Merge pull request #169 from osvauld/develop

Develop

controllers/environment_controller.go

@@ -0,0 +1,167 @@
+package controllers
+
+import (
+	"errors"
+	"net/http"
+	"osvauld/customerrors"
+	dto "osvauld/dtos"
+	"osvauld/service"
+	"osvauld/utils"
+
+	"github.com/gin-gonic/gin"
+	"github.com/google/uuid"
+)
+
+func AddEnvironment(ctx *gin.Context) {
+	caller, err := utils.FetchUserIDFromCtx(ctx)
+	if err != nil {
+		SendResponse(ctx, http.StatusBadRequest, nil, "", errors.New("invalid user id"))
+		return
+	}
+	var req dto.AddEnvironment
+	if err := ctx.ShouldBindJSON(&req); err != nil {
+		SendResponse(ctx, http.StatusBadRequest, nil, "", err)
+		return
+	}
+	_, err = service.AddEnvironment(ctx, req, caller)
+	if err != nil {
+		SendResponse(ctx, http.StatusInternalServerError, nil, "", err)
+		return
+	}
+	SendResponse(ctx, http.StatusOK, nil, "added environment", nil)
+}
+
+func GetEnvironments(ctx *gin.Context) {
+	caller, err := utils.FetchUserIDFromCtx(ctx)
+	if err != nil {
+		SendResponse(ctx, http.StatusBadRequest, nil, "", errors.New("invalid user id"))
+		return
+	}
+	environments, err := service.GetEnvironments(ctx, caller)
+	if err != nil {
+		SendResponse(ctx, http.StatusInternalServerError, nil, "", err)
+		return
+	}
+	SendResponse(ctx, http.StatusOK, environments, "fetched environments", nil)
+}
+
+func GetEnvironmentFields(ctx *gin.Context) {
+	// caller, err := utils.FetchUserIDFromCtx(ctx)
+	// if err != nil {
+	// 	SendResponse(ctx, http.StatusBadRequest, nil, "", errors.New("invalid user id"))
+	// 	return
+	// }
+	environmentIDStr := ctx.Param("id")
+	environmentID, err := uuid.Parse(environmentIDStr)
+	if err != nil {
+		SendResponse(ctx, http.StatusBadRequest, nil, "", errors.New("invalid environment id"))
+		return
+	}
+	// TODO: Add check for user access to environment
+	credentials, err := service.GetEnvironmentFields(ctx, environmentID)
+	if err != nil {
+		SendResponse(ctx, http.StatusInternalServerError, nil, "", err)
+		return
+	}
+	SendResponse(ctx, http.StatusOK, credentials, "fetched credentials", nil)
+}
+
+func GetEnvironmentByName(ctx *gin.Context) {
+	caller, err := utils.FetchUserIDFromCtx(ctx)
+	if err != nil {
+		SendResponse(ctx, http.StatusBadRequest, nil, "", errors.New("invalid user id"))
+		return
+	}
+	environmentName := ctx.Param("name")
+	environment, err := service.GetEnvironmentByName(ctx, environmentName, caller)
+	if err != nil {
+		SendResponse(ctx, http.StatusInternalServerError, nil, "", errors.New("failed to fetch environment"))
+		return
+	}
+	SendResponse(ctx, http.StatusOK, environment, "Fetched environment", nil)
+}
+
+func EditEnvironmentFieldName(ctx *gin.Context) {
+	caller, err := utils.FetchUserIDFromCtx(ctx)
+	if err != nil {
+		SendResponse(ctx, http.StatusBadRequest, nil, "", errors.New("invalid user id"))
+		return
+	}
+
+	var req dto.EditEnvFieldName
+	if err := ctx.ShouldBindJSON(&req); err != nil {
+		SendResponse(ctx, http.StatusBadRequest, nil, "", err)
+		return
+	}
+
+	response, err := service.EditEnvFieldName(ctx, req, caller)
+	if err != nil {
+		if _, ok := err.(*customerrors.UserDoesNotHaveEnvironmentAccess); ok {
+			SendResponse(ctx, http.StatusUnauthorized, nil, "", err)
+			return
+		}
+		SendResponse(ctx, http.StatusInternalServerError, nil, "", err)
+		return
+	}
+	SendResponse(ctx, http.StatusOK, response, "", nil)
+
+}
+
+func GetCredentialEnvFieldsForEditDataSync(ctx *gin.Context) {
+	userID, err := utils.FetchUserIDFromCtx(ctx)
+	if err != nil {
+		SendResponse(ctx, http.StatusUnauthorized, nil, "", errors.New("unauthorized"))
+		return
+	}
+
+	credentialIDStr := ctx.Param("credentialId")
+	credentailID, err := uuid.Parse(credentialIDStr)
+	if err != nil {
+		SendResponse(ctx, http.StatusBadRequest, nil, "", errors.New("invalid credential id"))
+		return
+	}
+
+	fieldData, err := service.GetCredentialEnvFieldsForEditDataSync(ctx, credentailID, userID)
+	if err != nil {
+
+		if _, ok := err.(*customerrors.UserDoesNotHaveCredentialAccessError); ok {
+			SendResponse(ctx, http.StatusUnauthorized, nil, "", err)
+			return
+		}
+
+		SendResponse(ctx, http.StatusInternalServerError, nil, "", err)
+		return
+	}
+
+	SendResponse(ctx, http.StatusOK, fieldData, "Fetched Fields", nil)
+
+}
+
+func GetEnvsForCredential(ctx *gin.Context) {
+	// userID, err := utils.FetchUserIDFromCtx(ctx)
+	// if err != nil {
+	// 	SendResponse(ctx, http.StatusUnauthorized, nil, "", errors.New("unauthorized"))
+	// 	return
+	// }
+
+	credentialIDStr := ctx.Param("credentialId")
+	credentailID, err := uuid.Parse(credentialIDStr)
+	if err != nil {
+		SendResponse(ctx, http.StatusBadRequest, nil, "", errors.New("invalid credential id"))
+		return
+	}
+
+	envs, err := service.GetEnvsForCredential(ctx, credentailID)
+	if err != nil {
+
+		if _, ok := err.(*customerrors.UserDoesNotHaveCredentialAccessError); ok {
+			SendResponse(ctx, http.StatusUnauthorized, nil, "", err)
+			return
+		}
+
+		SendResponse(ctx, http.StatusInternalServerError, nil, "", err)
+		return
+	}
+
+	SendResponse(ctx, http.StatusOK, envs, "Fetched Environments", nil)
+}

