scottk/databunker
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/databunker.git synced 2025-11-01 18:38:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

Refactor update user operation

Browse Source
This commit is contained in:
root
2021-03-07 18:38:07 +00:00
parent 35713b43b0
commit a86273e291
4 changed files with 112 additions and 49 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
src/requests_api.go
View File

@@ -129,7 +129,7 @@ func (e mainEnv) getUserRequest(w http.ResponseWriter, r *http.Request, ps httpr
} else if len(brief) > 0 {
resultJSON, err = e.db.viewAgreementRecord(userTOKEN, brief)
} else {
resultJSON, err = e.db.getUser(userTOKEN)
resultJSON, err = e.db.getUserJson(userTOKEN)
}
if err != nil {
returnError(w, r, "internal error", 405, err, event)
@@ -197,18 +197,18 @@ func (e mainEnv) approveUserRequest(w http.ResponseWriter, r *http.Request, ps h
returnError(w, r, "wrong status: " + status, 405, err, event)
return
}
resultJSON, err := e.db.getUser(userTOKEN)
userJSON, userBSON, err := e.db.getUser(userTOKEN)
if err != nil {
returnError(w, r, "internal error", 405, err, event)
return
}
if resultJSON == nil {
if userJSON == nil {
returnError(w, r, "not found", 405, err, event)
return
}
if action == "forget-me" {
e.globalUserDelete(userTOKEN)
result, err := e.db.deleteUserRecord(resultJSON, userTOKEN)
result, err := e.db.deleteUserRecord(userJSON, userTOKEN)
if err != nil {
returnError(w, r, "internal error", 405, err, event)
return
@@ -219,9 +219,9 @@ func (e mainEnv) approveUserRequest(w http.ResponseWriter, r *http.Request, ps h
event.Msg = "failed to delete"
}
notifyURL := e.conf.Notification.NotificationURL
notifyForgetMe(notifyURL, resultJSON, "token", userTOKEN)
notifyForgetMe(notifyURL, userJSON, "token", userTOKEN)
} else if action == "change-profile" {
oldJSON, newJSON, lookupErr, err := e.db.updateUserRecord(requestInfo["change"].([]uint8), userTOKEN, event, e.conf)
oldJSON, newJSON, lookupErr, err := e.db.updateUserRecord(requestInfo["change"].([]uint8), userTOKEN, userBSON, event, e.conf)
if lookupErr {
returnError(w, r, "internal error", 405, errors.New("not found"), event)
return
@@ -290,7 +290,7 @@ func (e mainEnv) cancelUserRequest(w http.ResponseWriter, r *http.Request, ps ht
returnError(w, r, "wrong status: " + requestInfo["status"].(string), 405, err, event)
return
}
resultJSON, err := e.db.getUser(userTOKEN)
resultJSON, err := e.db.getUserJson(userTOKEN)
if err != nil {
returnError(w, r, "internal error", 405, err, event)
return

2
src/sharedrecords_api.go
View File

@@ -108,7 +108,7 @@ func (e mainEnv) getRecord(w http.ResponseWriter, r *http.Request, ps httprouter
} else if len(recordInfo.session) > 0 {
_, resultJSON, _, err = e.db.getSession(recordInfo.session)
} else {
resultJSON, err = e.db.getUser(recordInfo.token)
resultJSON, err = e.db.getUserJson(recordInfo.token)
}
if err != nil {
returnError(w, r, "internal error", 405, err, event)

