2016-04-02 14:40:07 +02:00
package projects
2016-04-04 15:44:34 +02:00
import (
2016-04-13 18:09:44 +02:00
"database/sql"
2017-02-23 00:21:49 +01:00
"net/http"
2016-04-13 18:09:44 +02:00
2019-07-09 18:14:06 +02:00
"os"
"path/filepath"
"strings"
2017-02-23 06:12:16 +01:00
"github.com/ansible-semaphore/semaphore/db"
2019-07-09 18:14:06 +02:00
"github.com/ansible-semaphore/semaphore/util"
2017-02-23 00:21:49 +01:00
"github.com/gorilla/context"
2016-04-04 15:44:34 +02:00
"github.com/masterminds/squirrel"
)
2016-04-02 14:40:07 +02:00
2018-03-27 22:12:47 +02:00
const (
2019-07-09 18:14:06 +02:00
asc = "asc"
2018-03-27 22:12:47 +02:00
desc = "desc"
)
// InventoryMiddleware ensures an inventory exists and loads it to the context
2019-07-09 18:14:06 +02:00
func InventoryMiddleware ( next http . Handler ) http . Handler {
return http . HandlerFunc ( func ( w http . ResponseWriter , r * http . Request ) {
project := context . Get ( r , "project" ) . ( db . Project )
inventoryID , err := util . GetIntParam ( "inventory_id" , w , r )
if err != nil {
2019-07-09 18:11:01 +02:00
return
2019-07-09 14:56:03 +02:00
}
2019-07-09 18:14:06 +02:00
query , args , err := squirrel . Select ( "*" ) .
From ( "project__inventory" ) .
Where ( "project_id=?" , project . ID ) .
Where ( "id=?" , inventoryID ) .
ToSql ( )
util . LogWarning ( err )
var inventory db . Inventory
if err := db . Mysql . SelectOne ( & inventory , query , args ... ) ; err != nil {
if err == sql . ErrNoRows {
w . WriteHeader ( http . StatusNotFound )
return
}
panic ( err )
}
2019-07-09 14:56:03 +02:00
2019-07-09 18:14:06 +02:00
context . Set ( r , "inventory" , inventory )
next . ServeHTTP ( w , r )
} )
2016-04-02 14:40:07 +02:00
}
2018-03-27 22:12:47 +02:00
// GetInventory returns an inventory from the database
2019-07-09 18:11:01 +02:00
func GetInventory ( w http . ResponseWriter , r * http . Request ) {
project := context . Get ( r , "project" ) . ( db . Project )
var inv [ ] db . Inventory
2016-04-04 15:44:34 +02:00
2019-07-09 18:11:01 +02:00
sort := r . URL . Query ( ) . Get ( "sort" )
order := r . URL . Query ( ) . Get ( "order" )
2017-03-16 15:55:50 +01:00
2019-07-09 18:11:01 +02:00
if order != asc && order != desc {
order = asc
}
2017-03-16 15:55:50 +01:00
2019-07-09 18:11:01 +02:00
q := squirrel . Select ( "*" ) .
2019-07-09 18:14:06 +02:00
From ( "project__inventory pi" )
2017-03-16 15:55:50 +01:00
2019-07-09 18:11:01 +02:00
switch sort {
case "name" , "type" :
q = q . Where ( "pi.project_id=?" , project . ID ) .
OrderBy ( "pi." + sort + " " + order )
default :
q = q . Where ( "pi.project_id=?" , project . ID ) .
