github-personal/databunker
1
0
Fork 0
mirror of https://github.com/outbackdingo/databunker.git synced 2026-01-27 18:18:43 +00:00
Code Issues Packages Projects Releases Wiki Activity

rename address identity

Browse Source
This commit is contained in:
yuli
2021-07-16 15:10:53 +03:00
parent 7fe2a016e4
commit 65a397fdc7
16 changed files with 176 additions and 177 deletions
Download Patch File Download Diff File Expand all files Collapse all files

78
src/agreements_api.go
View File

@@ -10,10 +10,10 @@ import (
)
func (e mainEnv) agreementAccept(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
address := ps.ByName("address")
identity := ps.ByName("identity")
brief := ps.ByName("brief")
mode := ps.ByName("mode")
event := audit("agreement accept for "+brief, address, mode, address)
event := audit("agreement accept for "+brief, identity, mode, identity)
defer func() { event.submit(e.db) }()
if validateMode(mode) == false {
returnError(w, r, "bad mode", 405, nil, event)
@@ -35,10 +35,10 @@ func (e mainEnv) agreementAccept(w http.ResponseWriter, r *http.Request, ps http
}
userTOKEN := ""
if mode == "token" {
if enforceUUID(w, address, event) == false {
if enforceUUID(w, identity, event) == false {
return
}
userBson, err := e.db.lookupUserRecord(address)
userBson, err := e.db.lookupUserRecord(identity)
if err != nil || userBson == nil {
returnError(w, r, "internal error", 405, err, event)
return
@@ -46,9 +46,9 @@ func (e mainEnv) agreementAccept(w http.ResponseWriter, r *http.Request, ps http
if e.enforceAuth(w, r, event) == "" {
return
}
userTOKEN = address
userTOKEN = identity
} else {
userBson, err := e.db.lookupUserRecordByIndex(mode, address, e.conf)
userBson, err := e.db.lookupUserRecordByIndex(mode, identity, e.conf)
if err != nil {
returnError(w, r, "internal error", 405, err, event)
return
@@ -99,12 +99,12 @@ func (e mainEnv) agreementAccept(w http.ResponseWriter, r *http.Request, ps http
}
switch mode {
case "email":
address = normalizeEmail(address)
identity = normalizeEmail(identity)
case "phone":
address = normalizePhone(address, e.conf.Sms.DefaultCountry)
identity = normalizePhone(identity, e.conf.Sms.DefaultCountry)
}
fmt.Printf("Processing agreement, status: %s\n", status)
e.db.acceptAgreement(userTOKEN, mode, address, brief, status, agreementmethod,
e.db.acceptAgreement(userTOKEN, mode, identity, brief, status, agreementmethod,
referencecode, lastmodifiedby, starttime, expiration)
/*
notifyURL := e.conf.Notification.NotificationURL
@@ -113,7 +113,7 @@ func (e mainEnv) agreementAccept(w http.ResponseWriter, r *http.Request, ps http
if len(userTOKEN) > 0 {
notifyConsentChange(notifyURL, brief, status, "token", userTOKEN)
} else {
notifyConsentChange(notifyURL, brief, status, mode, address)
notifyConsentChange(notifyURL, brief, status, mode, identity)
}
}
*/
@@ -123,10 +123,10 @@ func (e mainEnv) agreementAccept(w http.ResponseWriter, r *http.Request, ps http
}
func (e mainEnv) agreementWithdraw(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
address := ps.ByName("address")
identity := ps.ByName("identity")
brief := ps.ByName("brief")
mode := ps.ByName("mode")
event := audit("consent withdraw for "+brief, address, mode, address)
event := audit("consent withdraw for "+brief, identity, mode, identity)
defer func() { event.submit(e.db) }()
if validateMode(mode) == false {
@@ -151,10 +151,10 @@ func (e mainEnv) agreementWithdraw(w http.ResponseWriter, r *http.Request, ps ht
userTOKEN := ""
authResult := ""
if mode == "token" {
if enforceUUID(w, address, event) == false {
if enforceUUID(w, identity, event) == false {
return
}
userBson, _ := e.db.lookupUserRecord(address)
userBson, _ := e.db.lookupUserRecord(identity)
if userBson == nil {
returnError(w, r, "internal error", 405, nil, event)
return
@@ -163,10 +163,10 @@ func (e mainEnv) agreementWithdraw(w http.ResponseWriter, r *http.Request, ps ht
if authResult == "" {
return
}
userTOKEN = address
userTOKEN = identity
} else {
// TODO: decode url in code!
userBson, _ := e.db.lookupUserRecordByIndex(mode, address, e.conf)
userBson, _ := e.db.lookupUserRecordByIndex(mode, identity, e.conf)
if userBson != nil {
userTOKEN = userBson["token"].(string)
event.Record = userTOKEN
@@ -218,11 +218,11 @@ func (e mainEnv) agreementWithdraw(w http.ResponseWriter, r *http.Request, ps ht
}
switch mode {
case "email":
address = normalizeEmail(address)
identity = normalizeEmail(identity)
case "phone":
address = normalizePhone(address, e.conf.Sms.DefaultCountry)
identity = normalizePhone(identity, e.conf.Sms.DefaultCountry)
}
e.db.withdrawAgreement(userTOKEN, brief, mode, address, lastmodifiedby)
e.db.withdrawAgreement(userTOKEN, brief, mode, identity, lastmodifiedby)
w.Header().Set("Content-Type", "application/json; charset=utf-8")
