feature: add update setup key endpoint

2026-04-17 15:56:39 +00:00 · 2021-08-20 22:33:43 +02:00
parent 617f79e2e0
commit 2e9fc20567
12 changed files with 315 additions and 32 deletions
--- a/management/server/http/handler/peers.go
+++ b/management/server/http/handler/peers.go
@@ -28,7 +28,7 @@ func NewPeers(accountManager *server.AccountManager) *Peers {
 	}
 }

-func (h *Peers) ServeHTTP(w http.ResponseWriter, r *http.Request) {
+func (h *Peers) GetPeers(w http.ResponseWriter, r *http.Request) {
 	switch r.Method {
 	case http.MethodGet:
 		accountId := extractAccountIdFromRequestContext(r)
--- a/management/server/http/handler/setupkeys.go
+++ b/management/server/http/handler/setupkeys.go
@@ -2,8 +2,11 @@ package handler

 import (
 	"encoding/json"
+	"github.com/gorilla/mux"
 	log "github.com/sirupsen/logrus"
 	"github.com/wiretrustee/wiretrustee/management/server"
+	"google.golang.org/grpc/codes"
+	"google.golang.org/grpc/status"
 	"net/http"
 	"time"
 )
@@ -15,11 +18,21 @@ type SetupKeys struct {

 // SetupKeyResponse is a response sent to the client
 type SetupKeyResponse struct {
+	Id      string
 	Key     string
 	Name    string
 	Expires time.Time
-	Type    string
+	Type    server.SetupKeyType
 	Valid   bool
+	Revoked bool
+}
+
+// SetupKeyRequest is a request sent by client. This object contains fields that can be modified
+type SetupKeyRequest struct {
+	Name      string
+	Type      server.SetupKeyType
+	ExpiresIn Duration
+	Revoked   bool
 }

 func NewSetupKeysHandler(accountManager *server.AccountManager) *SetupKeys {
@@ -28,7 +41,90 @@ func NewSetupKeysHandler(accountManager *server.AccountManager) *SetupKeys {
 	}
 }

-func (h *SetupKeys) ServeHTTP(w http.ResponseWriter, r *http.Request) {
+func (h *SetupKeys) CreateKey(w http.ResponseWriter, r *http.Request) {
+	accountId := extractAccountIdFromRequestContext(r)
+	req := &SetupKeyRequest{}
+	err := json.NewDecoder(r.Body).Decode(&req)
+	if err != nil {
+		http.Error(w, err.Error(), http.StatusBadRequest)
+		return
+	}
+
+	setupKey, err := h.accountManager.AddSetupKey(accountId, req.Name, req.Type, req.ExpiresIn.Duration)
+	if err != nil {
+		errStatus, ok := status.FromError(err)
+		if ok && errStatus.Code() == codes.NotFound {
+			http.Error(w, "account not found", http.StatusNotFound)
+			return
+		}
+		http.Error(w, "failed adding setup key", http.StatusInternalServerError)
+		return
+	}
+
+	writeSuccess(w, setupKey)
+}
+
+func (h *SetupKeys) HandleKey(w http.ResponseWriter, r *http.Request) {
+	accountId := extractAccountIdFromRequestContext(r)
+	vars := mux.Vars(r)
+	keyId := vars["id"]
+	if len(keyId) == 0 {
+		http.Error(w, "invalid key Id", http.StatusBadRequest)
+		return
+	}
+
+	switch r.Method {
+	case http.MethodPost:
+		req := &SetupKeyRequest{}
+		err := json.NewDecoder(r.Body).Decode(&req)
+		if err != nil {
+			http.Error(w, err.Error(), http.StatusBadRequest)
+			return
+		}
+
+		var key *server.SetupKey
+		if req.Revoked {
+			//handle only if being revoked, don't allow to enable key again for now
+			key, err = h.accountManager.RevokeSetupKey(accountId, keyId)
+			if err != nil {
+				http.Error(w, "failed revoking key", http.StatusInternalServerError)
+				return
+			}
+		}
+		if len(req.Name) != 0 {
+			key, err = h.accountManager.RenameSetupKey(accountId, keyId, req.Name)
+			if err != nil {
+				http.Error(w, "failed renaming key", http.StatusInternalServerError)
+				return
+			}
+		}
+
+		if key != nil {
+			writeSuccess(w, key)
+		}
+
+		return
+
+	case http.MethodGet:
+		account, err := h.accountManager.GetAccount(accountId)
+		if err != nil {
+			http.Error(w, "account doesn't exist", http.StatusInternalServerError)
+			return
+		}
+		for _, key := range account.SetupKeys {
+			if key.Id == keyId {
+				writeSuccess(w, key)
+				return
+			}
+		}
+		http.Error(w, "setup key not found", http.StatusNotFound)
+		return
+	default:
+		http.Error(w, "", http.StatusNotFound)
+	}
+}
+
+func (h *SetupKeys) GetKeys(w http.ResponseWriter, r *http.Request) {
 	switch r.Method {
 	case http.MethodGet:
 		accountId := extractAccountIdFromRequestContext(r)
@@ -44,13 +140,7 @@ func (h *SetupKeys) ServeHTTP(w http.ResponseWriter, r *http.Request) {

