2022-03-23 17:30:39 +00:00
|
|
|
// Copyright (C) 2020 Storj Labs, Inc.
|
|
|
|
|
// See LICENSE for copying information.
|
|
|
|
|
|
|
|
|
|
package admin
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"database/sql"
|
|
|
|
|
"encoding/json"
|
|
|
|
|
"errors"
|
|
|
|
|
"fmt"
|
2022-10-11 12:39:08 +01:00
|
|
|
"io"
|
2022-03-23 17:30:39 +00:00
|
|
|
"net/http"
|
|
|
|
|
"time"
|
|
|
|
|
|
|
|
|
|
"github.com/gorilla/mux"
|
|
|
|
|
)
|
|
|
|
|
|
2022-04-12 17:59:07 +01:00
|
|
|
func (server *Server) addRESTKey(w http.ResponseWriter, r *http.Request) {
|
2022-03-23 17:30:39 +00:00
|
|
|
ctx := r.Context()
|
|
|
|
|
|
|
|
|
|
vars := mux.Vars(r)
|
|
|
|
|
userEmail, ok := vars["useremail"]
|
|
|
|
|
if !ok {
|
|
|
|
|
sendJSONError(w, "user-email missing",
|
|
|
|
|
"", http.StatusBadRequest)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
user, err := server.db.Console().Users().GetByEmail(ctx, userEmail)
|
|
|
|
|
if errors.Is(err, sql.ErrNoRows) {
|
|
|
|
|
sendJSONError(w, fmt.Sprintf("user with email %q does not exist", userEmail),
|
|
|
|
|
"", http.StatusNotFound)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
if err != nil {
|
|
|
|
|
sendJSONError(w, "failed to get user",
|
|
|
|
|
err.Error(), http.StatusInternalServerError)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2022-10-11 12:39:08 +01:00
|
|
|
body, err := io.ReadAll(r.Body)
|
2022-03-23 17:30:39 +00:00
|
|
|
if err != nil {
|
|
|
|
|
sendJSONError(w, "failed to read body",
|
|
|
|
|
err.Error(), http.StatusInternalServerError)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
var input struct {
|
|
|
|
|
Expiration string `json:"expiration"`
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
err = json.Unmarshal(body, &input)
|
|
|
|
|
if err != nil {
|
|
|
|
|
sendJSONError(w, "failed to unmarshal request",
|
|
|
|
|
err.Error(), http.StatusBadRequest)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
var expiration time.Duration
|
|
|
|
|
if input.Expiration != "" {
|
|
|
|
|
expiration, err = time.ParseDuration(input.Expiration)
|
|
|
|
|
if err != nil {
|
|
|
|
|
sendJSONError(w, "failed to parse expiration. Use format: 00h00m00s",
|
|
|
|
|
err.Error(), http.StatusBadRequest)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2022-04-12 17:59:07 +01:00
|
|
|
apiKey, expiresAt, err := server.restKeys.Create(ctx, user.ID, expiration)
|
2022-03-23 17:30:39 +00:00
|
|
|
if err != nil {
|
|
|
|
|
sendJSONError(w, "api key creation failed",
|
|
|
|
|
err.Error(), http.StatusInternalServerError)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
var output struct {
|
|
|
|
|
APIKey string `json:"apikey"`
|
|
|
|
|
ExpiresAt time.Time `json:"expiresAt"`
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
output.APIKey = apiKey
|
|
|
|
|
output.ExpiresAt = expiresAt
|
|
|
|
|
|
|
|
|
|
data, err := json.Marshal(output)
|
|
|
|
|
if err != nil {
|
|
|
|
|
sendJSONError(w, "json encoding failed",
|
|
|
|
|
err.Error(), http.StatusInternalServerError)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
sendJSONData(w, http.StatusOK, data)
|
|
|
|
|
}
|
|
|
|
|
|
2022-04-12 17:59:07 +01:00
|
|
|
func (server *Server) revokeRESTKey(w http.ResponseWriter, r *http.Request) {
|
2022-03-23 17:30:39 +00:00
|
|
|
ctx := r.Context()
|
|
|
|
|
|
|
|
|
|
vars := mux.Vars(r)
|
|
|
|
|
apiKey, ok := vars["apikey"]
|
|
|
|
|
if !ok {
|
|
|
|
|
sendJSONError(w, "api key missing",
|
|
|
|
|
"", http.StatusBadRequest)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2022-04-12 17:59:07 +01:00
|
|
|
err := server.restKeys.Revoke(ctx, apiKey)
|
2022-03-23 17:30:39 +00:00
|
|
|
if err != nil {
|
|
|
|
|
sendJSONError(w, "failed to revoke api key",
|
|
|
|
|
err.Error(), http.StatusNotFound)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
}
|
