Store domain information (#217)

* extract claim information from JWT * get account function * Store domain * tests missing domain * update existing account with domain * add store domain tests
2026-04-18 00:06:38 +00:00 · 2022-02-11 17:18:18 +01:00
parent 919f0aa3da
commit cd9a418df2
8 changed files with 136 additions and 54 deletions
--- a/management/server/http/handler/peers.go
+++ b/management/server/http/handler/peers.go
@@ -63,12 +63,21 @@ func (h *Peers) deletePeer(accountId string, peer *server.Peer, w http.ResponseW
 	writeJSONObject(w, "")
 }

-func (h *Peers) HandlePeer(w http.ResponseWriter, r *http.Request) {
-	userId, accountId := extractUserAndAccountIdFromRequestContext(r, h.authAudience)
-	//new user -> create a new account
-	account, err := h.accountManager.GetAccountByUserOrAccountId(userId, accountId)
+func (h *Peers) getPeerAccount(r *http.Request) (*server.Account, error) {
+	jwtClaims := extractClaimsFromRequestContext(r, h.authAudience)
+
+	account, err := h.accountManager.GetAccountByUserOrAccountId(jwtClaims.UserId, jwtClaims.AccountId, jwtClaims.Domain)
 	if err != nil {
-		log.Errorf("failed getting account of a user %s: %v", userId, err)
+		return nil, fmt.Errorf("failed getting account of a user %s: %v", jwtClaims.UserId, err)
+	}
+
+	return account, nil
+}
+
+func (h *Peers) HandlePeer(w http.ResponseWriter, r *http.Request) {
+	account, err := h.getPeerAccount(r)
+	if err != nil {
+		log.Error(err)
 		http.Redirect(w, r, "/", http.StatusInternalServerError)
 		return
 	}
@@ -105,11 +114,9 @@ func (h *Peers) HandlePeer(w http.ResponseWriter, r *http.Request) {
 func (h *Peers) GetPeers(w http.ResponseWriter, r *http.Request) {
 	switch r.Method {
 	case http.MethodGet:
-		userId, accountId := extractUserAndAccountIdFromRequestContext(r, h.authAudience)
-		//new user -> create a new account
-		account, err := h.accountManager.GetAccountByUserOrAccountId(userId, accountId)
+		account, err := h.getPeerAccount(r)
 		if err != nil {
-			log.Errorf("failed getting account of a user %s: %v", userId, err)
+			log.Error(err)
 			http.Redirect(w, r, "/", http.StatusInternalServerError)
 			return
 		}
--- a/management/server/http/handler/setupkeys.go
+++ b/management/server/http/handler/setupkeys.go
@@ -2,6 +2,7 @@ package handler

 import (
 	"encoding/json"
+	"fmt"
 	"github.com/gorilla/mux"
 	log "github.com/sirupsen/logrus"
 	"github.com/wiretrustee/wiretrustee/management/server"
@@ -78,7 +79,7 @@ func (h *SetupKeys) updateKey(accountId string, keyId string, w http.ResponseWri
 }

 func (h *SetupKeys) getKey(accountId string, keyId string, w http.ResponseWriter, r *http.Request) {
-	account, err := h.accountManager.GetAccount(accountId)
+	account, err := h.accountManager.GetAccountById(accountId)
 	if err != nil {
 		http.Error(w, "account doesn't exist", http.StatusInternalServerError)
 		return
@@ -119,11 +120,21 @@ func (h *SetupKeys) createKey(accountId string, w http.ResponseWriter, r *http.R
 	writeSuccess(w, setupKey)
 }

-func (h *SetupKeys) HandleKey(w http.ResponseWriter, r *http.Request) {
-	userId, accountId := extractUserAndAccountIdFromRequestContext(r, h.authAudience)
-	account, err := h.accountManager.GetAccountByUserOrAccountId(userId, accountId)
+func (h *SetupKeys) getSetupKeyAccount(r *http.Request) (*server.Account, error) {
+	jwtClaims := extractClaimsFromRequestContext(r, h.authAudience)
+
+	account, err := h.accountManager.GetAccountByUserOrAccountId(jwtClaims.UserId, jwtClaims.AccountId, jwtClaims.Domain)
 	if err != nil {
-		log.Errorf("failed getting account of a user %s: %v", userId, err)
+		return nil, fmt.Errorf("failed getting account of a user %s: %v", jwtClaims.UserId, err)
+	}
+
+	return account, nil
+}
+
+func (h *SetupKeys) HandleKey(w http.ResponseWriter, r *http.Request) {
+	account, err := h.getSetupKeyAccount(r)
+	if err != nil {
+		log.Error(err)
 		http.Redirect(w, r, "/", http.StatusInternalServerError)
 		return
 	}
@@ -149,10 +160,9 @@ func (h *SetupKeys) HandleKey(w http.ResponseWriter, r *http.Request) {

 func (h *SetupKeys) GetKeys(w http.ResponseWriter, r *http.Request) {

-	userId, accountId := extractUserAndAccountIdFromRequestContext(r, h.authAudience)
-	account, err := h.accountManager.GetAccountByUserOrAccountId(userId, accountId)
+	account, err := h.getSetupKeyAccount(r)
 	if err != nil {
-		log.Errorf("failed getting account of a user %s: %v", userId, err)
+		log.Error(err)
 		http.Redirect(w, r, "/", http.StatusInternalServerError)
 		return
 	}
--- a/management/server/http/handler/util.go
+++ b/management/server/http/handler/util.go
@@ -8,17 +8,28 @@ import (
 	"time"
 )

-// extractUserAndAccountIdFromRequestContext extracts accountId from the request context previously filled by the JWT token (after auth)
-func extractUserAndAccountIdFromRequestContext(r *http.Request, authAudiance string) (userId, accountId string) {
+// JWTClaims stores information from JWTs
+type JWTClaims struct {
+	UserId    string
+	AccountId string
+	Domain    string
+}
+
+// extractClaimsFromRequestContext extracts claims from the request context previously filled by the JWT token (after auth)
+func extractClaimsFromRequestContext(r *http.Request, authAudiance string) JWTClaims {
 	token := r.Context().Value("user").(*jwt.Token)
 	claims := token.Claims.(jwt.MapClaims)
-
-	userId = claims["sub"].(string)
-	accountIdInt, ok := claims[authAudiance+"wt_account_id"]
+	jwtClaims := JWTClaims{}
+	jwtClaims.UserId = claims["sub"].(string)
+	accountIdClaim, ok := claims[authAudiance+"wt_account_id"]
 	if ok {
-		accountId = accountIdInt.(string)
+		jwtClaims.AccountId = accountIdClaim.(string)
 	}
-	return userId, accountId
+	domainClaim, ok := claims[authAudiance+"wt_user_domain"]
+	if ok {
+		jwtClaims.AccountId = domainClaim.(string)
+	}
+	return jwtClaims
 }

 //writeJSONObject simply writes object to the HTTP reponse in JSON format