From 31c170538e02c46499476d8e295dfccd0e4c20fe Mon Sep 17 00:00:00 2001 From: yuli Date: Mon, 3 Mar 2025 10:59:15 +0200 Subject: [PATCH] fode refactor --- src/agreements_api.go | 61 +++++++++++++++---------------- src/audit/audit.go | 29 --------------- src/audit/go.mod | 3 -- src/audit_api.go | 46 ++++++++++++++++++----- src/audit_db.go | 3 +- src/bulk_api.go | 2 +- src/bunker.go | 19 +++++----- src/captcha.go | 6 +-- src/{utils => }/checks.go | 10 ++--- src/conf.go | 3 +- src/expiration_api.go | 31 ++++++++-------- src/go.mod | 3 -- src/lbasis_api.go | 10 ++--- src/pactivities_api.go | 24 ++++++------ src/requests_api.go | 65 ++++++++++++++++----------------- src/sessions_api.go | 45 +++++++++++------------ src/sharedrecords_api.go | 19 +++++----- src/userapps_api.go | 51 +++++++++++++------------- src/userapps_db.go | 5 +-- src/users_api.go | 77 +++++++++++++++++++-------------------- src/users_db.go | 7 ++-- 21 files changed, 249 insertions(+), 270 deletions(-) delete mode 100644 src/audit/audit.go delete mode 100644 src/audit/go.mod rename src/{utils => }/checks.go (83%) diff --git a/src/agreements_api.go b/src/agreements_api.go index 0efd505..d579ace 100644 --- a/src/agreements_api.go +++ b/src/agreements_api.go @@ -7,7 +7,6 @@ import ( "reflect" "github.com/julienschmidt/httprouter" - "github.com/securitybunker/databunker/src/audit" "github.com/securitybunker/databunker/src/utils" //"go.mongodb.org/mongo-driver/bson" ) @@ -18,7 +17,7 @@ func (e mainEnv) agreementAccept(w http.ResponseWriter, r *http.Request, ps http mode := ps.ByName("mode") brief = utils.NormalizeBrief(brief) - event := audit.CreateAuditEvent("accept agreement for "+brief, identity, mode, identity) + event := CreateAuditEvent("accept agreement for "+brief, identity, mode, identity) defer func() { SaveAuditEvent(event, e.db, e.conf) }() strictCheck := true @@ -34,21 +33,21 @@ func (e mainEnv) agreementAccept(w http.ResponseWriter, r *http.Request, ps http } if utils.CheckValidBrief(brief) == false { - utils.ReturnError(w, r, "incorrect brief format", 405, nil, event) + ReturnError(w, r, "incorrect brief format", 405, nil, event) return } exists, err := e.db.checkLegalBasis(brief) if err != nil { - utils.ReturnError(w, r, "internal error", 405, err, event) + ReturnError(w, r, "internal error", 405, err, event) return } if exists == false { - utils.ReturnError(w, r, "not found", 404, nil, event) + ReturnError(w, r, "not found", 404, nil, event) return } postData, err := utils.GetJSONPostMap(r) if err != nil { - utils.ReturnError(w, r, "failed to decode request body", 405, err, event) + ReturnError(w, r, "failed to decode request body", 405, err, event) return } starttime := int32(0) @@ -110,7 +109,7 @@ func (e mainEnv) agreementWithdraw(w http.ResponseWriter, r *http.Request, ps ht mode := ps.ByName("mode") brief = utils.NormalizeBrief(brief) - event := audit.CreateAuditEvent("withdraw agreement for "+brief, identity, mode, identity) + event := CreateAuditEvent("withdraw agreement for "+brief, identity, mode, identity) defer func() { SaveAuditEvent(event, e.db, e.conf) }() strictCheck := true @@ -126,21 +125,21 @@ func (e mainEnv) agreementWithdraw(w http.ResponseWriter, r *http.Request, ps ht return } if utils.CheckValidBrief(brief) == false { - utils.ReturnError(w, r, "bad brief format", 405, nil, event) + ReturnError(w, r, "bad brief format", 405, nil, event) return } lbasis, err := e.db.getLegalBasis(brief) if err != nil { - utils.ReturnError(w, r, "internal error", 405, err, event) + ReturnError(w, r, "internal error", 405, err, event) return } if lbasis == nil { - utils.ReturnError(w, r, "not found", 405, nil, event) + ReturnError(w, r, "not found", 405, nil, event) return } postData, err := utils.GetJSONPostMap(r) if err != nil { - utils.ReturnError(w, r, "failed to decode request body", 405, err, event) + ReturnError(w, r, "failed to decode request body", 405, err, event) return } lastmodifiedby := utils.GetStringValue(postData["lastmodifiedby"]) @@ -167,7 +166,7 @@ func (e mainEnv) agreementWithdraw(w http.ResponseWriter, r *http.Request, ps ht if authResult == "login" && selfService == false { rtoken, rstatus, err := e.db.saveUserRequest("agreement-withdraw", userTOKEN, userBSON, "", brief, nil, e.conf) if err != nil { - utils.ReturnError(w, r, "internal error", 405, err, event) + ReturnError(w, r, "internal error", 405, err, event) return } w.Header().Set("Content-Type", "application/json; charset=utf-8") @@ -200,16 +199,16 @@ func (e mainEnv) agreementRevokeAll(w http.ResponseWriter, r *http.Request, ps h return } if utils.CheckValidBrief(brief) == false { - utils.ReturnError(w, r, "bad brief format", 405, nil, nil) + ReturnError(w, r, "bad brief format", 405, nil, nil) return } exists, err := e.db.checkLegalBasis(brief) if err != nil { - utils.ReturnError(w, r, "internal error", 405, nil, nil) + ReturnError(w, r, "internal error", 405, nil, nil) return } if exists == false { - utils.ReturnError(w, r, "not found", 405, nil, nil) + ReturnError(w, r, "not found", 405, nil, nil) return } e.db.revokeLegalBasis(brief) @@ -221,7 +220,7 @@ func (e mainEnv) agreementRevokeAll(w http.ResponseWriter, r *http.Request, ps h func (e mainEnv) agreementList(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { identity := ps.ByName("identity") mode := ps.ByName("mode") - event := audit.CreateAuditEvent("get agreements for "+mode, identity, mode, identity) + event := CreateAuditEvent("get agreements for "+mode, identity, mode, identity) defer func() { SaveAuditEvent(event, e.db, e.conf) }() userTOKEN, _, _ := e.getUserToken(w, r, mode, identity, event, true) @@ -238,7 +237,7 @@ func (e mainEnv) agreementList(w http.ResponseWriter, r *http.Request, ps httpro } if err != nil { - utils.ReturnError(w, r, "internal error", 405, err, event) + ReturnError(w, r, "internal error", 405, err, event) return } w.Header().Set("Content-Type", "application/json; charset=utf-8") @@ -253,7 +252,7 @@ func (e mainEnv) agreementGet(w http.ResponseWriter, r *http.Request, ps httprou mode := ps.ByName("mode") brief = utils.NormalizeBrief(brief) - event := audit.CreateAuditEvent("get agreements for "+brief, identity, mode, identity) + event := CreateAuditEvent("get agreements for "+brief, identity, mode, identity) defer func() { SaveAuditEvent(event, e.db, e.conf) }() userTOKEN, _, _ := e.getUserToken(w, r, mode, identity, event, true) @@ -261,26 +260,26 @@ func (e mainEnv) agreementGet(w http.ResponseWriter, r *http.Request, ps httprou return } if utils.CheckValidBrief(brief) == false { - utils.ReturnError(w, r, "bad brief format", 405, nil, event) + ReturnError(w, r, "bad brief format", 405, nil, event) return } exists, err := e.db.checkLegalBasis(brief) if err != nil { - utils.ReturnError(w, r, "internal error", 405, err, event) + ReturnError(w, r, "internal error", 405, err, event) return } if exists == false { - utils.ReturnError(w, r, "not found", 404, nil, event) + ReturnError(w, r, "not found", 404, nil, event) return } resultJSON, err := e.db.viewAgreementRecord(userTOKEN, brief) if err != nil { - utils.ReturnError(w, r, "internal error", 405, err, event) + ReturnError(w, r, "internal error", 405, err, event) return } if resultJSON == nil { - utils.ReturnError(w, r, "not found", 405, err, event) + ReturnError(w, r, "not found", 405, err, event) return } w.Header().Set("Content-Type", "application/json; charset=utf-8") @@ -294,16 +293,16 @@ func (e mainEnv) consentUserRecord(w http.ResponseWriter, r *http.Request, ps ht identity := ps.ByName("identity") brief := ps.ByName("brief") mode := ps.ByName("mode") - event := audit.CreateAuditEvent("consent record for "+brief, identity, mode, identity) + event := CreateAuditEvent("consent record for "+brief, identity, mode, identity) defer func() { SaveAuditEvent(event, e.db, e.conf) }() if utils.ValidateMode(mode) == false { - utils.ReturnError(w, r, "bad mode", 405, nil, event) + ReturnError(w, r, "bad mode", 405, nil, event) return } brief = utils.NormalizeBrief(brief) if utils.CheckValidBrief(brief) == false { - utils.ReturnError(w, r, "bad brief format", 405, nil, event) + ReturnError(w, r, "bad brief format", 405, nil, event) return } userTOKEN := identity @@ -321,7 +320,7 @@ func (e mainEnv) consentUserRecord(w http.ResponseWriter, r *http.Request, ps ht } } if userBson == nil { - utils.ReturnError(w, r, "internal error", 405, nil, event) + ReturnError(w, r, "internal error", 405, nil, event) return } // make sure that user is logged in here, unless he wants to cancel emails @@ -330,11 +329,11 @@ func (e mainEnv) consentUserRecord(w http.ResponseWriter, r *http.Request, ps ht } resultJSON, err := e.db.viewConsentRecord(userTOKEN, brief) if err != nil { - utils.ReturnError(w, r, "internal error", 405, err, event) + ReturnError(w, r, "internal error", 405, err, event) return } if resultJSON == nil { - utils.ReturnError(w, r, "not found", 405, nil, event) + ReturnError(w, r, "not found", 405, nil, event) return } w.Header().Set("Content-Type", "application/json; charset=utf-8") @@ -347,7 +346,7 @@ func (e mainEnv) consentUserRecord(w http.ResponseWriter, r *http.Request, ps ht /* func (e mainEnv) consentFilterRecords(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { brief := ps.ByName("brief") - event := audit.CreateAuditEvent("consent get all for "+brief, brief, "brief", brief) + event := CreateAuditEvent("consent get all for "+brief, brief, "brief", brief) defer func() { SaveAuditEvent(event, e.db, e.conf) }() if e.EnforceAuth(w, r, event) == "" { return @@ -363,7 +362,7 @@ func (e mainEnv) consentFilterRecords(w http.ResponseWriter, r *http.Request, ps } resultJSON, numRecords, err := e.db.filterConsentRecords(brief, offset, limit) if err != nil { - utils.ReturnError(w, r, "internal error", 405, err, event) + ReturnError(w, r, "internal error", 405, err, event) return } log.Printf("Total count of rows: %d\n", numRecords) diff --git a/src/audit/audit.go b/src/audit/audit.go deleted file mode 100644 index 7f9efeb..0000000 --- a/src/audit/audit.go +++ /dev/null @@ -1,29 +0,0 @@ -package audit - -import "time" - -type AuditEvent struct { - When int32 `json:"when"` - Who string `json:"who"` - Mode string `json:"mode"` - Identity string `json:"identity"` - Record string `json:"record"` - App string `json:"app"` - Title string `json:"title"` - Status string `json:"status"` - Msg string `json:"msg"` - Debug string `json:"debug"` - Before string `json:"before"` - After string `json:"after"` - Atoken string `json:"atoken"` -} - -func CreateAuditEvent(title string, record string, mode string, identity string) *AuditEvent { - //fmt.Printf("/%s : %s\n", title, record) - return &AuditEvent{Title: title, Mode: mode, Who: identity, Record: record, Status: "ok", When: int32(time.Now().Unix())} -} - -func CreateAuditAppEvent(title string, record string, app string, mode string, identity string) *AuditEvent { - //fmt.Printf("/%s : %s : %s\n", title, app, record) - return &AuditEvent{Title: title, Mode: mode, Who: identity, Record: record, Status: "ok", When: int32(time.Now().Unix())} -} diff --git a/src/audit/go.mod b/src/audit/go.mod deleted file mode 100644 index 8d60618..0000000 --- a/src/audit/go.mod +++ /dev/null @@ -1,3 +0,0 @@ -module github.com/securitybunker/databunker/src/utils - -go 1.21 diff --git a/src/audit_api.go b/src/audit_api.go index 25aab53..bdb5d80 100644 --- a/src/audit_api.go +++ b/src/audit_api.go @@ -4,13 +4,39 @@ import ( "fmt" "log" "net/http" + "time" "github.com/julienschmidt/httprouter" - "github.com/securitybunker/databunker/src/audit" "github.com/securitybunker/databunker/src/utils" ) -func (e mainEnv) EnforceAuth(w http.ResponseWriter, r *http.Request, event *audit.AuditEvent) string { +type AuditEvent struct { + When int32 `json:"when"` + Who string `json:"who"` + Mode string `json:"mode"` + Identity string `json:"identity"` + Record string `json:"record"` + App string `json:"app"` + Title string `json:"title"` + Status string `json:"status"` + Msg string `json:"msg"` + Debug string `json:"debug"` + Before string `json:"before"` + After string `json:"after"` + Atoken string `json:"atoken"` +} + +func CreateAuditEvent(title string, record string, mode string, identity string) *AuditEvent { + //fmt.Printf("/%s : %s\n", title, record) + return &AuditEvent{Title: title, Mode: mode, Who: identity, Record: record, Status: "ok", When: int32(time.Now().Unix())} +} + +func CreateAuditAppEvent(title string, record string, app string, mode string, identity string) *AuditEvent { + //fmt.Printf("/%s : %s : %s\n", title, app, record) + return &AuditEvent{Title: title, Mode: mode, Who: identity, Record: record, Status: "ok", When: int32(time.Now().Unix())} +} + +func (e mainEnv) EnforceAuth(w http.ResponseWriter, r *http.Request, event *AuditEvent) string { /* for key, value := range r.Header { fmt.Printf("%s => %s\n", key, value) @@ -49,7 +75,7 @@ func (e mainEnv) EnforceAuth(w http.ResponseWriter, r *http.Request, event *audi return "" } -func (e mainEnv) EnforceAdmin(w http.ResponseWriter, r *http.Request, event *audit.AuditEvent) string { +func (e mainEnv) EnforceAdmin(w http.ResponseWriter, r *http.Request, event *AuditEvent) string { if token, ok := r.Header["X-Bunker-Token"]; ok { authResult, err := e.db.checkUserAuthXToken(token[0]) //fmt.Printf("error in auth? error %s - %s\n", err, token[0]) @@ -70,9 +96,9 @@ func (e mainEnv) EnforceAdmin(w http.ResponseWriter, r *http.Request, event *aud func (e mainEnv) auditEventList(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { userTOKEN := ps.ByName("token") - event := audit.CreateAuditEvent("view audit events", userTOKEN, "token", userTOKEN) + event := CreateAuditEvent("view audit events", userTOKEN, "token", userTOKEN) defer func() { SaveAuditEvent(event, e.db, e.conf) }() - if utils.EnforceUUID(w, userTOKEN, event) == false { + if EnforceUUID(w, userTOKEN, event) == false { return } if e.EnforceAuth(w, r, event) == "" { @@ -89,7 +115,7 @@ func (e mainEnv) auditEventList(w http.ResponseWriter, r *http.Request, ps httpr } resultJSON, counter, err := e.db.getAuditEvents(userTOKEN, offset, limit) if err != nil { - utils.ReturnError(w, r, "internal error", 405, err, event) + ReturnError(w, r, "internal error", 405, err, event) return } //fmt.Printf("Total count of events: %d\n", counter) @@ -114,7 +140,7 @@ func (e mainEnv) auditEventListAll(w http.ResponseWriter, r *http.Request, ps ht } resultJSON, counter, err := e.db.getAdminAuditEvents(offset, limit) if err != nil { - utils.ReturnError(w, r, "internal error", 405, err, nil) + ReturnError(w, r, "internal error", 405, err, nil) return } //fmt.Printf("Total count of events: %d\n", counter) @@ -126,16 +152,16 @@ func (e mainEnv) auditEventListAll(w http.ResponseWriter, r *http.Request, ps ht func (e mainEnv) auditEventGet(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { atoken := ps.ByName("atoken") - event := audit.CreateAuditEvent("view audit event", atoken, "token", atoken) + event := CreateAuditEvent("view audit event", atoken, "token", atoken) defer func() { SaveAuditEvent(event, e.db, e.conf) }() //fmt.Println("error code") - if utils.EnforceUUID(w, atoken, event) == false { + if EnforceUUID(w, atoken, event) == false { return } userTOKEN, resultJSON, err := e.db.getAuditEvent(atoken) log.Printf("extracted user token: %s", userTOKEN) if err != nil { - utils.ReturnError(w, r, "internal error", 405, err, event) + ReturnError(w, r, "internal error", 405, err, event) return } event.Record = userTOKEN diff --git a/src/audit_db.go b/src/audit_db.go index 97b4d9f..10e9f4c 100644 --- a/src/audit_db.go +++ b/src/audit_db.go @@ -8,13 +8,12 @@ import ( //"log" uuid "github.com/hashicorp/go-uuid" - "github.com/securitybunker/databunker/src/audit" "github.com/securitybunker/databunker/src/storage" "github.com/securitybunker/databunker/src/utils" "go.mongodb.org/mongo-driver/bson" ) -func SaveAuditEvent(event *audit.AuditEvent, db *dbcon, conf Config) { +func SaveAuditEvent(event *AuditEvent, db *dbcon, conf Config) { if event == nil { return } diff --git a/src/bulk_api.go b/src/bulk_api.go index b2c3943..d1e5bb2 100644 --- a/src/bulk_api.go +++ b/src/bulk_api.go @@ -14,7 +14,7 @@ func (e mainEnv) userListAll(w http.ResponseWriter, r *http.Request, ps httprout return } if e.conf.Generic.ListUsers == false { - utils.ReturnError(w, r, "access denied", 403, nil, nil) + ReturnError(w, r, "access denied", 403, nil, nil) return } var offset int32 = 0 diff --git a/src/bunker.go b/src/bunker.go index ccc6896..54ec4ff 100644 --- a/src/bunker.go +++ b/src/bunker.go @@ -19,7 +19,6 @@ import ( "github.com/kelseyhightower/envconfig" "github.com/prometheus/client_golang/prometheus" "github.com/prometheus/client_golang/prometheus/promhttp" - "github.com/securitybunker/databunker/src/audit" "github.com/securitybunker/databunker/src/autocontext" "github.com/securitybunker/databunker/src/storage" "github.com/securitybunker/databunker/src/utils" @@ -384,15 +383,15 @@ func (e mainEnv) dbCleanup() { } // helper function to load user details by idex name -func (e mainEnv) getUserToken(w http.ResponseWriter, r *http.Request, mode string, identity string, event *audit.AuditEvent, strictCheck bool) (string, map[string]interface{}, error) { +func (e mainEnv) getUserToken(w http.ResponseWriter, r *http.Request, mode string, identity string, event *AuditEvent, strictCheck bool) (string, map[string]interface{}, error) { var userBSON map[string]interface{} var err error if utils.ValidateMode(mode) == false { - utils.ReturnError(w, r, "bad mode", 405, nil, event) + ReturnError(w, r, "bad mode", 405, nil, event) return "", userBSON, errors.New("bad mode") } if mode == "token" { - if utils.EnforceUUID(w, identity, event) == false { + if EnforceUUID(w, identity, event) == false { return "", userBSON, errors.New("uuid is incorrect") } userBSON, err = e.db.lookupUserRecord(identity) @@ -400,7 +399,7 @@ func (e mainEnv) getUserToken(w http.ResponseWriter, r *http.Request, mode strin userBSON, err = e.db.lookupUserRecordByIndex(mode, identity, e.conf) } if err != nil { - utils.ReturnError(w, r, "internal error", 405, nil, event) + ReturnError(w, r, "internal error", 405, nil, event) return "", userBSON, err } userToken := utils.GetUuidString(userBSON["token"]) @@ -409,10 +408,10 @@ func (e mainEnv) getUserToken(w http.ResponseWriter, r *http.Request, mode strin event.Record = userToken } _, exists := r.Header["X-Bunker-Token"] - // if strict check is disabled and we have no auth token - if exists == false && strictCheck == false { - return userToken, userBSON, nil - } + // if strict check is disabled and we have no auth token + if exists == false && strictCheck == false { + return userToken, userBSON, nil + } //log.Printf("getUserToken -> EnforceAuth()") if e.EnforceAuth(w, r, event) == "" { //log.Printf("XToken validation error") @@ -422,7 +421,7 @@ func (e mainEnv) getUserToken(w http.ResponseWriter, r *http.Request, mode strin } // not found if strictCheck == true { - utils.ReturnError(w, r, "not found", 405, nil, event) + ReturnError(w, r, "not found", 405, nil, event) return "", userBSON, errors.New("not found") } // make sure to check if user is admin diff --git a/src/captcha.go b/src/captcha.go index 8731f28..ecaf90e 