w.WriteHeader(200)
w.Write([]byte(`{"status":"ok"}`))
@@ -230,7 +230,7 @@ func (e mainEnv) agreementWithdraw(w http.ResponseWriter, r *http.Request, ps ht
if len(userTOKEN) > 0 {
notifyConsentChange(notifyURL, brief, "no", "token", userTOKEN)
} else {
notifyConsentChange(notifyURL, brief, "no", mode, address)
notifyConsentChange(notifyURL, brief, "no", mode, identity)
}
}
@@ -261,9 +261,9 @@ func (e mainEnv) agreementRevokeAll(w http.ResponseWriter, r *http.Request, ps h
}
func (e mainEnv) getUserAgreements(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
address := ps.ByName("address")
identity := ps.ByName("identity")
mode := ps.ByName("mode")
event := audit("privacy agreements for "+mode, address, mode, address)
event := audit("privacy agreements for "+mode, identity, mode, identity)
defer func() { event.submit(e.db) }()
if validateMode(mode) == false {
@@ -273,10 +273,10 @@ func (e mainEnv) getUserAgreements(w http.ResponseWriter, r *http.Request, ps ht
userTOKEN := ""
if mode == "token" {
if enforceUUID(w, address, event) == false {
if enforceUUID(w, identity, event) == false {
return
}
userBson, _ := e.db.lookupUserRecord(address)
userBson, _ := e.db.lookupUserRecord(identity)
if userBson == nil {
returnError(w, r, "internal error", 405, nil, event)
return
@@ -284,10 +284,10 @@ func (e mainEnv) getUserAgreements(w http.ResponseWriter, r *http.Request, ps ht
if e.enforceAuth(w, r, event) == "" {
return
}
userTOKEN = address
userTOKEN = identity
} else {
// TODO: decode url in code!
userBson, _ := e.db.lookupUserRecordByIndex(mode, address, e.conf)
userBson, _ := e.db.lookupUserRecordByIndex(mode, identity, e.conf)
if userBson != nil {
userTOKEN = userBson["token"].(string)
event.Record = userTOKEN
@@ -313,7 +313,7 @@ func (e mainEnv) getUserAgreements(w http.ResponseWriter, r *http.Request, ps ht
if len(userTOKEN) > 0 {
resultJSON, numRecords, err = e.db.listAgreementRecords(userTOKEN)
} else {
resultJSON, numRecords, err = e.db.listAgreementRecordsByIdentity(address)
resultJSON, numRecords, err = e.db.listAgreementRecordsByIdentity(identity)
}
if err != nil {
returnError(w, r, "internal error", 405, err, event)
@@ -327,10 +327,10 @@ func (e mainEnv) getUserAgreements(w http.ResponseWriter, r *http.Request, ps ht
}
func (e mainEnv) getUserAgreement(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
address := ps.ByName("address")
identity := ps.ByName("identity")
brief := ps.ByName("brief")
mode := ps.ByName("mode")
event := audit("privacy agreements for "+mode, address, mode, address)
event := audit("privacy agreements for "+mode, identity, mode, identity)
defer func() { event.submit(e.db) }()
if validateMode(mode) == false {
@@ -352,10 +352,10 @@ func (e mainEnv) getUserAgreement(w http.ResponseWriter, r *http.Request, ps htt
}
userTOKEN := ""
if mode == "token" {
if enforceUUID(w, address, event) == false {
if enforceUUID(w, identity, event) == false {
return
}
userBson, _ := e.db.lookupUserRecord(address)
userBson, _ := e.db.lookupUserRecord(identity)
if userBson == nil {
returnError(w, r, "internal error", 405, nil, event)
return
@@ -363,10 +363,10 @@ func (e mainEnv) getUserAgreement(w http.ResponseWriter, r *http.Request, ps htt
if e.enforceAuth(w, r, event) == "" {
return
}
userTOKEN = address
userTOKEN = identity
} else {
// TODO: decode url in code!
userBson, _ := e.db.lookupUserRecordByIndex(mode, address, e.conf)
userBson, _ := e.db.lookupUserRecordByIndex(mode, identity, e.conf)
if userBson != nil {
userTOKEN = userBson["token"].(string)
event.Record = userTOKEN
@@ -404,10 +404,10 @@ func (e mainEnv) getUserAgreement(w http.ResponseWriter, r *http.Request, ps htt
/*
func (e mainEnv) consentUserRecord(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
address := ps.ByName("address")
identity := ps.ByName("identity")
brief := ps.ByName("brief")
mode := ps.ByName("mode")
event := audit("consent record for "+brief, address, mode, address)
event := audit("consent record for "+brief, identity, mode, identity)
defer func() { event.submit(e.db) }()
if validateMode(mode) == false {
@@ -419,15 +419,15 @@ func (e mainEnv) consentUserRecord(w http.ResponseWriter, r *http.Request, ps ht
returnError(w, r, "bad brief format", 405, nil, event)
return
}
userTOKEN := address
userTOKEN := identity
var userBson bson.M
if mode == "token" {
if enforceUUID(w, address, event) == false {
if enforceUUID(w, identity, event) == false {
return
}
userBson, _ = e.db.lookupUserRecord(address)
userBson, _ = e.db.lookupUserRecord(identity)
} else {
userBson, _ = e.db.lookupUserRecordByIndex(mode, address, e.conf)
userBson, _ = e.db.lookupUserRecordByIndex(mode, identity, e.conf)
if userBson != nil {
userTOKEN = userBson["token"].(string)
event.Record = userTOKEN