18
src/users_api.go
View File

@@ -7,6 +7,7 @@ import (
"github.com/julienschmidt/httprouter"
"github.com/securitybunker/databunker/src/storage"
"go.mongodb.org/mongo-driver/bson"
)
func (e mainEnv) userNew(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
@@ -120,10 +121,10 @@ func (e mainEnv) userGet(w http.ResponseWriter, r *http.Request, ps httprouter.P
if enforceUUID(w, address, event) == false {
return
}
resultJSON, err = e.db.getUser(address)
resultJSON, err = e.db.getUserJson(address)
userTOKEN = address
} else {
resultJSON, userTOKEN, err = e.db.getUserIndex(address, mode, e.conf)
resultJSON, userTOKEN, err = e.db.getUserJsonByIndex(address, mode, e.conf)
event.Record = userTOKEN
}
if err != nil {
@@ -169,20 +170,21 @@ func (e mainEnv) userChange(w http.ResponseWriter, r *http.Request, ps httproute
userTOKEN := ""
var userJSON []byte
var userBSON bson.M
if mode == "token" {
if enforceUUID(w, address, event) == false {
return
}
userTOKEN = address
userJSON, err = e.db.getUser(address)
userJSON, userBSON, err = e.db.getUser(address)
} else {
userJSON, userTOKEN, err = e.db.getUserIndex(address, mode, e.conf)
userJSON, userTOKEN, userBSON, err = e.db.getUserByIndex(address, mode, e.conf)
if err != nil {
returnError(w, r, "internal error", 405, err, event)
return
}
if userJSON == nil {
returnError(w, r, "record not found", 405, nil, event)
returnError(w, r, "user record not found", 405, nil, event)
return
}
event.Record = userTOKEN
@@ -213,7 +215,7 @@ func (e mainEnv) userChange(w http.ResponseWriter, r *http.Request, ps httproute
return
}
}
oldJSON, newJSON, lookupErr, err := e.db.updateUserRecord(parsedData.jsonData, userTOKEN, event, e.conf)
oldJSON, newJSON, lookupErr, err := e.db.updateUserRecord(parsedData.jsonData, userTOKEN, userBSON, event, e.conf)
if lookupErr {
returnError(w, r, "record not found", 405, errors.New("record not found"), event)
return
@@ -245,9 +247,9 @@ func (e mainEnv) userDelete(w http.ResponseWriter, r *http.Request, ps httproute
if enforceUUID(w, address, event) == false {
return
}
resultJSON, err = e.db.getUser(address)
resultJSON, err = e.db.getUserJson(address)
} else {
resultJSON, userTOKEN, err = e.db.getUserIndex(address, mode, e.conf)
resultJSON, userTOKEN, err = e.db.getUserJsonByIndex(address, mode, e.conf)
event.Record = userTOKEN
}
if err != nil {

