
182 lines
5.4 KiB
Raw Normal View History

2020-05-30 17:14:40 -06:00
package main
import (
2020-05-31 06:19:41 -06:00
2020-05-30 17:14:40 -06:00
2020-05-31 06:19:41 -06:00
2020-05-30 17:14:40 -06:00
2020-06-01 02:48:05 -06:00
2020-05-30 17:14:40 -06:00
2020-07-20 16:20:59 -06:00
2020-05-30 17:14:40 -06:00
func handleDeviceRoutes(r chi.Router) {
r.Route("/devices", func(r chi.Router) {
2020-05-31 06:19:41 -06:00
// only the admin can get past this point
r.Use(func(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
ctx := r.Context()
claims, ok := ctx.Value(MWKey("claims")).(*MgmtClaims)
if !ok || "*" != claims.Slug {
2020-08-14 03:24:32 -06:00
msg := `{"error":"missing or invalid authorization token", "code":"E_TOKEN"}`
2020-05-31 06:19:41 -06:00
http.Error(w, msg+"\n", http.StatusUnprocessableEntity)
2020-05-30 17:14:40 -06:00
2020-05-31 06:19:41 -06:00
next.ServeHTTP(w, r.WithContext(ctx))
2020-05-30 17:14:40 -06:00
2020-05-31 06:19:41 -06:00
r.Post("/", func(w http.ResponseWriter, r *http.Request) {
2020-05-30 17:14:40 -06:00
auth := &authstore.Authorization{}
2020-05-31 06:19:41 -06:00
// Slug is mandatory, ID and MachinePPID must NOT be set
2020-05-30 17:14:40 -06:00
decoder := json.NewDecoder(r.Body)
err := decoder.Decode(&auth)
epoch := time.Time{}
2020-05-31 06:19:41 -06:00
if nil != err || "" != auth.ID || "" != auth.MachinePPID || "" == auth.Slug ||
2020-05-30 17:14:40 -06:00
epoch != auth.CreatedAt || epoch != auth.UpdatedAt || epoch != auth.DeletedAt {
result, _ := json.Marshal(&authstore.Authorization{})
msg, _ := json.Marshal(&struct {
Error string `json:"error"`
Error: "expected JSON in the format " + string(result),
http.Error(w, string(msg), http.StatusUnprocessableEntity)
2020-05-31 06:19:41 -06:00
if "" == auth.SharedKey {
rnd := make([]byte, 16)
if _, err := rand.Read(rnd); nil != err {
auth.SharedKey = base64.RawURLEncoding.EncodeToString(rnd)
if len(auth.SharedKey) < 20 {
2020-08-14 03:24:32 -06:00
msg := `{"error":"shared_key must be >= 16 bytes", "code":"E_BAD_REQUEST"}`
2020-05-31 06:19:41 -06:00
http.Error(w, string(msg), http.StatusUnprocessableEntity)
pub := authstore.ToPublicKeyString(auth.SharedKey)
if "" == auth.PublicKey {
auth.PublicKey = pub
if len(auth.PublicKey) > 24 {
auth.PublicKey = auth.PublicKey[:24]
if pub != auth.PublicKey {
2020-08-14 03:24:32 -06:00
msg := `{"error":"public_key must be the first 24 bytes of the base64-encoded hash of the shared_key", "code":"E_BAD_REQUEST"}`
2020-05-31 06:19:41 -06:00
http.Error(w, msg+"\n", http.StatusUnprocessableEntity)
2020-05-30 17:14:40 -06:00
err = store.Add(auth)
if nil != err {
2020-08-14 03:24:32 -06:00
msg := `{"error":"not really sure what happened, but it didn't go well (check the logs)", "code":"E_BAD_SERVER"}`
2020-05-31 06:19:41 -06:00
if authstore.ErrExists == err {
2020-08-14 03:24:32 -06:00
msg = fmt.Sprintf(`{ "error": "%s", "code":"E_EXIST"}`, err.Error())
2020-05-31 06:19:41 -06:00
2020-05-30 17:14:40 -06:00
http.Error(w, msg, http.StatusInternalServerError)
result, _ := json.Marshal(auth)
2020-05-31 06:19:41 -06:00
w.Write([]byte(string(result) + "\n"))
2020-05-30 17:14:40 -06:00
r.Get("/", func(w http.ResponseWriter, r *http.Request) {
2020-06-01 02:48:05 -06:00
var things []authstore.Authorization
var err error
if "true" == strings.Join(r.URL.Query()["inactive"], " ") {
things, err = store.Inactive()
} else {
things, err = store.Active()
if nil != err {
2020-08-14 03:24:32 -06:00
msg := `{"error":"not really sure what happened, but it didn't go well (check the logs)", "code":"E_SERVER"}`
http.Error(w, msg, http.StatusInternalServerError)
2020-06-01 02:48:05 -06:00
for i := range things {
auth := things[i]
// Redact private data
if "" != auth.MachinePPID {
auth.MachinePPID = "[redacted]"
if "" != auth.SharedKey {
auth.SharedKey = "[redacted]"
things[i] = auth
encoder := json.NewEncoder(w)
_ = encoder.Encode(things)
2020-05-30 17:14:40 -06:00
r.Get("/{slug}", func(w http.ResponseWriter, r *http.Request) {
slug := chi.URLParam(r, "slug")
// TODO store should be concurrency-safe
auth, err := store.Get(slug)
if nil != err {
2020-08-14 03:24:32 -06:00
var msg string
if err == authstore.ErrNotFound {
msg = `{"error":"not really sure what happened, but it didn't go well (check the logs)", "code":"E_NOT_FOUND"}`
} else {
msg = `{"error":"not really sure what happened, but it didn't go well (check the logs)", "code":"E_SERVER"}`
2020-05-30 17:14:40 -06:00
log.Printf("/api/devices/%s\n", slug)
http.Error(w, msg, http.StatusInternalServerError)
// Redact private data
if "" != auth.MachinePPID {
auth.MachinePPID = "[redacted]"
if "" != auth.SharedKey {
auth.SharedKey = "[redacted]"
result, _ := json.Marshal(auth)
2020-05-31 06:19:41 -06:00
w.Write([]byte(string(result) + "\n"))
2020-05-30 17:14:40 -06:00
r.Delete("/{slug}", func(w http.ResponseWriter, r *http.Request) {
slug := chi.URLParam(r, "slug")
auth, err := store.Get(slug)
if nil == auth {
2020-08-14 03:24:32 -06:00
var msg string
if err == authstore.ErrNotFound {
msg = `{"error":"not really sure what happened, but it didn't go well (check the logs)", "code":"E_NOT_FOUND"}`
} else {
msg = `{"error":"not really sure what happened, but it didn't go well (check the logs)", "code":"E_SERVER"}`
2020-05-30 17:14:40 -06:00
log.Printf("/api/devices/%s\n", slug)
http.Error(w, msg, http.StatusInternalServerError)
2020-06-22 00:34:42 -06:00
if err := store.Delete(auth); nil != err {
2020-08-14 03:24:32 -06:00
msg := `{"error":"not really sure what happened, but it didn't go well (check the logs)", "code":"E_SERVER"}`
2020-06-22 00:34:42 -06:00
log.Printf("/api/devices/%s\n", slug)
http.Error(w, msg, http.StatusInternalServerError)
2020-05-31 06:19:41 -06:00
w.Write([]byte(`{"success":true}` + "\n"))
2020-05-30 17:14:40 -06:00