controllers/folder_controller.go

@@ -27,6 +27,7 @@ func CreateFolder(ctx *gin.Context) {
 
 	folderDetails, err := service.CreateFolder(ctx, req, caller)
 	if err != nil {
+		logger.Errorf(err.Error())
 		SendResponse(ctx, http.StatusInternalServerError, nil, "", errors.New("failed to create folder"))
 		return
 	}
@@ -67,6 +68,7 @@ func RemoveFolder(ctx *gin.Context) {
 	}
 	err = service.RemoveFolder(ctx, folderID, caller)
 	if err != nil {
+		logger.Debugf(err.Error())
 		SendResponse(ctx, http.StatusInternalServerError, nil, "", errors.New("failed to remove folder"))
 		return
 	}

controllers/share_credential_controller.go

@@ -116,3 +116,27 @@ func ShareFolderWithGroups(ctx *gin.Context) {
 	}
 	SendResponse(ctx, http.StatusOK, response, "Success", nil)
 }
+
+func ShareCredentialsWithEnvironment(ctx *gin.Context) {
+
+	caller, err := utils.FetchUserIDFromCtx(ctx)
+	if err != nil {
+		SendResponse(ctx, http.StatusUnauthorized, nil, "", errors.New("unauthorized"))
+		return
+	}
+
+	var req dto.ShareCredentialsWithEnvironmentRequest
+	if err := ctx.ShouldBindJSON(&req); err != nil {
+		SendResponse(ctx, http.StatusBadRequest, nil, "", err)
+		return
+	}
+
+	err = service.ShareCredentialsWithEnvironment(ctx, req, caller)
+	if err != nil {
+
+		SendResponse(ctx, http.StatusInternalServerError, nil, "", err)
+		return
+	}
+	SendResponse(ctx, http.StatusOK, nil, "Success", nil)
+
+}