2019-07-09 18:14:06 +02:00
OrderBy ( "pi.name " + order )
2019-07-09 18:11:01 +02:00
}
2017-03-16 15:55:50 +01:00
2019-07-09 18:11:01 +02:00
query , args , err := q . ToSql ( )
util . LogWarning ( err )
2016-04-04 15:44:34 +02:00
2019-07-09 18:11:01 +02:00
if _ , err := db . Mysql . Select ( & inv , query , args ... ) ; err != nil {
panic ( err )
}
2016-04-04 15:44:34 +02:00
2019-07-09 19:45:27 +02:00
util . WriteJSON ( w , http . StatusOK , inv )
2016-04-04 15:44:34 +02:00
}
2018-03-27 22:12:47 +02:00
// AddInventory creates an inventory in the database
2019-07-09 18:11:01 +02:00
func AddInventory ( w http . ResponseWriter , r * http . Request ) {
project := context . Get ( r , "project" ) . ( db . Project )
var inventory struct {
Name string ` json:"name" binding:"required" `
KeyID * int ` json:"key_id" `
SSHKeyID int ` json:"ssh_key_id" `
Type string ` json:"type" `
Inventory string ` json:"inventory" `
}
2016-04-04 15:44:34 +02:00
2019-07-09 19:45:27 +02:00
if err := util . Bind ( w , r , & inventory ) ; err != nil {
2019-07-09 18:11:01 +02:00
return
}
2016-04-04 15:44:34 +02:00
2019-07-09 18:11:01 +02:00
switch inventory . Type {
case "static" , "file" :
break
default :
w . WriteHeader ( http . StatusBadRequest )
return
}
2016-04-17 02:20:23 +02:00
2019-07-09 18:11:01 +02:00
res , err := db . Mysql . Exec ( "insert into project__inventory set project_id=?, name=?, type=?, key_id=?, ssh_key_id=?, inventory=?" , project . ID , inventory . Name , inventory . Type , inventory . KeyID , inventory . SSHKeyID , inventory . Inventory )
if err != nil {
panic ( err )
}
2016-04-04 15:44:34 +02:00
2019-07-09 18:11:01 +02:00
insertID , err := res . LastInsertId ( )
util . LogWarning ( err )
insertIDInt := int ( insertID )
objType := "inventory"
desc := "Inventory " + inventory . Name + " created"
if err := ( db . Event {
ProjectID : & project . ID ,
ObjectType : & objType ,
ObjectID : & insertIDInt ,
Description : & desc ,
} . Insert ( ) ) ; err != nil {
panic ( err )
}
2019-07-09 14:56:03 +02:00
2019-07-09 18:11:01 +02:00
inv := db . Inventory {
ID : insertIDInt ,
Name : inventory . Name ,
ProjectID : project . ID ,
Inventory : inventory . Inventory ,
KeyID : inventory . KeyID ,
SSHKeyID : & inventory . SSHKeyID ,
Type : inventory . Type ,
}
2017-03-10 15:56:23 +01:00
2019-07-09 19:45:27 +02:00
util . WriteJSON ( w , http . StatusCreated , inv )
2016-04-04 15:44:34 +02:00
}
2018-03-27 22:12:47 +02:00
// IsValidInventoryPath tests a path to ensure it is below the cwd
2018-03-08 12:37:38 +01:00
func IsValidInventoryPath ( path string ) bool {
2018-03-27 22:12:47 +02:00
currentPath , err := os . Getwd ( )
if err != nil {
2018-03-08 10:04:34 +01:00
return false
2018-03-27 22:12:47 +02:00
}
absPath , err := filepath . Abs ( path )
if err != nil {
2018-03-08 10:04:34 +01:00
return false
2018-03-27 22:12:47 +02:00
}
relPath , err := filepath . Rel ( currentPath , absPath )
if err != nil {
2018-03-08 10:04:34 +01:00
return false
}
2018-03-27 22:12:47 +02:00
return ! strings . HasPrefix ( relPath , ".." )
2018-03-08 10:04:34 +01:00
}
2018-03-27 22:12:47 +02:00
// UpdateInventory writes updated values to an existing inventory item in the database
2019-07-09 18:11:01 +02:00
func UpdateInventory ( w http . ResponseWriter , r * http . Request ) {