100644 --- a/src/captcha.go +++ b/src/captcha.go @@ -28,19 +28,19 @@ func (e mainEnv) showCaptcha(w http.ResponseWriter, r *http.Request, ps httprout code := ps.ByName("code") if len(code) == 0 { err := errors.New("Bad code") - utils.ReturnError(w, r, "bad code", 405, err, nil) + ReturnError(w, r, "bad code", 405, err, nil) return } s, err := decryptCaptcha(code) if err != nil { - utils.ReturnError(w, r, err.Error(), 405, err, nil) + ReturnError(w, r, err.Error(), 405, err, nil) return } log.Printf("Decoded captcha: %s", s) //box := packr.NewBox("../ui") //comic, err := box.Find("site/fonts/comic.ttf") //if err != nil { - // utils.ReturnError(w, r, err.Error(), 405, err, nil) + // ReturnError(w, r, err.Error(), 405, err, nil) // return //} cap := captcha.New() diff --git a/src/utils/checks.go b/src/checks.go similarity index 83% rename from src/utils/checks.go rename to src/checks.go index 403f3ac..17be530 100644 --- a/src/utils/checks.go +++ b/src/checks.go @@ -1,14 +1,14 @@ -package utils +package main import ( "fmt" "log" "net/http" - "github.com/securitybunker/databunker/src/audit" + "github.com/securitybunker/databunker/src/utils" ) -func ReturnError(w http.ResponseWriter, r *http.Request, message string, code int, err error, event *audit.AuditEvent) { +func ReturnError(w http.ResponseWriter, r *http.Request, message string, code int, err error, event *AuditEvent) { w.Header().Set("Content-Type", "application/json; charset=utf-8") w.WriteHeader(code) fmt.Fprintf(w, `{"status":"error","message":%q}`, message) @@ -25,8 +25,8 @@ func ReturnError(w http.ResponseWriter, r *http.Request, message string, code in //http.Error(w, http.StatusText(405), 405) } -func EnforceUUID(w http.ResponseWriter, uuidCode string, event *audit.AuditEvent) bool { - if CheckValidUUID(uuidCode) == false { +func EnforceUUID(w http.ResponseWriter, uuidCode string, event *AuditEvent) bool { + if utils.CheckValidUUID(uuidCode) == false { //fmt.Printf("405 bad uuid in : %s\n", uuidCode) w.Header().Set("Content-Type", "application/json; charset=utf-8") w.WriteHeader(405) diff --git a/src/conf.go b/src/conf.go index 0d64f9d..ed7b459 100644 --- a/src/conf.go +++ b/src/conf.go @@ -7,7 +7,6 @@ import ( "github.com/julienschmidt/httprouter" "github.com/securitybunker/databunker/src/autocontext" - "github.com/securitybunker/databunker/src/utils" ) func (e mainEnv) setupConfRouter(router *httprouter.Router) *httprouter.Router { @@ -24,7 +23,7 @@ func (e mainEnv) initContext(r *http.Request) { func (e mainEnv) cookieSettings(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { resultJSON, scriptsJSON, _, err := e.db.getLegalBasisCookieConf() if err != nil { - utils.ReturnError(w, r, "internal error", 405, err, nil) + ReturnError(w, r, "internal error", 405, err, nil) return } resultUIConfJSON, _ := json.Marshal(e.conf.UI) diff --git a/src/expiration_api.go b/src/expiration_api.go index b8d39db..62d9653 100644 --- a/src/expiration_api.go +++ b/src/expiration_api.go @@ -6,7 +6,6 @@ import ( uuid "github.com/hashicorp/go-uuid" "github.com/julienschmidt/httprouter" - "github.com/securitybunker/databunker/src/audit" "github.com/securitybunker/databunker/src/storage" "github.com/securitybunker/databunker/src/utils" ) @@ -32,7 +31,7 @@ func (e mainEnv) expGetStatus(w http.ResponseWriter, r *http.Request, ps httprou identity := ps.ByName("identity") mode := ps.ByName("mode") - event := audit.CreateAuditEvent("get expiration status by "+mode, identity, mode, identity) + event := CreateAuditEvent("get expiration status by "+mode, identity, mode, identity) defer func() { SaveAuditEvent(event, e.db, e.conf) }() userTOKEN, userBSON, _ := e.getUserToken(w, r, mode, identity, event, true) @@ -54,7 +53,7 @@ func (e mainEnv) expCancel(w http.ResponseWriter, r *http.Request, ps httprouter var err error identity := ps.ByName("identity") mode := ps.ByName("mode") - event := audit.CreateAuditEvent("clear user expiration by "+mode, identity, mode, identity) + event := CreateAuditEvent("clear user expiration by "+mode, identity, mode, identity) defer func() { SaveAuditEvent(event, e.db, e.conf) }() userTOKEN, _, _ := e.getUserToken(w, r, mode, identity, event, true) @@ -65,7 +64,7 @@ func (e mainEnv) expCancel(w http.ResponseWriter, r *http.Request, ps httprouter status := "" err = e.db.updateUserExpStatus(userTOKEN, status) if err != nil { - utils.ReturnError(w, r, "internal error", 405, nil, event) + ReturnError(w, r, "internal error", 405, nil, event) return } finalJSON := `{"status":"ok"}` @@ -77,14 +76,14 @@ func (e mainEnv) expCancel(w http.ResponseWriter, r *http.Request, ps httprouter func (e mainEnv) expRetainData(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { identity := ps.ByName("exptoken") mode := "exptoken" - event := audit.CreateAuditEvent("retain user data by exptoken", identity, mode, identity) + event := CreateAuditEvent("retain user data by exptoken", identity, mode, identity) defer func() { SaveAuditEvent(event, e.db, e.conf) }() - if utils.EnforceUUID(w, identity, event) == false { + if EnforceUUID(w, identity, event) == false { return } userBson, err := e.db.lookupUserRecordByIndex(mode, identity, e.conf) if userBson == nil || err != nil { - utils.ReturnError(w, r, "internal error", 405, nil, event) + ReturnError(w, r, "internal error", 405, nil, event) return } userTOKEN := utils.GetUuidString(userBson["token"]) @@ -92,7 +91,7 @@ func (e mainEnv) expRetainData(w http.ResponseWriter, r *http.Request, ps httpro status := "retain" err = e.db.updateUserExpStatus(userTOKEN, status) if err != nil { - utils.ReturnError(w, r, "internal error", 405, nil, event) + ReturnError(w, r, "internal error", 405, nil, event) return } w.WriteHeader(200) @@ -102,14 +101,14 @@ func (e mainEnv) expRetainData(w http.ResponseWriter, r *http.Request, ps httpro func (e mainEnv) expDeleteData(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { identity := ps.ByName("exptoken") mode := "exptoken" - event := audit.CreateAuditEvent("delete user data by exptoken", identity, mode, identity) + event := CreateAuditEvent("delete user data by exptoken", identity, mode, identity) defer func() { SaveAuditEvent(event, e.db, e.conf) }() - if utils.EnforceUUID(w, identity, event) == false { + if EnforceUUID(w, identity, event) == false { return } userJSON, userTOKEN, userBSON, err := e.db.getUserByIndex(identity, mode, e.conf) if userJSON == nil || err != nil { - utils.ReturnError(w, r, "internal error", 405, nil, event) + ReturnError(w, r, "internal error", 405, nil, event) return } event.Record = userTOKEN @@ -119,7 +118,7 @@ func (e mainEnv) expDeleteData(w http.ResponseWriter, r *http.Request, ps httpro } _, err = e.db.deleteUserRecord(userJSON, userTOKEN, e.conf) if err != nil { - utils.ReturnError(w, r, "internal error", 405, nil, event) + ReturnError(w, r, "internal error", 405, nil, event) return } e.db.updateUserExpStatus(userTOKEN, "expired") @@ -131,7 +130,7 @@ func (e mainEnv) expStart(w http.ResponseWriter, r *http.Request, ps httprouter. var err error identity := ps.ByName("identity") mode := ps.ByName("mode") - event := audit.CreateAuditEvent("initiate user record expiration by "+mode, identity, mode, identity) + event := CreateAuditEvent("initiate user record expiration by "+mode, identity, mode, identity) defer func() { SaveAuditEvent(event, e.db, e.conf) }() userTOKEN, _, _ := e.getUserToken(w, r, mode, identity, event, true) @@ -146,7 +145,7 @@ func (e mainEnv) expStart(w http.ResponseWriter, r *http.Request, ps httprouter. postData, err := utils.GetJSONPostMap(r) if err != nil { - utils.ReturnError(w, r, "failed to decode request body", 405, err, event) + ReturnError(w, r, "failed to decode request body", 405, err, event) return } endtime := utils.SetExpiration(e.conf.Policy.MaxUserRetentionPeriod, postData["expiration"]) @@ -157,11 +156,11 @@ func (e mainEnv) expStart(w http.ResponseWriter, r *http.Request, ps httprouter. } expToken, err := uuid.GenerateUUID() if err != nil { - utils.ReturnError(w, r, "internal error", 405, err, event) + ReturnError(w, r, "internal error", 405, err, event) } err = e.db.initiateUserExpiration(userTOKEN, endtime, status, expToken) if err != nil { - utils.ReturnError(w, r, "internal error", 405, err, event) + ReturnError(w, r, "internal error", 405, err, event) return } finalJSON := fmt.Sprintf(`{"status":"ok","exptoken":"%s"}`, expToken) diff --git a/src/go.mod b/src/go.mod index 7b0f7a1..32c300a 100644 --- a/src/go.mod +++ b/src/go.mod @@ -8,8 +8,6 @@ replace github.com/securitybunker/databunker/src/storage => ./storage replace github.com/securitybunker/databunker/src/utils => ./utils -replace github.com/securitybunker/databunker/src/audit => ./audit - require ( github.com/afocus/captcha v0.0.0-20191010092841-4bd1f21c8868 github.com/evanphx/json-patch v5.9.0+incompatible @@ -20,7 +18,6 @@ require ( github.com/oschwald/geoip2-golang v1.11.0 github.com/prometheus/client_golang v1.20.5 github.com/qri-io/jsonpointer v0.1.1 - github.com/securitybunker/databunker/src/audit v0.0.0 github.com/securitybunker/databunker/src/storage v0.0.0 github.com/securitybunker/databunker/src/utils v0.0.0 github.com/securitybunker/jsonschema v0.2.1-0.20201128224651-d77c1a3cb787 diff --git a/src/lbasis_api.go b/src/lbasis_api.go index 5c1873c..e49ae5c 100644 --- a/src/lbasis_api.go +++ b/src/lbasis_api.go @@ -17,18 +17,18 @@ func (e mainEnv) legalBasisCreate(w http.ResponseWriter, r *http.Request, ps htt } brief = utils.NormalizeBrief(brief) if utils.CheckValidBrief(brief) == false { - utils.ReturnError(w, r, "bad brief format", 405, nil, nil) + ReturnError(w, r, "bad brief