controllers/user_controller.go

@@ -28,7 +28,7 @@ func CreateUser(ctx *gin.Context) {
 		SendResponse(ctx, http.StatusInternalServerError, nil, "invalid user type", err)
 		return
 	}
-	if userType != "admin" {
+	if userType != "admin" && userType != "superadmin" {
 		SendResponse(ctx, http.StatusUnauthorized, nil, "user not authorized", errors.New("user not authorized"))
 		return
 	}
@@ -91,6 +91,7 @@ func Register(ctx *gin.Context) {
 
 func GetChallenge(ctx *gin.Context) {
 	var req dto.CreateChallenge
+	logger.Infof("%v", req)
 	if err := ctx.ShouldBindJSON(&req); err != nil {
 		SendResponse(ctx, http.StatusBadRequest, nil, "", err)
 		return
@@ -166,7 +167,7 @@ func CreateFirstAdmin(ctx *gin.Context) {
 		return
 	}
 
-	req.Type = "admin"
+	req.Type = "superadmin"
 	// Validate the requestBody using the validator
 	if err := validate.Struct(req); err != nil {
 		SendResponse(ctx, http.StatusBadRequest, nil, "", err)
@@ -236,3 +237,37 @@ func GetAllUsers(ctx *gin.Context) {
 	}
 	SendResponse(ctx, http.StatusOK, users, "fetched users", nil)
 }
+
+func CreateCLIUser(ctx *gin.Context) {
+	var req dto.CreateCLIUser
+	if err := ctx.ShouldBindJSON(&req); err != nil {
+		SendResponse(ctx, http.StatusBadRequest, nil, "", err)
+		return
+	}
+	caller, err := utils.FetchUserIDFromCtx(ctx)
+	if err != nil {
+		SendResponse(ctx, http.StatusBadRequest, nil, "", errors.New("invalid user id"))
+		return
+	}
+	user, err := service.CreateCLIUser(ctx, req, caller)
+	if err != nil {
+		SendResponse(ctx, http.StatusInternalServerError, nil, "", err)
+		return
+	}
+	SendResponse(ctx, http.StatusCreated, user, "created user", nil)
+}
+
+func GetCliUsers(ctx *gin.Context) {
+	caller, err := utils.FetchUserIDFromCtx(ctx)
+	if err != nil {
+		SendResponse(ctx, http.StatusBadRequest, nil, "", errors.New("invalid user id"))
+		return
+	}
+	cliUsers, err := service.GetCliUsers(ctx, caller)
+
+	if err != nil {
+		SendResponse(ctx, http.StatusInternalServerError, nil, "", err)
+		return
+	}
+	SendResponse(ctx, http.StatusCreated, cliUsers, "fetched cli users user", nil)
+}

customerrors/errors.go

@@ -68,3 +68,12 @@ type UserNotAdminOfGroupError struct {
 func (e *UserNotAdminOfGroupError) Error() string {
 	return fmt.Sprintf("user %s is not a admin of group %s", e.UserID, e.GroupID)
 }
+
+type UserDoesNotHaveEnvironmentAccess struct {
+	UserID        uuid.UUID
+	EnvironmentID uuid.UUID
+}
+
+func (e *UserDoesNotHaveEnvironmentAccess) Error() string {
+	return fmt.Sprintf("user %s does not have access to env %s", e.UserID, e.EnvironmentID)
+}

db/migration/000002_split_field_table.down.sql

@@ -0,0 +1,5 @@
+DROP TABLE IF EXISTS field_values;
+
+DROP TABLE IF EXISTS field_data;
+
+ALTER TABLE folders DROP COLUMN IF EXISTS type ;