oldInventory := context . Get ( r , "inventory" ) . ( db . Inventory )
var inventory struct {
Name string ` json:"name" binding:"required" `
KeyID * int ` json:"key_id" `
SSHKeyID int ` json:"ssh_key_id" `
Type string ` json:"type" `
Inventory string ` json:"inventory" `
}
2016-04-16 21:42:57 +02:00
2019-07-09 19:45:27 +02:00
if err := util . Bind ( w , r , & inventory ) ; err != nil {
2019-07-09 18:11:01 +02:00
return
}
2016-04-16 21:42:57 +02:00
2019-07-09 18:11:01 +02:00
switch inventory . Type {
case "static" :
break
case "file" :
if ! IsValidInventoryPath ( inventory . Inventory ) {
panic ( "Invalid inventory path" )
2019-07-09 14:56:03 +02:00
}
2019-07-09 18:11:01 +02:00
default :
w . WriteHeader ( http . StatusBadRequest )
return
}
2016-04-16 21:42:57 +02:00
2019-07-09 18:11:01 +02:00
if _ , err := db . Mysql . Exec ( "update project__inventory set name=?, type=?, key_id=?, ssh_key_id=?, inventory=? where id=?" , inventory . Name , inventory . Type , inventory . KeyID , inventory . SSHKeyID , inventory . Inventory , oldInventory . ID ) ; err != nil {
panic ( err )
}
2016-04-17 02:20:23 +02:00
2019-07-09 18:11:01 +02:00
desc := "Inventory " + inventory . Name + " updated"
objType := "inventory"
if err := ( db . Event {
ProjectID : & oldInventory . ProjectID ,
Description : & desc ,
ObjectID : & oldInventory . ID ,
ObjectType : & objType ,
} . Insert ( ) ) ; err != nil {
panic ( err )
}
2019-07-09 14:56:03 +02:00
2019-07-09 18:11:01 +02:00
w . WriteHeader ( http . StatusNoContent )
2016-04-02 14:40:07 +02:00
}
2018-03-27 22:12:47 +02:00
// RemoveInventory deletes an inventory from the database
2019-07-09 18:11:01 +02:00
func RemoveInventory ( w http . ResponseWriter , r * http . Request ) {
inventory := context . Get ( r , "inventory" ) . ( db . Inventory )
2016-04-13 18:09:44 +02:00
2019-07-09 18:11:01 +02:00
templatesC , err := db . Mysql . SelectInt ( "select count(1) from project__template where project_id=? and inventory_id=?" , inventory . ProjectID , inventory . ID )
if err != nil {
panic ( err )
}
2016-06-17 22:16:46 +02:00
2019-07-09 18:11:01 +02:00
if templatesC > 0 {
if len ( r . URL . Query ( ) . Get ( "setRemoved" ) ) == 0 {
2019-07-09 19:45:27 +02:00
util . WriteJSON ( w , http . StatusBadRequest , map [ string ] interface { } {
2019-07-09 18:11:01 +02:00
"error" : "Inventory is in use by one or more templates" ,
"inUse" : true ,
} )
2019-07-09 14:56:03 +02:00
2016-06-17 22:16:46 +02:00
return
}
2019-07-09 18:11:01 +02:00
if _ , err := db . Mysql . Exec ( "update project__inventory set removed=1 where id=?" , inventory . ID ) ; err != nil {
2019-07-09 14:56:03 +02:00
panic ( err )
}
2016-04-13 18:09:44 +02:00
2019-07-09 14:56:03 +02:00
w . WriteHeader ( http . StatusNoContent )
2019-07-09 18:11:01 +02:00
return
}
if _ , err := db . Mysql . Exec ( "delete from project__inventory where id=?" , inventory . ID ) ; err != nil {
panic ( err )
}
desc := "Inventory " + inventory . Name + " deleted"
if err := ( db . Event {
ProjectID : & inventory . ProjectID ,
Description : & desc ,
} . Insert ( ) ) ; err != nil {
panic ( err )
}
2016-04-17 02:20:23 +02:00
2019-07-09 18:11:01 +02:00
w . WriteHeader ( http . StatusNoContent )
2016-04-02 14:40:07 +02:00
}