8
src/audit_db.go
View File

@@ -28,14 +28,14 @@ type auditEvent struct {
Atoken string `json:"atoken"`
}
func audit(title string, record string, mode string, address string) *auditEvent {
func audit(title string, record string, mode string, identity string) *auditEvent {
//fmt.Printf("/%s : %s\n", title, record)
return &auditEvent{Title: title, Mode: mode, Who: address, Record: record, Status: "ok", When: int32(time.Now().Unix())}
return &auditEvent{Title: title, Mode: mode, Who: identity, Record: record, Status: "ok", When: int32(time.Now().Unix())}
}
func auditApp(title string, record string, app string, mode string, address string) *auditEvent {
func auditApp(title string, record string, app string, mode string, identity string) *auditEvent {
//fmt.Printf("/%s : %s : %s\n", title, app, record)
return &auditEvent{Title: title, Mode: mode, Who: address, Record: record, Status: "ok", When: int32(time.Now().Unix())}
return &auditEvent{Title: title, Mode: mode, Who: identity, Record: record, Status: "ok", When: int32(time.Now().Unix())}
}
func (event auditEvent) submit(db *dbcon) {

34
src/bunker.go
View File

@@ -186,18 +186,18 @@ func (e mainEnv) setupRouter() *httprouter.Router {
router.GET("/v1/sys/backup", e.backupDB)
router.POST("/v1/user", e.userNew)
router.GET("/v1/user/:mode/:address", e.userGet)
router.DELETE("/v1/user/:mode/:address", e.userDelete)
router.PUT("/v1/user/:mode/:address", e.userChange)
router.GET("/v1/user/:mode/:identity", e.userGet)
router.DELETE("/v1/user/:mode/:identity", e.userDelete)
router.PUT("/v1/user/:mode/:identity", e.userChange)
router.GET("/v1/prelogin/:mode/:address/:code/:captcha", e.userPrelogin)
router.GET("/v1/login/:mode/:address/:tmp", e.userLogin)
router.GET("/v1/prelogin/:mode/:identity/:code/:captcha", e.userPrelogin)
router.GET("/v1/login/:mode/:identity/:tmp", e.userLogin)
router.GET("/v1/exp/retain/:exptoken", e.expRetainData)
router.GET("/v1/exp/delete/:exptoken", e.expDeleteData)
router.GET("/v1/exp/status/:mode/:address", e.expGetStatus)
router.POST("/v1/exp/start/:mode/:address", e.expStart)
router.DELETE("/v1/exp/cancel/:mode/:address", e.expCancel)
router.GET("/v1/exp/status/:mode/:identity", e.expGetStatus)
router.POST("/v1/exp/start/:mode/:identity", e.expStart)
router.DELETE("/v1/exp/cancel/:mode/:identity", e.expCancel)
router.POST("/v1/sharedrecord/token/:token", e.newSharedRecord)
router.GET("/v1/get/:record", e.getRecord)
@@ -205,7 +205,7 @@ func (e mainEnv) setupRouter() *httprouter.Router {
router.GET("/v1/request/:request", e.getUserRequest)
router.POST("/v1/request/:request", e.approveUserRequest)
router.DELETE("/v1/request/:request", e.cancelUserRequest)
router.GET("/v1/requests/:mode/:address", e.getCustomUserRequests)
router.GET("/v1/requests/:mode/:identity", e.getCustomUserRequests)
router.GET("/v1/requests", e.getUserRequests)
router.GET("/v1/pactivity", e.pactivityList)
@@ -218,14 +218,14 @@ func (e mainEnv) setupRouter() *httprouter.Router {
router.POST("/v1/lbasis/:brief", e.createLegalBasis)
router.DELETE("/v1/lbasis/:brief", e.deleteLegalBasis)
router.GET("/v1/agreement/:brief/:mode/:address", e.getUserAgreement)
router.POST("/v1/agreement/:brief/:mode/:address", e.agreementAccept)
router.GET("/v1/agreement/:brief/:mode/:identity", e.getUserAgreement)
router.POST("/v1/agreement/:brief/:mode/:identity", e.agreementAccept)
router.DELETE("/v1/agreement/:brief", e.agreementRevokeAll)
router.DELETE("/v1/agreement/:brief/:mode/:address", e.agreementWithdraw)
router.GET("/v1/agreements/:mode/:address", e.getUserAgreements)
router.DELETE("/v1/agreement/:brief/:mode/:identity", e.agreementWithdraw)
router.GET("/v1/agreements/:mode/:identity", e.getUserAgreements)
//router.GET("/v1/consent/:mode/:address", e.consentAllUserRecords)
//router.GET("/v1/consent/:mode/:address/:brief", e.consentUserRecord)
//router.GET("/v1/consent/:mode/:identity", e.consentAllUserRecords)
//router.GET("/v1/consent/:mode/:identity/:brief", e.consentUserRecord)
router.POST("/v1/userapp/token/:token/:appname", e.userappNew)
router.GET("/v1/userapp/token/:token/:appname", e.userappGet)
@@ -237,8 +237,8 @@ func (e mainEnv) setupRouter() *httprouter.Router {
router.GET("/v1/session/:session", e.getSession)
router.POST("/v1/session/:session", e.createSession)
router.DELETE("/v1/session/:session", e.deleteSession)
//router.POST("/v1/sessions/:mode/:address", e.newUserSession)
router.GET("/v1/sessions/:mode/:address", e.getUserSessions)
//router.POST("/v1/sessions/:mode/:identity", e.newUserSession)
router.GET("/v1/sessions/:mode/:identity", e.getUserSessions)
router.GET("/v1/metrics", e.metrics)