db/migration/000002_split_field_table.up.sql

@@ -0,0 +1,19 @@
+CREATE TABLE field_data (
+    id UUID PRIMARY KEY DEFAULT uuid_generate_v4(),
+    field_name VARCHAR(255) NOT NULL,
+    field_type VARCHAR(255) NOT NULL,
+    credential_id UUID NOT NULL REFERENCES credentials(id) ON DELETE CASCADE,
+    created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(),
+    created_by UUID  REFERENCES users(id) ON DELETE SET NULL,
+    updated_at TIMESTAMPTZ NOT NULL DEFAULT NOW(),
+    updated_by UUID REFERENCES users(id) ON DELETE SET NULL
+);
+
+CREATE TABLE field_values (
+    id UUID PRIMARY KEY DEFAULT uuid_generate_v4(),
+    field_id UUID NOT NULL REFERENCES field_data(id) ON DELETE CASCADE,
+    field_value TEXT NOT NULL,
+    user_id UUID NOT NULL REFERENCES users(id) ON DELETE CASCADE
+);
+
+ALTER TABLE folders ADD COLUMN type VARCHAR(255) NOT NULL DEFAULT 'shared';

db/migration/000003_cli_user.down.sql

@@ -0,0 +1,5 @@
+DROP TABLE IF EXISTS environment_fields;
+
+DROP TABLE IF EXISTS environments;
+
+ALTER TABLE users DROP COLUMN IF EXISTS created_by;

db/migration/000003_cli_user.up.sql

@@ -0,0 +1,22 @@
+
+ALTER TABLE users ADD COLUMN created_by UUID;
+
+CREATE TABLE environments (
+    id UUID PRIMARY KEY DEFAULT uuid_generate_v4(),
+    cli_user UUID NOT NULL REFERENCES users(id) ON DELETE CASCADE,
+    name VARCHAR(255) NOT NULL,
+    createdAt TIMESTAMPTZ NOT NULL DEFAULT NOW(),
+    updatedAt TIMESTAMPTZ NOT NULL DEFAULT NOW(),
+    created_by UUID NOT NULL REFERENCES users(id)
+);
+
+CREATE TABLE environment_fields (
+    id UUID PRIMARY KEY DEFAULT uuid_generate_v4(),
+    field_name VARCHAR(255) NOT NULL,
+    field_value TEXT NOT NULL,
+    parent_field_value_id UUID NOT NULL REFERENCES field_values(id) ON DELETE CASCADE,
+    env_id UUID NOT NULL REFERENCES environments(Id) ON DELETE CASCADE,
+    credential_id UUID NOT NULL REFERENCES credentials(id) ON DELETE CASCADE,
+    created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(),
+    updated_at TIMESTAMPTZ NOT NULL DEFAULT NOW()
+);

db/query/credential.sql

@@ -42,15 +42,16 @@ WHERE
     AND C.folder_id = $1
     AND A.user_id = $2;
 
-
 -- name: GetAllUrlsForUser :many
 SELECT DISTINCT
-    field_value as value, credential_id as "credentialId"
+    fv.field_value AS value,
+    fd.credential_id AS "credentialId"
 FROM 
-    fields
+    field_values fv
+JOIN 
+    field_data fd ON fv.field_id = fd.id
 WHERE 
-    user_id = $1 AND field_name = 'Domain';
-
+    fv.user_id = $1 AND fd.field_name = 'Domain';
 
 -- name: GetCredentialDetailsByIDs :many
 SELECT
@@ -103,17 +104,19 @@ SET
     description = $3,
     credential_type = $4,
     updated_at = NOW(),
-    updated_by = $5
+    updated_by = $5,
+    domain = $6
 WHERE
     id = $1;
 
 -- name: GetCredentialsForSearchByUserID :many
-SELECT 
+SELECT DISTINCT
     c.id as "credentialId", 
     c.name, 
     COALESCE(c.description, '') AS description,
     COALESCE(c.domain, '') AS domain,
-    c.folder_id, 
+    c.folder_id,
+    COALESCE(f.type, '' ) AS "folderType",
     COALESCE(f.name, '') AS folder_name
 FROM 
     credentials c