 		respBody := []*SetupKeyResponse{}
 		for _, key := range account.SetupKeys {
-			respBody = append(respBody, &SetupKeyResponse{
-				Key:     key.Key,
-				Name:    key.Name,
-				Expires: key.ExpiresAt,
-				Type:    string(key.Type),
-				Valid:   key.IsValid(),
-			})
+			respBody = append(respBody, toResponseBody(key))
 		}

 		err = json.NewEncoder(w).Encode(respBody)
@@ -63,3 +153,25 @@ func (h *SetupKeys) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 		http.Error(w, "", http.StatusNotFound)
 	}
 }
+
+func writeSuccess(w http.ResponseWriter, key *server.SetupKey) {
+	w.WriteHeader(200)
+	w.Header().Set("Content-Type", "application/json")
+	err := json.NewEncoder(w).Encode(toResponseBody(key))
+	if err != nil {
+		http.Error(w, "failed handling request", http.StatusInternalServerError)
+		return
+	}
+}
+
+func toResponseBody(key *server.SetupKey) *SetupKeyResponse {
+	return &SetupKeyResponse{
+		Id:      key.Id,
+		Key:     key.Key,
+		Name:    key.Name,
+		Expires: key.ExpiresAt,
+		Type:    key.Type,
+		Valid:   key.IsValid(),
+		Revoked: key.Revoked,
+	}
+}
--- a/management/server/http/handler/util.go
+++ b/management/server/http/handler/util.go
@@ -1,8 +1,11 @@
 package handler

 import (
+	"encoding/json"
+	"errors"
 	"github.com/golang-jwt/jwt"
 	"net/http"
+	"time"
 )

 // extractAccountIdFromRequestContext extracts accountId from the request context previously filled by the JWT token (after auth)
@@ -13,3 +16,33 @@ func extractAccountIdFromRequestContext(r *http.Request) string {
 	//actually a user id but for now we have a 1 to 1 mapping.
 	return claims["sub"].(string)
 }
+
+//Duration is used strictly for JSON requests/responses due to duration marshalling issues
+type Duration struct {
+	time.Duration
+}
+
+func (d Duration) MarshalJSON() ([]byte, error) {
+	return json.Marshal(d.String())
+}
+
+func (d *Duration) UnmarshalJSON(b []byte) error {
+	var v interface{}
+	if err := json.Unmarshal(b, &v); err != nil {
+		return err
+	}
+	switch value := v.(type) {
+	case float64:
+		d.Duration = time.Duration(value)
+		return nil
+	case string:
+		var err error
+		d.Duration, err = time.ParseDuration(value)
+		if err != nil {
+			return err
+		}
+		return nil
+	default:
+		return errors.New("invalid duration")
+	}
+}
--- a/management/server/http/server.go
+++ b/management/server/http/server.go
@@ -2,6 +2,7 @@ package http

 import (
 	"context"
+	"github.com/gorilla/mux"
 	"github.com/rs/cors"
 	log "github.com/sirupsen/logrus"
 	s "github.com/wiretrustee/wiretrustee/management/server"
@@ -54,20 +55,24 @@ func (s *Server) Start() error {
 	}

 	corsMiddleware := cors.AllowAll()
-	h := http.NewServeMux()
-	s.server.Handler = h
+
+	r := mux.NewRouter()
+	r.Use(jwtMiddleware.Handler, corsMiddleware.Handler)

 	peersHandler := handler.NewPeers(s.accountManager)
 	keysHandler := handler.NewSetupKeysHandler(s.accountManager)
-	h.Handle("/api/peers", corsMiddleware.Handler(jwtMiddleware.Handler(peersHandler)))
-	h.Handle("/api/setup-keys", corsMiddleware.Handler(jwtMiddleware.Handler(keysHandler)))
-	http.Handle("/", h)
+	r.HandleFunc("/api/peers", peersHandler.GetPeers).Methods("GET", "OPTIONS")
+
+	r.HandleFunc("/api/setup-keys", keysHandler.GetKeys).Methods("GET", "OPTIONS")
+	r.HandleFunc("/api/setup-keys", keysHandler.CreateKey).Methods("PUT")
+	r.HandleFunc("/api/setup-keys/{id}", keysHandler.HandleKey).Methods("GET", "POST", "OPTIONS")
+	http.Handle("/", r)

 	if s.certManager != nil {
 		// if HTTPS is enabled we reuse the listener from the cert manager
 		listener := s.certManager.Listener()
 		log.Infof("http server listening on %s", listener.Addr())
-		if err = http.Serve(listener, s.certManager.HTTPHandler(h)); err != nil {
+		if err = http.Serve(listener, s.certManager.HTTPHandler(r)); err != nil {
 			log.Errorf("failed to serve https server: %v", err)
 			return err
 		}