16
src/consent_test.go
View File

@@ -8,29 +8,29 @@ import (
uuid "github.com/hashicorp/go-uuid"
)
func helpAcceptAgreement(mode string, address string, brief string, dataJSON string) (map[string]interface{}, error) {
url := "http://localhost:3000/v1/agreement/" + brief + "/" + mode + "/" + address
func helpAcceptAgreement(mode string, identity string, brief string, dataJSON string) (map[string]interface{}, error) {
url := "http://localhost:3000/v1/agreement/" + brief + "/" + mode + "/" + identity
request := httptest.NewRequest("POST", url, strings.NewReader(dataJSON))
request.Header.Set("X-Bunker-Token", rootToken)
return helpServe(request)
}
func helpWithdrawAgreement(mode string, address string, brief string) (map[string]interface{}, error) {
url := "http://localhost:3000/v1/agreement/" + brief + "/" + mode + "/" + address
func helpWithdrawAgreement(mode string, identity string, brief string) (map[string]interface{}, error) {
url := "http://localhost:3000/v1/agreement/" + brief + "/" + mode + "/" + identity
request := httptest.NewRequest("DELETE", url, nil)
request.Header.Set("X-Bunker-Token", rootToken)
return helpServe(request)
}
func helpGetUserAgreement(mode string, address string, brief string) (map[string]interface{}, error) {
url := "http://localhost:3000/v1/agreement/" + brief + "/" + mode + "/" + address
func helpGetUserAgreement(mode string, identity string, brief string) (map[string]interface{}, error) {
url := "http://localhost:3000/v1/agreement/" + brief + "/" + mode + "/" + identity
request := httptest.NewRequest("GET", url, nil)
request.Header.Set("X-Bunker-Token", rootToken)
return helpServe(request)
}
func helpGetAllUserAgreements(mode string, address string) (map[string]interface{}, error) {
url := "http://localhost:3000/v1/agreements/" + mode + "/" + address
func helpGetAllUserAgreements(mode string, identity string) (map[string]interface{}, error) {
url := "http://localhost:3000/v1/agreements/" + mode + "/" + identity
request := httptest.NewRequest("GET", url, nil)
request.Header.Set("X-Bunker-Token", rootToken)
return helpServe(request)

4
src/email.go
View File

@@ -7,8 +7,8 @@ import (
"strings"
)
func sendCodeByEmail(code int32, address string, cfg Config) {
Dest := []string{address}
func sendCodeByEmail(code int32, identity string, cfg Config) {
Dest := []string{identity}
Subject := "Access Code"
bodyMessage := "Access code is " + strconv.Itoa(int((code)))
msg := "From: " + cfg.SMTP.Sender + "\n" +

52
src/expiration_api.go
View File

@@ -26,23 +26,23 @@ func (e mainEnv) expUsers() error {
func (e mainEnv) expGetStatus(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
var err error
address := ps.ByName("address")
identity := ps.ByName("identity")
mode := ps.ByName("mode")
event := audit("get expiration status by "+mode, address, mode, address)
event := audit("get expiration status by "+mode, identity, mode, identity)
defer func() { event.submit(e.db) }()
if validateMode(mode) == false {
returnError(w, r, "bad mode", 405, nil, event)
return
}
userTOKEN := address
userTOKEN := identity
var userBson bson.M
if mode == "token" {
if enforceUUID(w, address, event) == false {
if enforceUUID(w, identity, event) == false {
return
}
userBson, err = e.db.lookupUserRecord(address)
userBson, err = e.db.lookupUserRecord(identity)
} else {
userBson, err = e.db.lookupUserRecordByIndex(mode, address, e.conf)
userBson, err = e.db.lookupUserRecordByIndex(mode, identity, e.conf)
if userBson != nil {
userTOKEN = userBson["token"].(string)
event.Record = userTOKEN
@@ -64,23 +64,23 @@ func (e mainEnv) expGetStatus(w http.ResponseWriter, r *http.Request, ps httprou
func (e mainEnv) expCancel(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
var err error
address := ps.ByName("address")
identity := ps.ByName("identity")
mode := ps.ByName("mode")
event := audit("clear user expiration by "+mode, address, mode, address)
event := audit("clear user expiration by "+mode, identity, mode, identity)
defer func() { event.submit(e.db) }()
if validateMode(mode) == false {
returnError(w, r, "bad mode", 405, nil, event)
return
}
userTOKEN := address
userTOKEN := identity
var userBson bson.M
if mode == "token" {
if enforceUUID(w, address, event) == false {
if enforceUUID(w, identity, event) == false {
return
}
userBson, err = e.db.lookupUserRecord(address)
userBson, err = e.db.lookupUserRecord(identity)
} else {
userBson, err = e.db.lookupUserRecordByIndex(mode, address, e.conf)
userBson, err = e.db.lookupUserRecordByIndex(mode, identity, e.conf)
if userBson != nil {
userTOKEN = userBson["token"].(string)
event.Record = userTOKEN
@@ -103,14 +103,14 @@ func (e mainEnv) expCancel(w http.ResponseWriter, r *http.Request, ps httprouter
}
func (e mainEnv) expRetainData(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
address := ps.ByName("exptoken")
identity := ps.ByName("exptoken")
mode := "exptoken"
event := audit("retain user data by exptoken", address, mode, address)
event := audit("retain user data by exptoken", identity, mode, identity)
defer func() { event.submit(e.db) }()
if enforceUUID(w, address, event) == false {
if enforceUUID(w, identity, event) == false {
return
}
userBson, err := e.db.lookupUserRecordByIndex(mode, address, e.conf)
userBson, err := e.db.lookupUserRecordByIndex(mode, identity, e.conf)
if userBson == nil || err != nil {
returnError(w, r, "internal error", 405, nil, event)
return
@@ -128,14 +128,14 @@ func (e mainEnv) expRetainData(w http.ResponseWriter, r *http.Request, ps httpro
}
func (e mainEnv) expDeleteData(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
address := ps.ByName("exptoken")
identity := ps.ByName("exptoken")
mode := "exptoken"
event := audit("delete user data by exptoken", address, mode, address)
event := audit("delete user data by exptoken", identity, mode, identity)
defer func() { event.submit(e.db) }()
if enforceUUID(w, address, event) == false {
if enforceUUID(w, identity, event) == false {
return
}
resultJSON, userTOKEN, err := e.db.getUserJsonByIndex(address, mode, e.conf)
resultJSON, userTOKEN, err := e.db.getUserJsonByIndex(identity, mode, e.conf)
if resultJSON == nil || err != nil {
returnError(w, r, "internal error", 405, nil, event)
return
@@ -154,9 +154,9 @@ func (e mainEnv) expDeleteData(w http.ResponseWriter, r *http.Request, ps httpro
func (e mainEnv) expStart(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
var err error
address := ps.ByName("address")
identity := ps.ByName("identity")
mode := ps.ByName("mode")
event := audit("initiate user record expiration by "+mode, address, mode, address)
event := audit("initiate user record expiration by "+mode, identity, mode, identity)
defer func() { event.submit(e.db) }()
if validateMode(mode) == false {
returnError(w, r, "bad mode", 405, nil, event)
@@ -165,15 +165,15 @@ func (e mainEnv) expStart(w http.ResponseWriter, r *http.Request, ps httprouter.
if e.enforceAdmin(w, r) == "" {
return
}
userTOKEN := address
userTOKEN := identity
var userBson bson.M
if mode == "token" {
if enforceUUID(w, address, event) == false {
if enforceUUID(w, identity, event) == false {
return
}
userBson, err = e.db.lookupUserRecord(address)
userBson, err = e.db.lookupUserRecord(identity)
} else {
userBson, err = e.db.lookupUserRecordByIndex(mode, address, e.conf)
userBson, err = e.db.lookupUserRecordByIndex(mode, identity, e.conf)
if userBson != nil {
userTOKEN = userBson["token"].(string)
event.Record = userTOKEN