format", 405, nil, nil) return } postData, err := utils.GetJSONPostMap(r) if err != nil { - utils.ReturnError(w, r, "failed to decode request body", 405, err, nil) + ReturnError(w, r, "failed to decode request body", 405, err, nil) return } newbrief := utils.GetStringValue(postData["brief"]) if len(newbrief) > 0 && newbrief != brief { if utils.CheckValidBrief(newbrief) == false { - utils.ReturnError(w, r, "bad brief format", 405, nil, nil) + ReturnError(w, r, "bad brief format", 405, nil, nil) return } } @@ -87,7 +87,7 @@ func (e mainEnv) legalBasisDelete(w http.ResponseWriter, r *http.Request, ps htt } brief = utils.NormalizeBrief(brief) if utils.CheckValidBrief(brief) == false { - utils.ReturnError(w, r, "bad brief format", 405, nil, nil) + ReturnError(w, r, "bad brief format", 405, nil, nil) return } e.db.unlinkProcessingActivityBrief(brief) @@ -103,7 +103,7 @@ func (e mainEnv) legalBasisListAll(w http.ResponseWriter, r *http.Request, ps ht } resultJSON, numRecords, err := e.db.getLegalBasisRecords() if err != nil { - utils.ReturnError(w, r, "internal error", 405, err, nil) + ReturnError(w, r, "internal error", 405, err, nil) return } //log.Printf("Total count of rows: %d\n", numRecords) diff --git a/src/pactivities_api.go b/src/pactivities_api.go index 5d72805..678b193 100644 --- a/src/pactivities_api.go +++ b/src/pactivities_api.go @@ -17,12 +17,12 @@ func (e mainEnv) pactivityCreate(w http.ResponseWriter, r *http.Request, ps http } activity = utils.NormalizeBrief(activity) if utils.CheckValidBrief(activity) == false { - utils.ReturnError(w, r, "bad activity format", 405, nil, nil) + ReturnError(w, r, "bad activity format", 405, nil, nil) return } records, err := utils.GetJSONPostMap(r) if err != nil { - utils.ReturnError(w, r, "failed to decode request body", 405, err, nil) + ReturnError(w, r, "failed to decode request body", 405, err, nil) return } defer func() { @@ -51,7 +51,7 @@ func (e mainEnv) pactivityDelete(w http.ResponseWriter, r *http.Request, ps http } activity = utils.NormalizeBrief(activity) if utils.CheckValidBrief(activity) == false { - utils.ReturnError(w, r, "bad activity format", 405, nil, nil) + ReturnError(w, r, "bad activity format", 405, nil, nil) return } e.db.deleteProcessingActivity(activity) @@ -68,26 +68,26 @@ func (e mainEnv) pactivityLink(w http.ResponseWriter, r *http.Request, ps httpro } activity = utils.NormalizeBrief(activity) if utils.CheckValidBrief(activity) == false { - utils.ReturnError(w, r, "bad activity format", 405, nil, nil) + ReturnError(w, r, "bad activity format", 405, nil, nil) return } brief = utils.NormalizeBrief(brief) if utils.CheckValidBrief(brief) == false { - utils.ReturnError(w, r, "bad brief format", 405, nil, nil) + ReturnError(w, r, "bad brief format", 405, nil, nil) return } exists, err := e.db.checkLegalBasis(brief) if err != nil { - utils.ReturnError(w, r, "internal error", 405, nil, nil) + ReturnError(w, r, "internal error", 405, nil, nil) return } if exists == false { - utils.ReturnError(w, r, "not found", 405, nil, nil) + ReturnError(w, r, "not found", 405, nil, nil) return } _, err = e.db.linkProcessingActivity(activity, brief) if err != nil { - utils.ReturnError(w, r, "internal error", 405, err, nil) + ReturnError(w, r, "internal error", 405, err, nil) return } w.Header().Set("Content-Type", "application/json; charset=utf-8") @@ -103,17 +103,17 @@ func (e mainEnv) pactivityUnlink(w http.ResponseWriter, r *http.Request, ps http } activity = utils.NormalizeBrief(activity) if utils.CheckValidBrief(activity) == false { - utils.ReturnError(w, r, "bad activity format", 405, nil, nil) + ReturnError(w, r, "bad activity format", 405, nil, nil) return } brief = utils.NormalizeBrief(brief) if utils.CheckValidBrief(brief) == false { - utils.ReturnError(w, r, "bad brief format", 405, nil, nil) + ReturnError(w, r, "bad brief format", 405, nil, nil) return } _, err := e.db.unlinkProcessingActivity(activity, brief) if err != nil { - utils.ReturnError(w, r, "internal error", 405, err, nil) + ReturnError(w, r, "internal error", 405, err, nil) return } w.Header().Set("Content-Type", "application/json; charset=utf-8") @@ -127,7 +127,7 @@ func (e mainEnv) pactivityListAll(w http.ResponseWriter, r *http.Request, ps htt } resultJSON, numRecords, err := e.db.listProcessingActivities() if err != nil { - utils.ReturnError(w, r, "internal error", 405, err, nil) + ReturnError(w, r, "internal error", 405, err, nil) return } log.Printf("Total count of rows: %d\n", numRecords) diff --git a/src/requests_api.go b/src/requests_api.go index 1bb5e56..75c6d37 100644 --- a/src/requests_api.go +++ b/src/requests_api.go @@ -7,13 +7,12 @@ import ( "strings" "github.com/julienschmidt/httprouter" - "github.com/securitybunker/databunker/src/audit" "github.com/securitybunker/databunker/src/utils" ) // This function retrieves all requests that require admin approval. This function supports result pager. func (e mainEnv) userReqListAll(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { - event := audit.CreateAuditEvent("view user requests", "", "", "") + event := CreateAuditEvent("view user requests", "", "", "") if e.EnforceAdmin(w, r, event) == "" { return } @@ -32,7 +31,7 @@ func (e mainEnv) userReqListAll(w http.ResponseWriter, r *http.Request, ps httpr } resultJSON, counter, err := e.db.getRequests(status, offset, limit) if err != nil { - utils.ReturnError(w, r, "internal error", 405, err, event) + ReturnError(w, r, "internal error", 405, err, event) return } w.Header().Set("Content-Type", "application/json; charset=utf-8") @@ -45,7 +44,7 @@ func (e mainEnv) userReqListAll(w http.ResponseWriter, r *http.Request, ps httpr func (e mainEnv) userReqList(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { identity := ps.ByName("identity") mode := ps.ByName("mode") - event := audit.CreateAuditEvent("get user privacy requests", identity, mode, identity) + event := CreateAuditEvent("get user privacy requests", identity, mode, identity) defer func() { SaveAuditEvent(event, e.db, e.conf) }() userTOKEN, _, _ := e.getUserToken(w, r, mode, identity, event, true) @@ -64,7 +63,7 @@ func (e mainEnv) userReqList(w http.ResponseWriter, r *http.Request, ps httprout } resultJSON, counter, err := e.db.getUserRequests(userTOKEN, offset, limit) if err != nil { - utils.ReturnError(w, r, "internal error", 405, err, nil) + ReturnError(w, r, "internal error", 405, err, nil) return } w.Header().Set("Content-Type", "application/json; charset=utf-8") @@ -75,19 +74,19 @@ func (e mainEnv) userReqList(w http.ResponseWriter, r *http.Request, ps httprout func (e mainEnv) userReqGet(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { request := ps.ByName("request") - event := audit.CreateAuditEvent("get user request by request token", request, "request", request) + event := CreateAuditEvent("get user request by request token", request, "request", request) defer func() { SaveAuditEvent(event, e.db, e.conf) }() - if utils.EnforceUUID(w, request, event) == false { + if EnforceUUID(w, request, event) == false { return } requestInfo, err := e.db.getRequest(request) if err != nil { - utils.ReturnError(w, r, "internal error", 405, err, nil) + ReturnError(w, r, "internal error", 405, err, nil) return } if len(requestInfo) == 0 { - utils.ReturnError(w, r, "not found", 405, err, event) + ReturnError(w, r, "not found", 405, err, event) return } var resultJSON []byte @@ -106,7 +105,7 @@ func (e mainEnv) userReqGet(w http.ResponseWriter, r *http.Request, ps httproute } userBSON, err := e.db.lookupUserRecord(userTOKEN) if err != nil { - utils.ReturnError(w, r, "internal error", 405, err, event) + ReturnError(w, r, "internal error", 405, err, event) return } if len(appName) > 0 { @@ -118,11 +117,11 @@ func (e mainEnv) userReqGet(w http.ResponseWriter, r *http.Request, ps httproute resultJSON, err = e.db.getUserJSON(userTOKEN) } if err != nil { - utils.ReturnError(w, r, "internal error", 405, err, event) + ReturnError(w, r, "internal error", 405, err, event) return } if resultJSON == nil { - utils.ReturnError(w, r, "not found", 405, err, event) + ReturnError(w, r, "not found", 405, err, event) return } //fmt.Printf("Full json: %s\n", resultJSON) @@ -141,7 +140,7 @@ func (e mainEnv) userReqGet(w http.ResponseWriter, r *http.Request, ps httproute if value, ok := requestInfo["change"]; ok { change := value.