127
src/users_db.go
View File

@@ -100,28 +100,30 @@ func (dbobj dbcon) validateUserRecordChange(oldUserJSON []byte, jsonDataPatch []
return validateUserRecordChange(oldUserJSON, newJSON, authResult)
}
func (dbobj dbcon) updateUserRecord(jsonDataPatch []byte, userTOKEN string, event *auditEvent, conf Config) ([]byte, []byte, bool, error) {
var err error
for x := 0; x < 10; x++ {
oldJSON, newJSON, lookupErr, err := dbobj.updateUserRecordDo(jsonDataPatch, userTOKEN, event, conf)
if lookupErr == true {
return oldJSON, newJSON, lookupErr, err
}
if err == nil {
return oldJSON, newJSON, lookupErr, nil
}
fmt.Printf("Trying to update user again: %s\n", userTOKEN)
}
return nil, nil, false, err
func (dbobj dbcon) updateUserRecord(jsonDataPatch []byte, userTOKEN string, userBSON bson.M, event *auditEvent, conf Config) ([]byte, []byte, bool, error) {
oldJSON, newJSON, lookupErr, err := dbobj.updateUserRecordDo(jsonDataPatch, userTOKEN, userBSON, event, conf)
if lookupErr == true {
return oldJSON, newJSON, lookupErr, err
}
if err == nil {
return oldJSON, newJSON, lookupErr, nil
}
// load one more time user BSON structure
userBSON2, err := dbobj.lookupUserRecord(userTOKEN)
if userBSON2 == nil || err != nil {
return nil, nil, true, err
}
oldJSON, newJSON, lookupErr, err = dbobj.updateUserRecordDo(jsonDataPatch, userTOKEN, userBSON2, event, conf)
if lookupErr == true {
return oldJSON, newJSON, lookupErr, err
}
if err == nil {
return oldJSON, newJSON, lookupErr, nil
}
return nil, nil, false, err
}
func (dbobj dbcon) updateUserRecordDo(jsonDataPatch []byte, userTOKEN string, event *auditEvent, conf Config) ([]byte, []byte, bool, error) {
//_, err = collection.InsertOne(context.TODO(), bson.M{"name": "The Go Language2", "genre": "Coding", "authorId": "4"})
oldUserBson, err := dbobj.lookupUserRecord(userTOKEN)
if oldUserBson == nil || err != nil {
// not found
return nil, nil, true, errors.New("not found")
}
func (dbobj dbcon) updateUserRecordDo(jsonDataPatch []byte, userTOKEN string, oldUserBson bson.M, event *auditEvent, conf Config) ([]byte, []byte, bool, error) {
// get user key
userKey := oldUserBson["key"].(string)
@@ -264,19 +266,50 @@ func (dbobj dbcon) lookupUserRecordByIndex(indexName string, indexValue string,
return dbobj.store.GetRecord(storage.TblName.Users, indexName+"idx", idxStringHashHex)
}
func (dbobj dbcon) getUser(userTOKEN string) ([]byte, error) {
func (dbobj dbcon) getUserJson(userTOKEN string) ([]byte, error) {
userBson, err := dbobj.lookupUserRecord(userTOKEN)
if userBson == nil || err != nil {
// not found
return nil, err
}
if _, ok := userBson["key"]; !ok {
return []byte("{}"), nil
}
userKey := userBson["key"].(string)
recordKey, err := base64.StdEncoding.DecodeString(userKey)
if err != nil {
return nil, err
}
var decrypted []byte
if _, ok := userBson["data"]; ok {
encData0 := userBson["data"].(string)
if len(encData0) > 0 {
encData, err := base64.StdEncoding.DecodeString(encData0)
if err != nil {
return nil, err
}
decrypted, err = decrypt(dbobj.masterKey, recordKey, encData)
if err != nil {
return nil, err
}
}
}
return decrypted, err
}
func (dbobj dbcon) getUser(userTOKEN string) ([]byte, bson.M, error) {
userBson, err := dbobj.lookupUserRecord(userTOKEN)
if userBson == nil || err != nil {
// not found
return nil, err
return nil, nil, err
}
if _, ok := userBson["key"]; !ok {
return []byte("{}"), nil
return []byte("{}"), userBson, nil
}
userKey := userBson["key"].(string)
recordKey, err := base64.StdEncoding.DecodeString(userKey)
if err != nil {
return nil, err
return nil, nil, err
}
var decrypted []byte
if _, ok := userBson["data"]; ok {
@@ -284,27 +317,55 @@ func (dbobj dbcon) getUser(userTOKEN string) ([]byte, error) {
if len(encData0) > 0 {
encData, err := base64.StdEncoding.DecodeString(encData0)
if err != nil {
return nil, err
return nil, nil, err
}
decrypted, err = decrypt(dbobj.masterKey, recordKey, encData)
if err != nil {
return nil, err
return nil, nil, err
}
}
}
return decrypted, err
return decrypted, userBson, err
}
func (dbobj dbcon) getUserIndex(indexValue string, indexName string, conf Config) ([]byte, string, error) {
func (dbobj dbcon) getUserJsonByIndex(indexValue string, indexName string, conf Config) ([]byte, string, error) {
userBson, err := dbobj.lookupUserRecordByIndex(indexName, indexValue, conf)
if userBson == nil || err != nil {
return nil, "", err
}
// decrypt record
userKey := userBson["key"].(string)
recordKey, err := base64.StdEncoding.DecodeString(userKey)
if err != nil {
return nil, "", err
}
var decrypted []byte
if _, ok := userBson["data"]; ok {
encData0 := userBson["data"].(string)
if len(encData0) > 0 {
encData, err := base64.StdEncoding.DecodeString(encData0)
if err != nil {
return nil, "", err
}
decrypted, err = decrypt(dbobj.masterKey, recordKey, encData)
if err != nil {
return nil, "", err
}
}
}
return decrypted, userBson["token"].(string), err
}
func (dbobj dbcon) getUserByIndex(indexValue string, indexName string, conf Config) ([]byte, string, bson.M, error) {
userBson, err := dbobj.lookupUserRecordByIndex(indexName, indexValue, conf)
if userBson == nil || err != nil {
return nil, "", err
return nil, "", nil, err
}
// decrypt record
userKey := userBson["key"].(string)
recordKey, err := base64.StdEncoding.DecodeString(userKey)
if err != nil {
return nil, "", err
return nil, "", nil, err
}
var decrypted []byte
if _, ok := userBson["data"]; ok {
@@ -312,15 +373,15 @@ func (dbobj dbcon) getUserIndex(indexValue string, indexName string, conf Config
if len(encData0) > 0 {
encData, err := base64.StdEncoding.DecodeString(encData0)
if err != nil {
return nil, "", err
return nil, "", nil, err
}
decrypted, err = decrypt(dbobj.masterKey, recordKey, encData)
if err != nil {
return nil, "", err
return nil, "", nil, err
}
}
}
return decrypted, userBson["token"].(string), err
return decrypted, userBson["token"].(string), userBson, err
}
func (dbobj dbcon) deleteUserRecord(userJSON []byte, userTOKEN string) (bool, error) {