2016-05-24 11:55:48 +02:00
|
|
|
package api
|
2016-04-09 21:09:57 +02:00
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"crypto/rand"
|
|
|
|
|
"encoding/base64"
|
|
|
|
|
"io"
|
2017-02-23 00:21:49 +01:00
|
|
|
"net/http"
|
2016-04-09 21:09:57 +02:00
|
|
|
"strings"
|
|
|
|
|
"time"
|
|
|
|
|
|
2017-02-23 06:12:16 +01:00
|
|
|
"github.com/ansible-semaphore/semaphore/db"
|
2017-02-23 00:21:49 +01:00
|
|
|
"github.com/castawaylabs/mulekick"
|
|
|
|
|
"github.com/gorilla/context"
|
|
|
|
|
"github.com/gorilla/mux"
|
2016-04-09 21:09:57 +02:00
|
|
|
)
|
|
|
|
|
|
2017-02-22 23:17:36 +01:00
|
|
|
func getUser(w http.ResponseWriter, r *http.Request) {
|
2017-02-22 23:21:52 +01:00
|
|
|
if u, exists := context.GetOk(r, "_user"); exists {
|
2017-02-23 00:21:49 +01:00
|
|
|
mulekick.WriteJSON(w, http.StatusOK, u)
|
2016-05-23 21:29:38 +02:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2017-02-23 00:21:49 +01:00
|
|
|
mulekick.WriteJSON(w, http.StatusOK, context.Get(r, "user"))
|
2016-04-09 21:09:57 +02:00
|
|
|
}
|
|
|
|
|
|
2017-02-22 23:17:36 +01:00
|
|
|
func getAPITokens(w http.ResponseWriter, r *http.Request) {
|
2017-02-23 06:12:16 +01:00
|
|
|
user := context.Get(r, "user").(*db.User)
|
2016-04-09 21:09:57 +02:00
|
|
|
|
2017-02-23 06:12:16 +01:00
|
|
|
var tokens []db.APIToken
|
|
|
|
|
if _, err := db.Mysql.Select(&tokens, "select * from user__token where user_id=?", user.ID); err != nil {
|
2016-04-09 21:09:57 +02:00
|
|
|
panic(err)
|
|
|
|
|
}
|
|
|
|
|
|
2017-02-23 00:21:49 +01:00
|
|
|
mulekick.WriteJSON(w, http.StatusOK, tokens)
|
2016-04-09 21:09:57 +02:00
|
|
|
}
|
|
|
|
|
|
2017-02-22 23:17:36 +01:00
|
|
|
func createAPIToken(w http.ResponseWriter, r *http.Request) {
|
2017-02-23 06:12:16 +01:00
|
|
|
user := context.Get(r, "user").(*db.User)
|
2016-04-09 21:09:57 +02:00
|
|
|
tokenID := make([]byte, 32)
|
|
|
|
|
if _, err := io.ReadFull(rand.Reader, tokenID); err != nil {
|
|
|
|
|
panic(err)
|
|
|
|
|
}
|
|
|
|
|
|
2017-02-23 06:12:16 +01:00
|
|
|
token := db.APIToken{
|
2016-04-09 21:09:57 +02:00
|
|
|
ID: strings.ToLower(base64.URLEncoding.EncodeToString(tokenID)),
|
|
|
|
|
Created: time.Now(),
|
|
|
|
|
UserID: user.ID,
|
|
|
|
|
Expired: false,
|
|
|
|
|
}
|
|
|
|
|
|
2017-02-23 06:12:16 +01:00
|
|
|
if err := db.Mysql.Insert(&token); err != nil {
|
2016-04-09 21:09:57 +02:00
|
|
|
panic(err)
|
|
|
|
|
}
|
|
|
|
|
|
2017-02-23 00:21:49 +01:00
|
|
|
mulekick.WriteJSON(w, http.StatusCreated, token)
|
2016-04-09 21:09:57 +02:00
|
|
|
}
|
|
|
|
|
|
2017-02-22 23:17:36 +01:00
|
|
|
func expireAPIToken(w http.ResponseWriter, r *http.Request) {
|
2017-02-23 06:12:16 +01:00
|
|
|
user := context.Get(r, "user").(*db.User)
|
2016-04-09 21:09:57 +02:00
|
|
|
|
2017-02-23 00:21:49 +01:00
|
|
|
tokenID := mux.Vars(r)["token_id"]
|
2017-02-23 06:12:16 +01:00
|
|
|
res, err := db.Mysql.Exec("update user__token set expired=1 where id=? and user_id=?", tokenID, user.ID)
|
2016-04-09 21:09:57 +02:00
|
|
|
if err != nil {
|
|
|
|
|
panic(err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
affected, err := res.RowsAffected()
|
|
|
|
|
if err != nil {
|
|
|
|
|
panic(err)
|
|
|
|
|
}
|
|
|
|
|
|
2016-04-30 14:28:47 +02:00
|
|
|
if affected == 0 {
|
2017-02-22 23:17:36 +01:00
|
|
|
w.WriteHeader(http.StatusBadRequest)
|
2016-04-30 14:28:47 +02:00
|
|
|
return
|
2016-04-09 21:09:57 +02:00
|
|
|
}
|
|
|
|
|
|
2017-02-22 23:17:36 +01:00
|
|
|
w.WriteHeader(http.StatusNoContent)
|
2016-04-09 21:09:57 +02:00
|
|
|
}
|
