			`}`