[go: nahoru, domu]
Skip to content

Commit

Permalink
pkg, api: create package for owner validation
Browse files Browse the repository at this point in the history
  • Loading branch information
@eduardoveiga @otavio
eduardoveiga authored and otavio committed Jul 5, 2021
1 parent 3fe4947 commit c2959ce
Show file tree
Hide file tree
Showing 3 changed files with 61 additions and 96 deletions.
38 changes: 10 additions & 28 deletions api/deviceadm/service.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ import (
"errors"
"strings"

utils "github.com/shellhub-io/shellhub/api/pkg/namespace"
"github.com/shellhub-io/shellhub/api/store"
"github.com/shellhub-io/shellhub/pkg/api/paginator"
"github.com/shellhub-io/shellhub/pkg/models"
Expand All @@ -22,12 +23,11 @@ var (
type Service interface {
ListDevices(ctx context.Context, pagination paginator.Query, filter string, status string, sort string, order string) ([]models.Device, int, error)
GetDevice(ctx context.Context, uid models.UID) (*models.Device, error)
DeleteDevice(ctx context.Context, uid models.UID, tenant, username string) error
RenameDevice(ctx context.Context, uid models.UID, name, tenant, username string) error
DeleteDevice(ctx context.Context, uid models.UID, tenant, ownerID string) error
RenameDevice(ctx context.Context, uid models.UID, name, tenant, ownerID string) error
LookupDevice(ctx context.Context, namespace, name string) (*models.Device, error)
UpdateDeviceStatus(ctx context.Context, uid models.UID, online bool) error
UpdatePendingStatus(ctx context.Context, uid models.UID, status, tenant, username string) error
isNamespaceOwner(ctx context.Context, tenant, username string) error
UpdatePendingStatus(ctx context.Context, uid models.UID, status, tenant, ownerID string) error
}

type service struct {
Expand All @@ -38,24 +38,6 @@ func NewService(store store.Store) Service {
return &service{store}
}

func (s *service) isNamespaceOwner(ctx context.Context, tenant, username string) error {
namespace, err := s.store.NamespaceGet(ctx, tenant)
if err != nil {
return err
}

user, err := s.store.UserGetByUsername(ctx, username)
if err != nil {
return err
}

if user.ID != namespace.Owner {
return ErrUnauthorized
}

return nil
}

func (s *service) ListDevices(ctx context.Context, pagination paginator.Query, filterB64 string, status string, sort string, order string) ([]models.Device, int, error) {
raw, err := base64.StdEncoding.DecodeString(filterB64)
if err != nil {
Expand All @@ -74,8 +56,8 @@ func (s *service) GetDevice(ctx context.Context, uid models.UID) (*models.Device
return s.store.DeviceGet(ctx, uid)
}

func (s *service) DeleteDevice(ctx context.Context, uid models.UID, tenant, username string) error {
if err := s.isNamespaceOwner(ctx, tenant, username); err != nil {
func (s *service) DeleteDevice(ctx context.Context, uid models.UID, tenant, ownerID string) error {
if err := utils.IsNamespaceOwner(ctx, s.store, tenant, ownerID); err != nil {
return ErrUnauthorized
}

Expand All @@ -86,8 +68,8 @@ func (s *service) DeleteDevice(ctx context.Context, uid models.UID, tenant, user
return s.store.DeviceDelete(ctx, uid)
}

func (s *service) RenameDevice(ctx context.Context, uid models.UID, name, tenant, username string) error {
if err := s.isNamespaceOwner(ctx, tenant, username); err != nil {
func (s *service) RenameDevice(ctx context.Context, uid models.UID, name, tenant, ownerID string) error {
if err := utils.IsNamespaceOwner(ctx, s.store, tenant, ownerID); err != nil {
return ErrUnauthorized
}

Expand Down Expand Up @@ -137,8 +119,8 @@ func (s *service) UpdateDeviceStatus(ctx context.Context, uid models.UID, online
return s.store.DeviceSetOnline(ctx, uid, online)
}

func (s *service) UpdatePendingStatus(ctx context.Context, uid models.UID, status, tenant, username string) error {
if err := s.isNamespaceOwner(ctx, tenant, username); err != nil {
func (s *service) UpdatePendingStatus(ctx context.Context, uid models.UID, status, tenant, ownerID string) error {
if err := utils.IsNamespaceOwner(ctx, s.store, tenant, ownerID); err != nil {
return ErrUnauthorized
}

Expand Down
79 changes: 11 additions & 68 deletions api/nsadm/service.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ import (
"errors"
"strings"

utils "github.com/shellhub-io/shellhub/api/pkg/namespace"
"github.com/shellhub-io/shellhub/api/store"
"github.com/shellhub-io/shellhub/pkg/api/paginator"
"github.com/shellhub-io/shellhub/pkg/envs"
Expand Down Expand Up @@ -112,25 +113,7 @@ func (s *service) GetNamespace(ctx context.Context, tenantID string) (*models.Na
}

func (s *service) DeleteNamespace(ctx context.Context, tenantID, ownerID string) error {
ns, err := s.store.NamespaceGet(ctx, tenantID)
if err == store.ErrNoDocuments {
return ErrNamespaceNotFound
}

if err != nil {
return err
}

user, _, err := s.store.UserGetByID(ctx, ownerID, false)
if err == store.ErrNoDocuments {
return ErrUnauthorized
}

if err != nil {
return err
}

if ns.Owner != user.ID {
if err := utils.IsNamespaceOwner(ctx, s.store, tenantID, ownerID); err != nil {
return ErrUnauthorized
}