2
src/lbasis_api.go
View File

@@ -71,7 +71,7 @@ func (e mainEnv) createLegalBasis(w http.ResponseWriter, r *http.Request, ps htt
if len(userTOKEN) > 0 {
notifyConsentChange(notifyURL, brief, status, "token", userTOKEN)
} else {
notifyConsentChange(notifyURL, brief, status, mode, address)
notifyConsentChange(notifyURL, brief, status, mode, identity)
}
}
*/

28
src/notify.go
View File

@@ -11,47 +11,47 @@ import (
"github.com/securitybunker/databunker/src/autocontext"
)
func notifyBadLogin(notifyURL string, mode string, address string) {
func notifyBadLogin(notifyURL string, mode string, identity string) {
if len(notifyURL) == 0 {
return
}
requestBody := fmt.Sprintf(`{"action":"%s","address":"%s","mode":"%s"}`,
"badlogin", address, mode)
requestBody := fmt.Sprintf(`{"action":"%s","identity":"%s","mode":"%s"}`,
"badlogin", identity, mode)
host := autocontext.GetAuto("host")
go notify(notifyURL, host, []byte(requestBody))
}
func notifyProfileNew(notifyURL string, profile []byte, mode string, address string) {
func notifyProfileNew(notifyURL string, profile []byte, mode string, identity string) {
if len(notifyURL) == 0 {
return
}
requestBody := fmt.Sprintf(`{"action":"%s","address":"%s","mode":"%s","profile":%s}`,
"profilenew", address, mode, profile)
requestBody := fmt.Sprintf(`{"action":"%s","identity":"%s","mode":"%s","profile":%s}`,
"profilenew", identity, mode, profile)
host := autocontext.GetAuto("host")
go notify(notifyURL, host, []byte(requestBody))
}
func notifyProfileChange(notifyURL string, old []byte, profile []byte, mode string, address string) {
func notifyProfileChange(notifyURL string, old []byte, profile []byte, mode string, identity string) {
if len(notifyURL) == 0 {
return
}
requestBody := fmt.Sprintf(`{"action":"%s","address":"%s","mode":"%s","old":%s,"profile":%s}`,
"profilechange", address, mode, old, profile)
requestBody := fmt.Sprintf(`{"action":"%s","identity":"%s","mode":"%s","old":%s,"profile":%s}`,
"profilechange", identity, mode, old, profile)
host := autocontext.GetAuto("host")
go notify(notifyURL, host, []byte(requestBody))
}
func notifyForgetMe(notifyURL string, profile []byte, mode string, address string) {
func notifyForgetMe(notifyURL string, profile []byte, mode string, identity string) {
if len(notifyURL) == 0 {
return
}
requestBody := fmt.Sprintf(`{"action":"%s","address":"%s","mode":"%s","profile":%s}`,
"forgetme", address, mode, profile)
requestBody := fmt.Sprintf(`{"action":"%s","identity":"%s","mode":"%s","profile":%s}`,
"forgetme", identity, mode, profile)
host := autocontext.GetAuto("host")
go notify(notifyURL, host, []byte(requestBody))
}
func notifyConsentChange(notifyURL string, brief string, status string, mode string, address string) {
func notifyConsentChange(notifyURL string, brief string, status string, mode string, identity string) {
if len(notifyURL) == 0 {
return
}
@@ -60,7 +60,7 @@ func notifyConsentChange(notifyURL string, brief string, status string, mode str
"brief": brief,
"status": status,
"mode": mode,
"address": address,
"identity": identity,
})
host := autocontext.GetAuto("host")
go notify(notifyURL, host, requestBody)

12
src/requests_api.go
View File

@@ -39,24 +39,24 @@ func (e mainEnv) getUserRequests(w http.ResponseWriter, r *http.Request, ps http
}
func (e mainEnv) getCustomUserRequests(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
address := ps.ByName("address")
identity := ps.ByName("identity")
mode := ps.ByName("mode")
event := audit("get user privacy requests", address, mode, address)
event := audit("get user privacy requests", identity, mode, identity)
defer func() { event.submit(e.db) }()
if validateMode(mode) == false {
returnError(w, r, "bad mode", 405, nil, event)
return
}
userTOKEN := address
userTOKEN := identity
var userBson bson.M
if mode == "token" {
if enforceUUID(w, address, event) == false {
if enforceUUID(w, identity, event) == false {
return
}
userBson, _ = e.db.lookupUserRecord(address)
userBson, _ = e.db.lookupUserRecord(identity)
} else {
userBson, _ = e.db.lookupUserRecordByIndex(mode, address, e.conf)
userBson, _ = e.db.lookupUserRecordByIndex(mode, identity, e.conf)
if userBson != nil {
userTOKEN = userBson["token"].(string)
event.Record = userTOKEN