(string) //recBson := bson.M{} - if len(change) > 0 { + if len(change) > 0 { change2, _ := e.db.userDecrypt(userBSON, change) //log.Printf("change: %s", change2) requestInfo["change"] = change2 @@ -155,10 +154,10 @@ func (e mainEnv) userReqGet(w http.ResponseWriter, r *http.Request, ps httproute func (e mainEnv) userReqApprove(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { request := ps.ByName("request") - event := audit.CreateAuditEvent("approve user request", request, "request", request) + event := CreateAuditEvent("approve user request", request, "request", request) defer func() { SaveAuditEvent(event, e.db, e.conf) }() - if utils.EnforceUUID(w, request, event) == false { + if EnforceUUID(w, request, event) == false { return } authResult := e.EnforceAdmin(w, r, event) @@ -167,17 +166,17 @@ func (e mainEnv) userReqApprove(w http.ResponseWriter, r *http.Request, ps httpr } postData, err := utils.GetJSONPostMap(r) if err != nil { - utils.ReturnError(w, r, "failed to decode request body", 405, err, event) + ReturnError(w, r, "failed to decode request body", 405, err, event) return } reason := utils.GetStringValue(postData["reason"]) requestInfo, err := e.db.getRequest(request) if err != nil { - utils.ReturnError(w, r, "internal error", 405, err, event) + ReturnError(w, r, "internal error", 405, err, event) return } if len(requestInfo) == 0 { - utils.ReturnError(w, r, "not found", 405, err, event) + ReturnError(w, r, "not found", 405, err, event) return } userTOKEN := utils.GetStringValue(requestInfo["token"]) @@ -187,16 +186,16 @@ func (e mainEnv) userReqApprove(w http.ResponseWriter, r *http.Request, ps httpr action := utils.GetStringValue(requestInfo["action"]) status := utils.GetStringValue(requestInfo["status"]) if status != "open" { - utils.ReturnError(w, r, "wrong status: "+status, 405, err, event) + ReturnError(w, r, "wrong status: "+status, 405, err, event) return } userJSON, userBSON, err := e.db.getUser(userTOKEN) if err != nil { - utils.ReturnError(w, r, "internal error", 405, err, event) + ReturnError(w, r, "internal error", 405, err, event) return } if userJSON == nil { - utils.ReturnError(w, r, "not found", 405, err, event) + ReturnError(w, r, "not found", 405, err, event) return } if value, ok := requestInfo["change"]; ok { @@ -221,7 +220,7 @@ func (e mainEnv) userReqApprove(w http.ResponseWriter, r *http.Request, ps httpr event.Msg = "failed to delete" } if err != nil { - utils.ReturnError(w, r, "internal error", 405, err, event) + ReturnError(w, r, "internal error", 405, err, event) return } notifyURL := e.conf.Notification.NotificationURL @@ -229,11 +228,11 @@ func (e mainEnv) userReqApprove(w http.ResponseWriter, r *http.Request, ps httpr } else if action == "change-profile" { oldJSON, newJSON, lookupErr, err := e.db.updateUserRecord(requestInfo["change"].([]uint8), userTOKEN, userBSON, event, e.conf) if lookupErr { - utils.ReturnError(w, r, "internal error", 405, errors.New("not found"), event) + ReturnError(w, r, "internal error", 405, errors.New("not found"), event) return } if err != nil { - utils.ReturnError(w, r, "internal error", 405, err, event) + ReturnError(w, r, "internal error", 405, err, event) return } utils.ReturnUUID(w, userTOKEN) @@ -243,7 +242,7 @@ func (e mainEnv) userReqApprove(w http.ResponseWriter, r *http.Request, ps httpr app := requestInfo["app"].(string) _, err = e.db.updateAppRecord(requestInfo["change"].([]uint8), userTOKEN, userBSON, app, event, e.conf) if err != nil { - utils.ReturnError(w, r, "internal error", 405, err, event) + ReturnError(w, r, "internal error", 405, err, event) return } } else if action == "agreement-withdraw" { @@ -261,25 +260,25 @@ func (e mainEnv) userReqApprove(w http.ResponseWriter, r *http.Request, ps httpr func (e mainEnv) userReqCancel(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { request := ps.ByName("request") - event := audit.CreateAuditEvent("cancel user request", request, "request", request) + event := CreateAuditEvent("cancel user request", request, "request", request) defer func() { SaveAuditEvent(event, e.db, e.conf) }() - if utils.EnforceUUID(w, request, event) == false { + if EnforceUUID(w, request, event) == false { return } postData, err := utils.GetJSONPostMap(r) if err != nil { - utils.ReturnError(w, r, "failed to decode request body", 405, err, event) + ReturnError(w, r, "failed to decode request body", 405, err, event) return } reason := utils.GetStringValue(postData["reason"]) requestInfo, err := e.db.getRequest(request) if err != nil { - utils.ReturnError(w, r, "internal error", 405, err, event) + ReturnError(w, r, "internal error", 405, err, event) return } if len(requestInfo) == 0 { - utils.ReturnError(w, r, "not found", 405, err, event) + ReturnError(w, r, "not found", 405, err, event) return } userTOKEN := utils.GetStringValue(requestInfo["token"]) @@ -291,16 +290,16 @@ func (e mainEnv) userReqCancel(w http.ResponseWriter, r *http.Request, ps httpro return } if requestInfo["status"].(string) != "open" { - utils.ReturnError(w, r, "wrong status: "+requestInfo["status"].(string), 405, err, event) + ReturnError(w, r, "wrong status: "+requestInfo["status"].(string), 405, err, event) return } resultJSON, err := e.db.getUserJSON(userTOKEN) if err != nil { - utils.ReturnError(w, r, "internal error", 405, err, event) + ReturnError(w, r, "internal error", 405, err, event) return } if resultJSON == nil { - utils.ReturnError(w, r, "not found", 405, err, event) + ReturnError(w, r, "not found", 405, err, event) return } if len(reason) == 0 && authResult == "login" { diff --git a/src/sessions_api.go b/src/sessions_api.go index 23fcfb5..18e1fa8 100644 --- a/src/sessions_api.go +++ b/src/sessions_api.go @@ -9,21 +9,20 @@ import ( uuid "github.com/hashicorp/go-uuid" "github.com/julienschmidt/httprouter" - "github.com/securitybunker/databunker/src/audit" "github.com/securitybunker/databunker/src/storage" "github.com/securitybunker/databunker/src/utils" ) func (e mainEnv) sessionCreate(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { session := ps.ByName("session") - var event *audit.AuditEvent + var event *AuditEvent defer func() { if event != nil { SaveAuditEvent(event, e.db, e.conf) } }() - if utils.EnforceUUID(w, session, event) == false { - //utils.ReturnError(w, r, "bad session format", nil, event) + if EnforceUUID(w, session, event) == false { + //ReturnError(w, r, "bad session format", nil, event) return } if e.EnforceAdmin(w, r, event) == "" { @@ -31,11 +30,11 @@ func (e mainEnv) sessionCreate(w http.ResponseWriter, r *http.Request, ps httpro } postData, err := utils.GetJSONPostMap(r) if err != nil { - utils.ReturnError(w, r, "failed to decode request body", 405, err, event) + ReturnError(w, r, "failed to decode request body", 405, err, event) return } if len(postData) == 0 { - utils.ReturnError(w, r, "empty body", 405, nil, event) + ReturnError(w, r, "empty body", 405, nil, event) return } expiration := utils.SetExpiration(e.conf.Policy.MaxSessionRetentionPeriod, postData["expiration"]) @@ -60,23 +59,23 @@ func (e mainEnv) sessionCreate(w http.ResponseWriter, r *http.Request, ps httpro userBson, err = e.db.lookupUserRecord(userToken) } if err != nil { - utils.ReturnError(w, r, "internal error", 405, err, event) + ReturnError(w, r, "internal error", 405, err, event) return } userTOKEN := "" if userBson != nil { - event = audit.CreateAuditEvent("create session", session, "session", session) + event = CreateAuditEvent("create session", session, "session", session) userTOKEN = utils.GetUuidString(userBson["token"]) event.Record = userTOKEN } jsonData, err := json.Marshal(postData) if err != nil { - utils.ReturnError(w, r, "internal error", 405, err, event) + ReturnError(w, r, "internal error", 405, err, event) return } session, err = e.db.createSessionRecord(session, userTOKEN, expiration, jsonData) if err != nil { - utils.ReturnError(w, r, "internal error", 405, err, event) + ReturnError(w, r, "internal error", 405, err, event) return } w.Header().Set("Content-Type", "application/json; charset=utf-8") @@ -86,10 +85,10 @@ func (e mainEnv) sessionCreate(w http.ResponseWriter, r *http.Request, ps httpro func (e mainEnv) sessionDelete(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { session := ps.ByName("session") - event := audit.CreateAuditEvent("delete session", session, "session", session) + event := CreateAuditEvent("delete session", session, "session", session) defer func() { SaveAuditEvent(event, e.db, e.conf) }() - if utils.EnforceUUID(w, session, event) == false { - //utils.ReturnError(w, r, "bad session format", nil, event) + if EnforceUUID(w, session, event) == false { + //ReturnError(w, r, "bad session format", nil, event) return } if e.EnforceAdmin(w, r, event) == "" { @@ -105,7 +104,7 @@ func (e mainEnv) sessionDelete(w http.ResponseWriter, r *http.Request, ps httpro func (e mainEnv) sessionNewOld(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { identity := ps.ByName("identity") mode := ps.ByName("mode") - event := audit.CreateAuditEvent("create user session by "+mode, identity, mode, identity) + event := CreateAuditEvent("create user session by "+mode, identity, mode, identity) defer func() { SaveAuditEvent(event, e.db, e.conf) }() userTOKEN, _, _ := e.getUserToken(w, r, mode, identity, event, true) @@ -114,11 +113,11 @@ func (e mainEnv) sessionNewOld(w http.ResponseWriter, r *http.Request, ps httpro } postData, err := utils.GetJSONPostMap(r) if err != nil { - utils.ReturnError(w, r, "failed to decode request body", 405, err, event) + ReturnError(w, r, "failed to decode request body", 405, err, event) return } if len(postData) == 0 { - utils.ReturnError(w, r, "empty body", 405, nil, event) + ReturnError(w, r, "empty body", 405, nil, event) return } expirationStr := utils.GetStringValue(postData["expiration"]) @@ -126,17 +125,17 @@ func (e mainEnv) sessionNewOld(w http.ResponseWriter, r *http.Request, ps httpro log.Printf("Record expiration: %d", expiration) jsonData, err := json.Marshal(postData) if err != nil { - utils.ReturnError(w, r, "internal error", 405, err, event) + ReturnError(w, r, "internal error", 405, err, event) return } sessionUUID, err := uuid.GenerateUUID() if err != nil { - utils.ReturnError(w, r, "internal error", 405, err, event) + ReturnError(w, r, "internal error", 405, err, event) return } sessionID, err := e.db.createSessionRecord(sessionUUID, userTOKEN, expiration, jsonData) if err != nil { - utils.ReturnError(w, r, "internal error", 405, err, event) + ReturnError(w, r, "internal error", 405, err, event) return } w.Header().Set("Content-Type", "application/json; charset=utf-8") @@ -147,7 +146,7 @@ func (e mainEnv) sessionNewOld(w http.ResponseWriter, r *http.Request, ps httpro func (e mainEnv) sessionList(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { identity := ps.ByName("identity") mode := ps.ByName("mode") - event := audit.CreateAuditEvent("get