Expand Down Expand Up @@ -166,20 +149,11 @@ func (s *service) ListMembers(ctx context.Context, tenantID string) ([]models.Me
}

func (s *service) EditNamespace(ctx context.Context, tenantID, name, owner string) (*models.Namespace, error) {
ns, err := s.store.NamespaceGet(ctx, tenantID)
if err == store.ErrNoDocuments {
return nil, ErrNamespaceNotFound
}

if err != nil {
return nil, err
}

user, _, err := s.store.UserGetByID(ctx, owner, false)
if err == store.ErrNoDocuments {
if err := utils.IsNamespaceOwner(ctx, s.store, tenantID, owner); err != nil {
return nil, ErrUnauthorized
}

ns, err := s.store.NamespaceGet(ctx, tenantID)
if err != nil {
return nil, err
}
Expand All @@ -190,36 +164,18 @@ func (s *service) EditNamespace(ctx context.Context, tenantID, name, owner strin
return nil, ErrInvalidFormat
}

if ns.Name == lowerName || ns.Owner != user.ID {
if ns.Name == lowerName {
return nil, ErrUnauthorized
}

return s.store.NamespaceRename(ctx, ns.TenantID, lowerName)
}

func (s *service) AddNamespaceUser(ctx context.Context, tenantID, username, ownerID string) (*models.Namespace, error) {
ns, err := s.store.NamespaceGet(ctx, tenantID)
if err == store.ErrNoDocuments {
return nil, ErrNamespaceNotFound
}

if err != nil {
return nil, err
}

ownerUser, _, err := s.store.UserGetByID(ctx, ownerID, false)
if err == store.ErrNoDocuments {
if err := utils.IsNamespaceOwner(ctx, s.store, tenantID, ownerID); err != nil {
return nil, ErrUnauthorized
}

if err != nil {
return nil, err
}

if ns.Owner != ownerUser.ID {
return nil, ErrUserNotFound
}

user, err := s.store.UserGetByUsername(ctx, username)
if err == store.ErrNoDocuments {
return nil, ErrUserNotFound
Expand All @@ -233,22 +189,9 @@ func (s *service) AddNamespaceUser(ctx context.Context, tenantID, username, owne
}

func (s *service) RemoveNamespaceUser(ctx context.Context, tenantID, username, ownerID string) (*models.Namespace, error) {
if _, err := s.store.NamespaceGet(ctx, tenantID); err != nil {
if err == store.ErrNoDocuments {
return nil, ErrNamespaceNotFound
}

return nil, err
}

if _, _, err := s.store.UserGetByID(ctx, ownerID, false); err != nil {
if err == store.ErrNoDocuments {
return nil, ErrUnauthorized
}

return nil, err
if err := utils.IsNamespaceOwner(ctx, s.store, tenantID, ownerID); err != nil {
return nil, ErrUnauthorized
}

user, err := s.store.UserGetByUsername(ctx, username)
if err == store.ErrNoDocuments {
return nil, ErrUserNotFound
Expand All @@ -262,9 +205,9 @@ func (s *service) RemoveNamespaceUser(ctx context.Context, tenantID, username, o
}

func (s *service) EditSessionRecordStatus(ctx context.Context, sessionRecord bool, tenant string) error {
if _, err := s.GetNamespace(ctx, tenant); err != nil {
if _, err := s.store.NamespaceGet(ctx, tenant); err != nil {
if err == store.ErrNoDocuments {
return ErrUnauthorized
return ErrNamespaceNotFound
}

return err
Expand All @@ -276,7 +219,7 @@ func (s *service) EditSessionRecordStatus(ctx context.Context, sessionRecord boo
func (s *service) GetSessionRecord(ctx context.Context, tenant string) (bool, error) {
if _, err := s.store.NamespaceGet(ctx, tenant); err != nil {
if err == store.ErrNoDocuments {
return false, ErrUnauthorized
return false, ErrNamespaceNotFound
}

return false, err
Expand Down
40 changes: 40 additions & 0 deletions api/pkg/namespace/namespace.go
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,40 @@
package namespace

import (
"context"
"errors"

"github.com/shellhub-io/shellhub/api/store"
)

var (
ErrUnauthorized = errors.New("unauthorized")
ErrUserNotFound = errors.New("user not found")
ErrNamespaceNotFound = errors.New("namespace not found")
)

func IsNamespaceOwner(ctx context.Context, s store.Store, tenantID, ownerID string) error {
user, _, err := s.UserGetByID(ctx, ownerID, false)
if err == store.ErrNoDocuments {
return ErrUnauthorized
}

if err != nil {
return err
}

ns, err := s.NamespaceGet(ctx, tenantID)
if err == store.ErrNoDocuments {
return ErrNamespaceNotFound
}

if err != nil {
return err
}

if ns.Owner != user.ID {
return ErrUnauthorized
}

return nil
}

0 comments on commit c2959ce

Please sign in to comment.