24
src/sessions_api.go
View File

@@ -88,24 +88,24 @@ func (e mainEnv) deleteSession(w http.ResponseWriter, r *http.Request, ps httpro
}
func (e mainEnv) newUserSession(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
address := ps.ByName("address")
identity := ps.ByName("identity")
mode := ps.ByName("mode")
event := audit("create user session", address, mode, address)
event := audit("create user session", identity, mode, identity)
defer func() { event.submit(e.db) }()
if validateMode(mode) == false {
returnError(w, r, "bad mode", 405, nil, event)
return
}
userTOKEN := address
userTOKEN := identity
var userBson bson.M
if mode == "token" {
if enforceUUID(w, address, event) == false {
if enforceUUID(w, identity, event) == false {
return
}
userBson, _ = e.db.lookupUserRecord(address)
userBson, _ = e.db.lookupUserRecord(identity)
} else {
userBson, _ = e.db.lookupUserRecordByIndex(mode, address, e.conf)
userBson, _ = e.db.lookupUserRecordByIndex(mode, identity, e.conf)
if userBson != nil {
userTOKEN = userBson["token"].(string)
event.Record = userTOKEN
@@ -151,25 +151,25 @@ func (e mainEnv) newUserSession(w http.ResponseWriter, r *http.Request, ps httpr
}
func (e mainEnv) getUserSessions(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
address := ps.ByName("address")
identity := ps.ByName("identity")
mode := ps.ByName("mode")
event := audit("get all user sessions", address, mode, address)
event := audit("get all user sessions", identity, mode, identity)
defer func() { event.submit(e.db) }()
if validateMode(mode) == false {
returnError(w, r, "bad mode", 405, nil, event)
return
}
userTOKEN := address
userTOKEN := identity
var userBson bson.M
if mode == "token" {
if enforceUUID(w, address, event) == false {
if enforceUUID(w, identity, event) == false {
return
}
userBson, _ = e.db.lookupUserRecord(address)
userBson, _ = e.db.lookupUserRecord(identity)
} else {
// TODO: decode url in code!
userBson, _ = e.db.lookupUserRecordByIndex(mode, address, e.conf)
userBson, _ = e.db.lookupUserRecordByIndex(mode, identity, e.conf)
if userBson != nil {
userTOKEN = userBson["token"].(string)
event.Record = userTOKEN

4
src/sessions_test.go
View File

@@ -23,8 +23,8 @@ func helpGetSession(recordTOKEN string) (map[string]interface{}, error) {
return helpServe(request)
}
func helpGetUserSessions(mode string, address string) (map[string]interface{}, error) {
url := "http://localhost:3000/v1/sessions/" + mode + "/" + address
func helpGetUserSessions(mode string, identity string) (map[string]interface{}, error) {
url := "http://localhost:3000/v1/sessions/" + mode + "/" + identity
request := httptest.NewRequest("GET", url, nil)
request.Header.Set("X-Bunker-Token", rootToken)
return helpServe(request)

4
src/sharedrecords_test.go
View File

@@ -9,8 +9,8 @@ import (
uuid "github.com/hashicorp/go-uuid"
)
func helpCreateSharedRecord(mode string, address string, dataJSON string) (map[string]interface{}, error) {
url := "http://localhost:3000/v1/sharedrecord/" + mode + "/" + address
func helpCreateSharedRecord(mode string, identity string, dataJSON string) (map[string]interface{}, error) {
url := "http://localhost:3000/v1/sharedrecord/" + mode + "/" + identity
request := httptest.NewRequest("POST", url, strings.NewReader(dataJSON))
request.Header.Set("X-Bunker-Token", rootToken)
return helpServe(request)

12
src/sms.go
View File

@@ -9,20 +9,20 @@ import (
"strings"
)
func sendCodeByPhone(code int32, address string, cfg Config) {
func sendCodeByPhone(code int32, identity string, cfg Config) {
domain := "https://api.twilio.com"
client := &http.Client{}
sendCodeByPhoneDo(domain, client, code, address, cfg)
sendCodeByPhoneDo(domain, client, code, identity, cfg)
}
func sendCodeByPhoneDo(domain string, client *http.Client, code int32, address string, cfg Config) {
func sendCodeByPhoneDo(domain string, client *http.Client, code int32, identity string, cfg Config) {
if len(cfg.Sms.Url) == 0 {
log.Printf("SMS gateway provider URL is missing")
return
}
msg := "Databunker code " + strconv.Itoa(int(code))
finalUrl := cfg.Sms.Url
finalUrl = strings.ReplaceAll(finalUrl, "_PHONE_", url.QueryEscape(address))
finalUrl = strings.ReplaceAll(finalUrl, "_PHONE_", url.QueryEscape(identity))
finalUrl = strings.ReplaceAll(finalUrl, "_FROM_", url.QueryEscape(cfg.Sms.From))
finalUrl = strings.ReplaceAll(finalUrl, "_TOKEN_", url.QueryEscape(cfg.Sms.Token))
finalUrl = strings.ReplaceAll(finalUrl, "_MSG_", url.QueryEscape(msg))
@@ -54,13 +54,13 @@ func sendCodeByPhoneDo(domain string, client *http.Client, code int32, address s
if cType == "json" || cType == "application/json" {
// no need to escape values when sending JSON
body = strings.ReplaceAll(body, "_FROM_", cfg.Sms.From)
body = strings.ReplaceAll(body, "_PHONE_", address)
body = strings.ReplaceAll(body, "_PHONE_", identity)
body = strings.ReplaceAll(body, "_TOKEN_", cfg.Sms.Token)
body = strings.ReplaceAll(body, "_MSG_", msg)
cType = "application/json"
} else {
body = strings.ReplaceAll(body, "_FROM_", url.QueryEscape(cfg.Sms.From))
body = strings.ReplaceAll(body, "_PHONE_", url.QueryEscape(address))
body = strings.ReplaceAll(body, "_PHONE_", url.QueryEscape(identity))
body = strings.ReplaceAll(body, "_TOKEN_", url.QueryEscape(cfg.Sms.Token))
body = strings.ReplaceAll(body, "_MSG_", url.QueryEscape(msg))
cType = "application/x-www-form-urlencoded"