all user sessions", identity, mode, identity) + event := CreateAuditEvent("get all user sessions", identity, mode, identity) defer func() { SaveAuditEvent(event, e.db, e.conf) }() userTOKEN, _, _ := e.getUserToken(w, r, mode, identity, event, true) @@ -167,7 +166,7 @@ func (e mainEnv) sessionList(w http.ResponseWriter, r *http.Request, ps httprout } records, count, err := e.db.getUserSessionsByToken(userTOKEN, offset, limit) if err != nil { - utils.ReturnError(w, r, "internal error", 405, err, event) + ReturnError(w, r, "internal error", 405, err, event) return } data := strings.Join(records, ",") @@ -178,7 +177,7 @@ func (e mainEnv) sessionList(w http.ResponseWriter, r *http.Request, ps httprout func (e mainEnv) sessionGet(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { session := ps.ByName("session") - event := audit.CreateAuditEvent("get session", session, "session", session) + event := CreateAuditEvent("get session", session, "session", session) defer func() { if event != nil { SaveAuditEvent(event, e.db, e.conf) @@ -190,7 +189,7 @@ func (e mainEnv) sessionGet(w http.ResponseWriter, r *http.Request, ps httproute e.db.store.DeleteExpired(storage.TblName.Sessions, "token", userTOKEN) } if err != nil { - utils.ReturnError(w, r, err.Error(), 405, err, event) + ReturnError(w, r, err.Error(), 405, err, event) return } diff --git a/src/sharedrecords_api.go b/src/sharedrecords_api.go index f97fe09..2be9426 100644 --- a/src/sharedrecords_api.go +++ b/src/sharedrecords_api.go @@ -8,7 +8,6 @@ import ( "strings" "github.com/julienschmidt/httprouter" - "github.com/securitybunker/databunker/src/audit" "github.com/securitybunker/databunker/src/utils" "github.com/tidwall/gjson" ) @@ -16,7 +15,7 @@ import ( func (e mainEnv) sharedRecordCreate(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { identity := ps.ByName("identity") mode := ps.ByName("mode") - event := audit.CreateAuditEvent("create shareable record by "+mode, identity, "token", identity) + event := CreateAuditEvent("create shareable record by "+mode, identity, "token", identity) defer func() { SaveAuditEvent(event, e.db, e.conf) }() userTOKEN, _, _ := e.getUserToken(w, r, mode, identity, event, true) @@ -25,7 +24,7 @@ func (e mainEnv) sharedRecordCreate(w http.ResponseWriter, r *http.Request, ps h } postData, err := utils.GetJSONPostMap(r) if err != nil { - utils.ReturnError(w, r, "failed to decode request body", 405, err, event) + ReturnError(w, r, "failed to decode request body", 405, err, event) return } fields := utils.GetStringValue(postData["fields"]) @@ -35,13 +34,13 @@ func (e mainEnv) sharedRecordCreate(w http.ResponseWriter, r *http.Request, ps h if len(appName) > 0 { appName = strings.ToLower(appName) if utils.CheckValidApp(appName) == false { - utils.ReturnError(w, r, "unknown app name", 405, nil, event) + ReturnError(w, r, "unknown app name", 405, nil, event) } } expiration := utils.SetExpiration(e.conf.Policy.MaxShareableRecordRetentionPeriod, postData["expiration"]) recordUUID, err := e.db.saveSharedRecord(userTOKEN, fields, expiration, session, appName, partner, e.conf) if err != nil { - utils.ReturnError(w, r, err.Error(), 405, err, event) + ReturnError(w, r, err.Error(), 405, err, event) return } event.Record = userTOKEN @@ -53,10 +52,10 @@ func (e mainEnv) sharedRecordCreate(w http.ResponseWriter, r *http.Request, ps h func (e mainEnv) sharedRecordGet(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { record := ps.ByName("record") - event := audit.CreateAuditEvent("get shareable record by token", record, "record", record) + event := CreateAuditEvent("get shareable record by token", record, "record", record) defer func() { SaveAuditEvent(event, e.db, e.conf) }() - if utils.EnforceUUID(w, record, event) == false { + if EnforceUUID(w, record, event) == false { return } recordInfo, err := e.db.getSharedRecord(record) @@ -76,7 +75,7 @@ func (e mainEnv) sharedRecordGet(w http.ResponseWriter, r *http.Request, ps http if len(recordInfo.token) > 0 { userBSON, err := e.db.lookupUserRecord(recordInfo.token) if err != nil { - utils.ReturnError(w, r, "internal error", 405, err, event) + ReturnError(w, r, "internal error", 405, err, event) return } resultJSON, err = e.db.getUserApp(recordInfo.token, userBSON, recordInfo.appName, e.conf) @@ -87,11 +86,11 @@ func (e mainEnv) sharedRecordGet(w http.ResponseWriter, r *http.Request, ps http resultJSON, err = e.db.getUserJSON(recordInfo.token) } if err != nil { - utils.ReturnError(w, r, "internal error", 405, err, event) + ReturnError(w, r, "internal error", 405, err, event) return } if resultJSON == nil { - utils.ReturnError(w, r, "not found", 405, err, event) + ReturnError(w, r, "not found", 405, err, event) return } //log.Printf("Full json: %s\n", resultJSON) diff --git a/src/userapps_api.go b/src/userapps_api.go index 7d7b0ca..0b997c5 100644 --- a/src/userapps_api.go +++ b/src/userapps_api.go @@ -7,7 +7,6 @@ import ( "strings" "github.com/julienschmidt/httprouter" - "github.com/securitybunker/databunker/src/audit" "github.com/securitybunker/databunker/src/utils" ) @@ -15,7 +14,7 @@ func (e mainEnv) userappCreate(w http.ResponseWriter, r *http.Request, ps httpro appName := strings.ToLower(ps.ByName("appname")) identity := ps.ByName("identity") mode := ps.ByName("mode") - event := audit.CreateAuditAppEvent("create user app record by "+mode, identity, appName, mode, identity) + event := CreateAuditAppEvent("create user app record by "+mode, identity, appName, mode, identity) defer func() { SaveAuditEvent(event, e.db, e.conf) }() userTOKEN, userBSON, _ := e.getUserToken(w, r, mode, identity, event, true) @@ -24,30 +23,30 @@ func (e mainEnv) userappCreate(w http.ResponseWriter, r *http.Request, ps httpro } if utils.CheckValidApp(appName) == false { - utils.ReturnError(w, r, "bad appname", 405, nil, event) + ReturnError(w, r, "bad appname", 405, nil, event) return } if e.db.store.ValidateNewApp("app_"+appName) == false { - utils.ReturnError(w, r, "db limitation", 405, nil, event) + ReturnError(w, r, "db limitation", 405, nil, event) return } postData, err := utils.GetJSONPostMap(r) if err != nil { - utils.ReturnError(w, r, "failed to decode request body", 405, err, event) + ReturnError(w, r, "failed to decode request body", 405, err, event) return } if len(postData) == 0 { - utils.ReturnError(w, r, "empty body", 405, nil, event) + ReturnError(w, r, "empty body", 405, nil, event) return } jsonData, err := json.Marshal(postData) if err != nil { - utils.ReturnError(w, r, "internal error", 405, err, event) + ReturnError(w, r, "internal error", 405, err, event) return } _, err = e.db.createAppRecord(jsonData, userTOKEN, userBSON, appName, event, e.conf) if err != nil { - utils.ReturnError(w, r, "internal error", 405, err, event) + ReturnError(w, r, "internal error", 405, err, event) return } utils.ReturnUUID(w, userTOKEN) @@ -58,7 +57,7 @@ func (e mainEnv) userappChange(w http.ResponseWriter, r *http.Request, ps httpro appName := strings.ToLower(ps.ByName("appname")) identity := ps.ByName("identity") mode := ps.ByName("mode") - event := audit.CreateAuditAppEvent("change user app record by "+mode, identity, appName, mode, identity) + event := CreateAuditAppEvent("change user app record by "+mode, identity, appName, mode, identity) defer func() { SaveAuditEvent(event, e.db, e.conf) }() userTOKEN, userBSON, _ := e.getUserToken(w, r, mode, identity, event, true) @@ -68,32 +67,32 @@ func (e mainEnv) userappChange(w http.ResponseWriter, r *http.Request, ps httpro authResult := e.EnforceAuth(w, r, event) if utils.CheckValidApp(appName) == false { - utils.ReturnError(w, r, "bad appname", 405, nil, event) + ReturnError(w, r, "bad appname", 405, nil, event) return } jsonData, err := utils.GetJSONPostData(r) if err != nil { - utils.ReturnError(w, r, "failed to decode request body", 405, err, event) + ReturnError(w, r, "failed to decode request body", 405, err, event) return } if jsonData == nil { - utils.ReturnError(w, r, "empty body", 405, nil, event) + ReturnError(w, r, "empty body", 405, nil, event) return } // make sure userapp exists // resultJSON, err := e.db.getUserApp(userTOKEN, userBSON, appName, e.conf) // if err != nil { - // utils.ReturnError(w, r, "internal error", 405, err, event) + // ReturnError(w, r, "internal error", 405, err, event) // return // } // if resultJSON == nil { - // utils.ReturnError(w, r, "not found", 405, nil, event) + // ReturnError(w, r, "not found", 405, nil, event) // return // } if authResult != "login" { _, err = e.db.updateAppRecord(jsonData, userTOKEN, userBSON, appName, event, e.conf) if err != nil { - utils.ReturnError(w, r, "internal error", 405, err, event) + ReturnError(w, r, "internal error", 405, err, event) return } utils.ReturnUUID(w, userTOKEN) @@ -104,7 +103,7 @@ func (e mainEnv) userappChange(w http.ResponseWriter, r *http.Request, ps httpro if utils.StringPatternMatch(strings.ToLower(name), appName) { _, err = e.db.updateAppRecord(jsonData, userTOKEN, userBSON, appName, event, e.conf) if err != nil { - utils.ReturnError(w, r, "internal error", 405, err, event) + ReturnError(w, r, "internal error", 405, err, event) return } utils.ReturnUUID(w, userTOKEN) @@ -114,7 +113,7 @@ func (e mainEnv) userappChange(w http.ResponseWriter, r *http.Request, ps httpro } rtoken, rstatus, err := e.db.saveUserRequest("change-app-data", userTOKEN, userBSON, appName, "", jsonData, e.conf) if err != nil { - utils.ReturnError(w, r, "internal error", 405, err, event) + ReturnError(w, r, "internal error", 405, err, event) return } w.Header().Set("Content-Type", "application/json; charset=utf-8") @@ -125,7 +124,7 @@ func (e mainEnv) userappChange(w http.ResponseWriter, r *http.Request, ps httpro func (e mainEnv) userappList(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { identity := ps.ByName("identity") mode := ps.ByName("mode") - event := audit.CreateAuditEvent("get user app list by "+mode, identity, mode, identity) + event := CreateAuditEvent("get user app list by "+mode, identity, mode, identity) defer func() { SaveAuditEvent(event, e.db, e.conf) }() userTOKEN, _, _ := e.getUserToken(w, r, mode, identity, event, true) @@ -135,7 +134,7 @@ func (e mainEnv) userappList(w http.ResponseWriter, r *http.Request, ps httprout result, err := e.db.listUserApps(userTOKEN, e.conf) if err != nil { - utils.ReturnError(w, r, "internal error", 405, err, event) + ReturnError(w, r, "internal error", 405, err, event) return } w.Header().Set("Content-Type", "application/json; charset=utf-8") @@ -147,7 +146,7 @@ func (e mainEnv) userappGet(w http.ResponseWriter, r *http.Request, ps httproute appName := strings.ToLower(ps.ByName("appname")) identity := ps.ByName("identity") mode := ps.ByName("mode") - event := audit.CreateAuditAppEvent("get user app record by "+mode, identity, appName, mode, identity) + event := CreateAuditAppEvent("get user app record by "+mode, identity, appName, mode, identity) defer func() { SaveAuditEvent(event, e.db, e.conf) }() userTOKEN, userBSON, _ := e.getUserToken(w, r, mode, identity, event, true) @@ -155,16 +154,16 @@ func (e mainEnv) userappGet(w http.ResponseWriter, r *http.Request, ps httproute return } if utils.CheckValidApp(appName) == false { - utils.ReturnError(w, r, "bad appname", 405, nil, event) + ReturnError(w, r, "bad appname", 405, nil, event) return } resultJSON, err := e.db.getUserApp(userTOKEN, userBSON, appName, e.conf) if err != nil { - utils.ReturnError(w, r, "internal error", 405, err, event) + ReturnError(w, r, "internal error", 405, err, event) return } if resultJSON == nil { - utils.ReturnError(w, r, "not found", 405, nil, event) + ReturnError(w, r, "not found", 405, nil, event) return } finalJSON := fmt.Sprintf(`{"status":"ok","token":"%s","data":%s}`, userTOKEN, resultJSON) @@ -177,7 +176,7 @@ func (e mainEnv) userappDelete(w http.ResponseWriter, r *http.Request, ps httpro appName := strings.ToLower(ps.ByName("appname")) identity := ps.ByName("identity") mode := ps.ByName("mode") - event := audit.CreateAuditAppEvent("delete user app record by "+mode, identity, appName, mode, identity) + event := CreateAuditAppEvent("delete user app record by "+mode, identity, appName, mode, identity) defer func() { SaveAuditEvent(event, e.db, e.conf) }() userTOKEN, _, _ := e.getUserToken(w, r, mode, identity, event, true) @@ -186,7 +185,7 @@ func (e mainEnv) userappDelete(w http.ResponseWriter, r *http.Request, ps httpro } if utils.CheckValidApp(appName) == false { - utils.ReturnError(w, r, "bad appname", 405, nil, event) + ReturnError(w, r, "bad appname", 405, nil, event) return } e.db.deleteUserApp(userTOKEN, appName, e.conf) @@ -203,7 +202,7 @@ func (e mainEnv) userappListNames(w http.ResponseWriter, r *http.Request, ps htt } result, err := e.db.listAllApps(e.conf) if err != nil { - utils.ReturnError(w, r, "internal error", 405, err, nil) + ReturnError(w, r, "internal error", 405, err, nil) return } w.Header().Set("Content-Type", "application/json; charset=utf-8") diff --git a/src/userapps_db.go b/src/userapps_db.go index 3b19a70..eefa644 100644 --- a/src/userapps_db.go +++ b/src/userapps_db.go @@ -8,7 +8,6 @@ import ( "strings" jsonpatch "github.com/evanphx/json-patch" - "github.com/securitybunker/databunker/src/audit" "github.com/securitybunker/databunker/src/storage" "github.com/securitybunker/databunker/src/utils" "go.mongodb.org/mongo-driver/bson" @@ -55,7 +54,7 @@ func (dbobj dbcon) deleteUserApps(userTOKEN string, conf Config) { } } -func (dbobj dbcon) createAppRecord(jsonData []byte, userTOKEN string, userBSON map[string]interface{}, appName string, event *audit.AuditEvent, conf Config) (string, error) { +func (dbobj dbcon) createAppRecord(jsonData []byte, userTOKEN string, userBSON map[string]interface{}, appName string, event *AuditEvent, conf Config) (string, error) { appNameFull := "app_" + appName //log.Printf("Going to create app record: %s\n", appName) encodedStr, err := dbobj.userEncrypt(userBSON, jsonData) @@ -104,7 +103,7 @@ func (dbobj dbcon) createAppRecord(jsonData []byte, userTOKEN string, userBSON m return userTOKEN, err } -func (dbobj dbcon) updateAppRecord(jsonDataPatch []byte, userTOKEN string, userBSON map[string]interface{}, appName string, event *audit.AuditEvent, conf Config) (string, error) { +func (dbobj dbcon) updateAppRecord(jsonDataPatch []byte, userTOKEN string, userBSON map[string]interface{}, appName string, event *AuditEvent, conf Config) (string, error) { //_, err = collection.InsertOne(context.TODO(), bson.M{"name": "The Go Language2", "genre": "Coding", "authorId": "4"}) appNameFull := "app_" + appName // get user key diff --git a/src/users_api.go b/src/users_api.go index 5360f80..6bc8c34 100644 --- a/src/users_api.go +++ b/src/users_api.go @@ -7,13 +7,12 @@ import ( "net/http" "github.com/julienschmidt/httprouter" - "github.com/securitybunker/databunker/src/audit" "github.com/securitybunker/databunker/src/storage" "github.com/securitybunker/databunker/src/utils" ) func (e mainEnv) userCreate(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { - event := audit.CreateAuditEvent("create user record", "", "", "") + event := CreateAuditEvent("create user record", "", "", "") defer func() { SaveAuditEvent(event, e.db, e.conf) }() if e.conf.Generic.CreateUserWithoutAccessToken == false { @@ -25,60 +24,60 @@ func (e mainEnv) userCreate(w http.ResponseWriter, r *http.Request, ps httproute } userJSON, err := utils.GetUserJSONStruct(r, e.conf.Sms.DefaultCountry) if err != nil { - utils.ReturnError(w, r, "failed to decode request body", 405, err, event) + ReturnError(w, r, "failed to decode request body", 405, err, event) return } if len(userJSON.JsonData) == 0 { - utils.ReturnError(w, r, "empty request body", 405, nil, event) + ReturnError(w, r, "empty request body", 405, nil, event) return } err = validateUserRecord(userJSON.JsonData) if err != nil { - utils.ReturnError(w, r, "user schema error: "+err.Error(), 405, err, event) + ReturnError(w, r, "user schema error: "+err.Error(), 405, err, event) return } // make sure that login, email and phone are unique if len(userJSON.LoginIdx) > 0 { otherUserBson, err := e.db.lookupUserRecordByIndex("login", userJSON.LoginIdx, e.conf) if err != nil { - utils.ReturnError(w, r, "internal error", 405, err, event) + ReturnError(w, r, "internal error", 405, err, event) return } if otherUserBson != nil { - utils.ReturnError(w, r, "duplicate index: login", 405, nil, event) + ReturnError(w, r, "duplicate index: login", 405, nil, event) return } } if len(userJSON.EmailIdx) > 0 { otherUserBson, err := e.db.lookupUserRecordByIndex("email", userJSON.EmailIdx, e.conf) if err != nil { - utils.ReturnError(w, r, "internal error", 405, err, event) + ReturnError(w, r, "internal error", 405, err, event) return } if otherUserBson != nil { - utils.ReturnError(w, r, "duplicate index: email", 405, nil, event) + ReturnError(w, r, "duplicate index: email", 405, nil, event) return } } if len(userJSON.PhoneIdx) > 0 { otherUserBson, err := e.db.lookupUserRecordByIndex("phone", userJSON.PhoneIdx, e.conf) if err != nil { - utils.ReturnError(w, r, "internal error", 405, err, event) + ReturnError(w, r, "internal error", 405, err, event) return } if otherUserBson != nil { - utils.ReturnError(w, r, "duplicate index: phone", 405, nil, event) + ReturnError(w, r, "duplicate index: phone", 405, nil, event) return } } if len(userJSON.CustomIdx) > 0 { otherUserBson, err := e.db.lookupUserRecordByIndex("custom", userJSON.CustomIdx, e.conf) if err != nil { - utils.ReturnError(w, r, "internal error", 405, err, event) + ReturnError(w, r, "internal error", 405, err, event) return } if otherUserBson != nil { - utils.ReturnError(w, r, "duplicate index: custom", 405, nil, event) + ReturnError(w, r, "duplicate index: custom", 405, nil, event) return } } @@ -86,13 +85,13 @@ func (e mainEnv) userCreate(w http.ResponseWriter, r *http.Request, ps httproute len(userJSON.EmailIdx) == 0 && len(userJSON.PhoneIdx) == 0 && len(userJSON.CustomIdx) == 0 { - utils.ReturnError(w, r, "failed to create user, all user lookup fields are missing", 405, err, event) + ReturnError(w, r, "failed to create user, all user lookup fields are missing", 405, err, event) return } userTOKEN, err := e.db.createUserRecord(userJSON, event) if err != nil { - utils.ReturnError(w, r, "internal error", 405, err, event) + ReturnError(w, r, "internal error", 405, err, event) return } encPhoneIdx := "" @@ -125,7 +124,7 @@ func (e mainEnv) userCreate(w http.ResponseWriter, r *http.Request, ps httproute func (e mainEnv) userGet(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { identity := ps.ByName("identity") mode := ps.ByName("mode") - event := audit.CreateAuditEvent("get user record by "+mode, identity, mode, identity) + event := CreateAuditEvent("get user record by "+mode, identity, mode, identity) defer func() { SaveAuditEvent(event, e.db, e.conf) }() userTOKEN, userBSON, _ := e.getUserToken(w, r, mode, identity, event, true) @@ -137,7 +136,7 @@ func (e mainEnv) userGet(w http.ResponseWriter, r *http.Request, ps httprouter.P resultJSON = []byte("{}") } // if resultJSON == nil { - // utils.ReturnError(w, r, "record not found", 405, nil, event) + // ReturnError(w, r, "record not found", 405, nil, event) // return // } finalJSON := fmt.Sprintf(`{"status":"ok","token":"%s","data":%s}`, userTOKEN, resultJSON) @@ -151,7 +150,7 @@ func (e mainEnv) userGet(w http.ResponseWriter, r *http.Request, ps httprouter.P func (e mainEnv) userChange(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { identity := ps.ByName("identity") mode := ps.ByName("mode") - event := audit.CreateAuditEvent("change user record by "+mode, identity, mode, identity) + event := CreateAuditEvent("change user record by "+mode, identity, mode, identity) defer func() { SaveAuditEvent(event, e.db, e.conf) }() userTOKEN, userBSON, _ := e.getUserToken(w, r, mode, identity, event, true) @@ -160,17 +159,17 @@ func (e mainEnv) userChange(w http.ResponseWriter, r *http.Request, ps httproute } userJSON, _ := e.db.userProfileDecrypt(userBSON) if userJSON == nil { - utils.ReturnError(w, r, "user record not found", 405, nil, event) + ReturnError(w, r, "user record not found", 405, nil, event) return } postData, err := utils.GetJSONPostData(r) if err != nil { - utils.ReturnError(w, r, "failed to decode request body", 405, err, event) + ReturnError(w, r, "failed to decode request body", 405, err, event) return } if postData == nil { - utils.ReturnError(w, r, "empty request body", 405, nil, event) + ReturnError(w, r, "empty request body", 405, nil, event) return } @@ -182,7 +181,7 @@ func (e mainEnv) userChange(w http.ResponseWriter, r *http.Request, ps httproute if UserSchemaEnabled() { adminRecordChanged, err = e.db.validateUserRecordChange(userJSON, postData, userTOKEN, authResult) if err != nil { - utils.ReturnError(w, r, "schema validation error: "+err.Error(), 405, err, event) + ReturnError(w, r, "schema validation error: "+err.Error(), 405, err, event) return } } @@ -191,7 +190,7 @@ func (e mainEnv) userChange(w http.ResponseWriter, r *http.Request, ps httproute if e.conf.SelfService.UserRecordChange == false || adminRecordChanged == true { rtoken, rstatus, err := e.db.saveUserRequest("change-profile", userTOKEN, userBSON, "", "", postData, e.conf) if err != nil { - utils.ReturnError(w, r, "internal error", 405, err, event) + ReturnError(w, r, "internal error", 405, err, event) return } w.Header().Set("Content-Type", "application/json; charset=utf-8") @@ -202,11 +201,11 @@ func (e mainEnv) userChange(w http.ResponseWriter, r *http.Request, ps httproute } oldJSON, newJSON, lookupErr, err := e.db.updateUserRecord(postData, userTOKEN, userBSON, event, e.conf) if lookupErr { - utils.ReturnError(w, r, "record not found", 405, errors.New("record not found"), event) + ReturnError(w, r, "record not found", 405, errors.New("record not found"), event) return } if err != nil { - utils.ReturnError(w, r, "error updating user", 405, err, event) + ReturnError(w, r, "error updating user", 405, err, event) return } utils.ReturnUUID(w, userTOKEN) @@ -218,7 +217,7 @@ func (e mainEnv) userChange(w http.ResponseWriter, r *http.Request, ps httproute func (e mainEnv) userDelete(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { identity := ps.ByName("identity") mode := ps.ByName("mode") - event := audit.CreateAuditEvent("delete user record by "+mode, identity, mode, identity) + event := CreateAuditEvent("delete user record by "+mode, identity, mode, identity) defer func() { SaveAuditEvent(event, e.db, e.conf) }() strictCheck := true @@ -244,7 +243,7 @@ func (e mainEnv) userDelete(w http.ResponseWriter, r *http.Request, ps httproute fmt.Fprintf(w, `{"status":"ok","result":"done"}`) return } - utils.ReturnError(w, r, "record not found", 405, nil, event) + ReturnError(w, r, "record not found", 405, nil, event) return } @@ -253,7 +252,7 @@ func (e mainEnv) userDelete(w http.ResponseWriter, r *http.Request, ps httproute if e.conf.SelfService.ForgetMe == false { rtoken, rstatus, err := e.db.saveUserRequest("forget-me", userTOKEN, userBSON, "", "", nil, e.conf) if err != nil { - utils.ReturnError(w, r, "internal error", 405, err, event) + ReturnError(w, r, "internal error", 405, err, event) return } w.Header().Set("Content-Type", "application/json; charset=utf-8") @@ -265,7 +264,7 @@ func (e mainEnv) userDelete(w http.ResponseWriter, r *http.Request, ps httproute // decrypt user! userJSON, err := e.db.userProfileDecrypt(userBSON) if err != nil { - utils.ReturnError(w, r, "internal error", 405, err, event) + ReturnError(w, r, "internal error", 405, err, event) return } if userJSON == nil { @@ -279,7 +278,7 @@ func (e mainEnv) userDelete(w http.ResponseWriter, r *http.Request, ps httproute //fmt.Printf("deleting user %s\n", userTOKEN) _, err = e.db.deleteUserRecord(userJSON, userTOKEN, e.conf) if err != nil { - utils.ReturnError(w, r, "internal error", 405, err, event) + ReturnError(w, r, "internal error", 405, err, event) return } w.Header().Set("Content-Type", "application/json; charset=utf-8") @@ -294,7 +293,7 @@ func (e mainEnv) userPrelogin(w http.ResponseWriter, r *http.Request, ps httprou code := ps.ByName("code") identity := ps.ByName("identity") mode := ps.ByName("mode") - event := audit.CreateAuditEvent("user prelogin by "+mode, identity, mode, identity) + event := CreateAuditEvent("user prelogin by "+mode, identity, mode, identity) defer func() { SaveAuditEvent(event, e.db, e.conf) }() code0, err := decryptCaptcha(captcha) @@ -305,12 +304,12 @@ func (e mainEnv) userPrelogin(w http.ResponseWriter, r *http.Request, ps httprou return } if mode != "phone" && mode != "email" { - utils.ReturnError(w, r, "bad mode", 405, nil, event) + ReturnError(w, r, "bad mode", 405, nil, event) return } userBson, err := e.db.lookupUserRecordByIndex(mode, identity, e.conf) if err != nil { - utils.ReturnError(w, r, "internal error", 405, err, event) + ReturnError(w, r, "internal error", 405, err, event) return } if userBson != nil { @@ -332,7 +331,7 @@ func (e mainEnv) userPrelogin(w http.ResponseWriter, r *http.Request, ps httprou if mode == "email" { //notifyURL := e.conf.Notification.NotificationURL //notifyBadLogin(notifyURL, mode, identity) - //utils.ReturnError(w, r, "record not found", 405, errors.New("record not found"), event) + //ReturnError(w, r, "record not found", 405, errors.New("record not found"), event) captcha, _ := generateCaptcha() w.Header().Set("Content-Type", "application/json; charset=utf-8") w.WriteHeader(403) @@ -350,17 +349,17 @@ func (e mainEnv) userLogin(w http.ResponseWriter, r *http.Request, ps httprouter tmp := utils.Atoi(ps.ByName("tmp")) identity := ps.ByName("identity") mode := ps.ByName("mode") - event := audit.CreateAuditEvent("user login by "+mode, identity, mode, identity) + event := CreateAuditEvent("user login by "+mode, identity, mode, identity) defer func() { SaveAuditEvent(event, e.db, e.conf) }() if mode != "phone" && mode != "email" { - utils.ReturnError(w, r, "bad mode", 405, nil, event) + ReturnError(w, r, "bad mode", 405, nil, event) return } userBson, err := e.db.lookupUserRecordByIndex(mode, identity, e.conf) if userBson == nil || err != nil { - utils.ReturnError(w, r, "internal error", 405, err, event) + ReturnError(w, r, "internal error", 405, err, event) return } @@ -376,7 +375,7 @@ func (e mainEnv) userLogin(w http.ResponseWriter, r *http.Request, ps httprouter xtoken, hashedToken, err := e.db.genUserLoginXtoken(userTOKEN) //fmt.Printf("generate user access token: %s\n", xtoken) if err != nil { - utils.ReturnError(w, r, "internal error", 405, err, event) + ReturnError(w, r, "internal error", 405, err, event) return } event.Msg = "generated: " + hashedToken @@ -385,5 +384,5 @@ func (e mainEnv) userLogin(w http.ResponseWriter, r *http.Request, ps httprouter fmt.Fprintf(w, `{"status":"ok","xtoken":"%s","token":"%s"}`, xtoken, userTOKEN) return } - utils.ReturnError(w, r, "internal error", 405, nil, event) + ReturnError(w, r, "internal error", 405, nil, event) } diff --git a/src/users_db.go b/src/users_db.go index 33eb0e5..d7e8805 100644 --- a/src/users_db.go +++ b/src/users_db.go @@ -11,13 +11,12 @@ import ( jsonpatch "github.com/evanphx/json-patch" uuid "github.com/hashicorp/go-uuid" - "github.com/securitybunker/databunker/src/audit" "github.com/securitybunker/databunker/src/storage" "github.com/securitybunker/databunker/src/utils" "go.mongodb.org/mongo-driver/bson" ) -func (dbobj dbcon) createUserRecord(parsedData utils.UserJSONStruct, event *audit.AuditEvent) (string, error) { +func (dbobj dbcon) createUserRecord(parsedData utils.UserJSONStruct, event *AuditEvent) (string, error) { //var bdoc interface{} bdoc := bson.M{} userTOKEN, err := uuid.GenerateUUID() @@ -139,7 +138,7 @@ func (dbobj dbcon) validateUserRecordChange(oldUserJSON []byte, jsonDataPatch [] return validateUserRecordChange(oldUserJSON, newJSON, authResult) } -func (dbobj dbcon) updateUserRecord(jsonDataPatch []byte, userTOKEN string, userBSON bson.M, event *audit.AuditEvent, conf Config) ([]byte, []byte, bool, error) { +func (dbobj dbcon) updateUserRecord(jsonDataPatch []byte, userTOKEN string, userBSON bson.M, event *AuditEvent, conf Config) ([]byte, []byte, bool, error) { oldJSON, newJSON, lookupErr, err := dbobj.updateUserRecordDo(jsonDataPatch, userTOKEN, userBSON, event, conf) if lookupErr == true { return oldJSON, newJSON, lookupErr, err @@ -162,7 +161,7 @@ func (dbobj dbcon) updateUserRecord(jsonDataPatch []byte, userTOKEN string, user return nil, nil, false, err } -func (dbobj dbcon) updateUserRecordDo(jsonDataPatch []byte, userTOKEN string, oldUserBson bson.M, event *audit.AuditEvent, conf Config) ([]byte, []byte, bool, error) { +func (dbobj dbcon) updateUserRecordDo(jsonDataPatch []byte, userTOKEN string, oldUserBson bson.M, event *AuditEvent, conf Config) ([]byte, []byte, bool, error) { // get user key userKey := oldUserBson["key"].(string)