59
src/users_api.go
View File

@@ -118,9 +118,9 @@ func (e mainEnv) userNew(w http.ResponseWriter, r *http.Request, ps httprouter.P
func (e mainEnv) userGet(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
var err error
var resultJSON []byte
address := ps.ByName("address")
identity := ps.ByName("identity")
mode := ps.ByName("mode")
event := audit("get user record by "+mode, address, mode, address)
event := audit("get user record by "+mode, identity, mode, identity)
defer func() { event.submit(e.db) }()
if validateMode(mode) == false {
returnError(w, r, "bad mode", 405, nil, event)
@@ -129,13 +129,13 @@ func (e mainEnv) userGet(w http.ResponseWriter, r *http.Request, ps httprouter.P
userTOKEN := ""
authResult := ""
if mode == "token" {
if enforceUUID(w, address, event) == false {
if enforceUUID(w, identity, event) == false {
return
}
resultJSON, err = e.db.getUserJson(address)
userTOKEN = address
resultJSON, err = e.db.getUserJson(identity)
userTOKEN = identity
} else {
resultJSON, userTOKEN, err = e.db.getUserJsonByIndex(address, mode, e.conf)
resultJSON, userTOKEN, err = e.db.getUserJsonByIndex(identity, mode, e.conf)
event.Record = userTOKEN
}
if err != nil {
@@ -159,9 +159,9 @@ func (e mainEnv) userGet(w http.ResponseWriter, r *http.Request, ps httprouter.P
}
func (e mainEnv) userChange(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
address := ps.ByName("address")
identity := ps.ByName("identity")
mode := ps.ByName("mode")
event := audit("change user record by "+mode, address, mode, address)
event := audit("change user record by "+mode, identity, mode, identity)
defer func() { event.submit(e.db) }()
if validateMode(mode) == false {
@@ -183,13 +183,13 @@ func (e mainEnv) userChange(w http.ResponseWriter, r *http.Request, ps httproute
var userJSON []byte
var userBSON bson.M
if mode == "token" {
if enforceUUID(w, address, event) == false {
if enforceUUID(w, identity, event) == false {
return
}
userTOKEN = address
userJSON, userBSON, err = e.db.getUser(address)
userTOKEN = identity
userJSON, userBSON, err = e.db.getUser(identity)
} else {
userJSON, userTOKEN, userBSON, err = e.db.getUserByIndex(address, mode, e.conf)
userJSON, userTOKEN, userBSON, err = e.db.getUserByIndex(identity, mode, e.conf)
event.Record = userTOKEN
}
if err != nil {
@@ -242,9 +242,9 @@ func (e mainEnv) userChange(w http.ResponseWriter, r *http.Request, ps httproute
// user forgetme request comes here
func (e mainEnv) userDelete(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
address := ps.ByName("address")
identity := ps.ByName("identity")
mode := ps.ByName("mode")
event := audit("delete user record by "+mode, address, mode, address)
event := audit("delete user record by "+mode, identity, mode, identity)
defer func() { event.submit(e.db) }()
if validateMode(mode) == false {
@@ -253,14 +253,14 @@ func (e mainEnv) userDelete(w http.ResponseWriter, r *http.Request, ps httproute
}
var err error
var resultJSON []byte
userTOKEN := address
userTOKEN := identity
if mode == "token" {
if enforceUUID(w, address, event) == false {
if enforceUUID(w, identity, event) == false {
return
}
resultJSON, err = e.db.getUserJson(address)
resultJSON, err = e.db.getUserJson(identity)
} else {
resultJSON, userTOKEN, err = e.db.getUserJsonByIndex(address, mode, e.conf)
resultJSON, userTOKEN, err = e.db.getUserJsonByIndex(identity, mode, e.conf)
event.Record = userTOKEN
}
if err != nil {
@@ -307,9 +307,9 @@ func (e mainEnv) userDelete(w http.ResponseWriter, r *http.Request, ps httproute
func (e mainEnv) userPrelogin(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
captcha := ps.ByName("captcha")
code := ps.ByName("code")
address := ps.ByName("address")
identity := ps.ByName("identity")
mode := ps.ByName("mode")
event := audit("user prelogin by "+mode, address, mode, address)
event := audit("user prelogin by "+mode, identity, mode, identity)
defer func() { event.submit(e.db) }()
code0, err := decryptCaptcha(captcha)
@@ -323,7 +323,7 @@ func (e mainEnv) userPrelogin(w http.ResponseWriter, r *http.Request, ps httprou
returnError(w, r, "bad mode", 405, nil, event)
return
}
userBson, err := e.db.lookupUserRecordByIndex(mode, address, e.conf)
userBson, err := e.db.lookupUserRecordByIndex(mode, identity, e.conf)
if err != nil {
returnError(w, r, "internal error", 405, err, event)
return
@@ -331,24 +331,23 @@ func (e mainEnv) userPrelogin(w http.ResponseWriter, r *http.Request, ps httprou
if userBson != nil {
userTOKEN := userBson["token"].(string)
event.Record = userTOKEN
if address == "4444" || address == "test@securitybunker.io" {
if identity == "4444" || identity == "test@securitybunker.io" {
// check if it is demo account.
// the address is always 4444
// no need to send any notifications
e.db.generateDemoLoginCode(userTOKEN)
} else {
rnd := e.db.generateTempLoginCode(userTOKEN)
if mode == "email" {
go sendCodeByEmail(rnd, address, e.conf)
go sendCodeByEmail(rnd, identity, e.conf)
} else if mode == "phone" {
go sendCodeByPhone(rnd, address, e.conf)
go sendCodeByPhone(rnd, identity, e.conf)
}
}
} else {
if mode == "email" {
//notifyURL := e.conf.Notification.NotificationURL
//notifyBadLogin(notifyURL, mode, address)
e.pluginUserLookup(address)
//notifyBadLogin(notifyURL, mode, identity)
e.pluginUserLookup(identity)
returnError(w, r, "record not found", 405, errors.New("record not found"), event)
return
}
@@ -361,9 +360,9 @@ func (e mainEnv) userPrelogin(w http.ResponseWriter, r *http.Request, ps httprou
func (e mainEnv) userLogin(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
tmp := atoi(ps.ByName("tmp"))
address := ps.ByName("address")
identity := ps.ByName("identity")
mode := ps.ByName("mode")
event := audit("user login by "+mode, address, mode, address)
event := audit("user login by "+mode, identity, mode, identity)
defer func() { event.submit(e.db) }()
if mode != "phone" && mode != "email" {
@@ -371,7 +370,7 @@ func (e mainEnv) userLogin(w http.ResponseWriter, r *http.Request, ps httprouter
return
}
userBson, err := e.db.lookupUserRecordByIndex(mode, address, e.conf)
userBson, err := e.db.lookupUserRecordByIndex(mode, identity, e.conf)
if userBson == nil || err != nil {
returnError(w, r, "internal error", 405, err, event)
return

8
src/utils_test.go
View File

@@ -119,7 +119,7 @@ func TestUtilNotifyConsentChange(t *testing.T) {
defer req.Body.Close()
bodyBytes, _ := ioutil.ReadAll(req.Body)
fmt.Printf("body: %s\n", string(bodyBytes))
if string(bodyBytes) != `{"action":"consentchange","address":"user3@user3.com","brief":"brief","mode":"email","status":"no"}` {
if string(bodyBytes) != `{"action":"consentchange","identity":"user3@user3.com","brief":"brief","mode":"email","status":"no"}` {
q <- fmt.Sprintf("bad request in notifyConsentChange: %s", string(bodyBytes))
} else {
q <- "ok"
@@ -142,7 +142,7 @@ func TestUtilNotifyProfileNew(t *testing.T) {
defer req.Body.Close()
bodyBytes, _ := ioutil.ReadAll(req.Body)
fmt.Printf("body: %s\n", string(bodyBytes))
if string(bodyBytes) != `{"action":"profilenew","address":"user3@user3.com","mode":"email","profile":{"name":"alex"}}` {
if string(bodyBytes) != `{"action":"profilenew","identity":"user3@user3.com","mode":"email","profile":{"name":"alex"}}` {
q <- fmt.Sprintf("bad request in notifyConsentChange: %s", string(bodyBytes))
} else {
q <- "ok"
@@ -166,7 +166,7 @@ func TestUtilNotifyForgetMe(t *testing.T) {
defer req.Body.Close()
bodyBytes, _ := ioutil.ReadAll(req.Body)
fmt.Printf("body: %s\n", string(bodyBytes))
if string(bodyBytes) != `{"action":"forgetme","address":"user3@user3.com","mode":"email","profile":{"name":"alex"}}` {
if string(bodyBytes) != `{"action":"forgetme","identity":"user3@user3.com","mode":"email","profile":{"name":"alex"}}` {
q <- fmt.Sprintf("bad request in notifyConsentChange: %s", string(bodyBytes))
} else {
q <- "ok"
@@ -190,7 +190,7 @@ func TestUtilNotifyProfileChange(t *testing.T) {
defer req.Body.Close()
bodyBytes, _ := ioutil.ReadAll(req.Body)
fmt.Printf("body: %s\n", string(bodyBytes))
if string(bodyBytes) != `{"action":"profilechange","address":"user3@user3.com","mode":"email","old":{"name":"alex2"},"profile":{"name":"alex3"}}` {
if string(bodyBytes) != `{"action":"profilechange","identity":"user3@user3.com","mode":"email","old":{"name":"alex2"},"profile":{"name":"alex3"}}` {
q <- fmt.Sprintf("bad request in notifyConsentChange: %s", string(bodyBytes))
} else {
q <- "ok"

8
src/xtokens_test.go
View File

@@ -9,17 +9,17 @@ import (
uuid "github.com/hashicorp/go-uuid"
)
func helpUserPrelogin(mode string, address string) (map[string]interface{}, error) {
func helpUserPrelogin(mode string, identity string) (map[string]interface{}, error) {
captcha, _ := generateCaptcha()
code, _ := decryptCaptcha(captcha)
url := "http://localhost:3000/v1/prelogin/" + mode + "/" + address + "/" + code + "/" + captcha
url := "http://localhost:3000/v1/prelogin/" + mode + "/" + identity + "/" + code + "/" + captcha
request := httptest.NewRequest("GET", url, nil)
//request.Header.Set("X-Bunker-Token", rootToken)
return helpServe(request)
}
func helpUserLogin(mode string, address string, code string) (map[string]interface{}, error) {
url := "http://localhost:3000/v1/login/" + mode + "/" + address + "/" + code
func helpUserLogin(mode string, identity string, code string) (map[string]interface{}, error) {
url := "http://localhost:3000/v1/login/" + mode + "/" + identity + "/" + code
request := httptest.NewRequest("GET", url, nil)
//request.Header.Set("X-Bunker-Token", rootToken)
return helpServe(request)