Handle user authentication: display user related zones

2019-10-04 15:47:20 +02:00 · 2019-10-04 15:47:20 +02:00 · 97051c5a25
parent 69baae1310
commit 97051c5a25
3 changed files with 67 additions and 21 deletions
--- a/api/zones.go
+++ b/api/zones.go
@ -6,6 +6,7 @@ import (
 	"fmt"
 	"io"
 	"net/http"
+	"strings"
 	"time"

 	"github.com/julienschmidt/httprouter"
@ -15,17 +16,17 @@ import (
 )

 func init() {
-	router.GET("/api/zones", apiHandler(getZones))
-	router.POST("/api/zones", apiHandler(addZone))
-	router.DELETE("/api/zones/:zone", apiHandler(zoneHandler(delZone)))
-	router.GET("/api/zones/:zone", apiHandler(zoneHandler(getZone)))
-	router.GET("/api/zones/:zone/rr", apiHandler(zoneHandler(axfrZone)))
-	router.POST("/api/zones/:zone/rr", apiHandler(zoneHandler(addRR)))
-	router.DELETE("/api/zones/:zone/rr", apiHandler(zoneHandler(delRR)))
+	router.GET("/api/zones", apiAuthHandler(getZones))
+	router.POST("/api/zones", apiAuthHandler(addZone))
+	router.DELETE("/api/zones/:zone", apiAuthHandler(zoneHandler(delZone)))
+	router.GET("/api/zones/:zone", apiAuthHandler(zoneHandler(getZone)))
+	router.GET("/api/zones/:zone/rr", apiAuthHandler(zoneHandler(axfrZone)))
+	router.POST("/api/zones/:zone/rr", apiAuthHandler(zoneHandler(addRR)))
+	router.DELETE("/api/zones/:zone/rr", apiAuthHandler(zoneHandler(delRR)))
 }

-func getZones(p httprouter.Params, body io.Reader) Response {
-	if zones, err := happydns.GetZones(); err != nil {
+func getZones(u happydns.User, p httprouter.Params, body io.Reader) Response {
+	if zones, err := u.GetZones(); err != nil {
 		return APIErrorResponse{
 			err: err,
 		}
@ -36,7 +37,7 @@ func getZones(p httprouter.Params, body io.Reader) Response {
 	}
 }

-func addZone(p httprouter.Params, body io.Reader) Response {
+func addZone(u happydns.User, p httprouter.Params, body io.Reader) Response {
 	var uz happydns.Zone
 	err := json.NewDecoder(body).Decode(&uz)
 	if err != nil {
@ -63,7 +64,7 @@ func addZone(p httprouter.Params, body io.Reader) Response {
 		return APIErrorResponse{
 			err: errors.New("This zone already exists."),
 		}
-	} else if zone, err := uz.NewZone(); err != nil {
+	} else if zone, err := uz.NewZone(u); err != nil {
 		return APIErrorResponse{
 			err: err,
 		}
@ -86,9 +87,9 @@ func delZone(zone happydns.Zone, body io.Reader) Response {
 	}
 }

-func zoneHandler(f func(happydns.Zone, io.Reader) Response) func(httprouter.Params, io.Reader) Response {
-	return func(ps httprouter.Params, body io.Reader) Response {
-		if zone, err := happydns.GetZoneByDN(ps.ByName("zone")); err != nil {
+func zoneHandler(f func(happydns.Zone, io.Reader) Response) func(happydns.User, httprouter.Params, io.Reader) Response {
+	return func(u happydns.User, ps httprouter.Params, body io.Reader) Response {
+		if zone, err := u.GetZoneByDN(ps.ByName("zone")); err != nil {
 			return APIErrorResponse{
 				status: http.StatusNotFound,
 				err:    errors.New("Domain not found"),
--- a/struct/db.go
+++ b/struct/db.go
@ -80,11 +80,13 @@ CREATE TABLE IF NOT EXISTS user_sessions(
 	if _, err := db.Exec(`
 CREATE TABLE IF NOT EXISTS zones(
  id_zone INTEGER NOT NULL PRIMARY KEY AUTO_INCREMENT,
+  id_user INTEGER NOT NULL,
  domain VARCHAR(255) NOT NULL,
  server VARCHAR(255),
  key_name VARCHAR(255) NOT NULL,
  key_algo ENUM("hmac-md5.sig-alg.reg.int.", "hmac-sha1.", "hmac-sha224.", "hmac-sha256.", "hmac-sha384.", "hmac-sha512.") NOT NULL DEFAULT "hmac-sha256.",
-  key_blob BLOB NOT NULL
+  key_blob BLOB NOT NULL,
+  FOREIGN KEY(id_user) REFERENCES users(id_user)
 ) DEFAULT CHARACTER SET = utf8mb4 COLLATE = utf8mb4_unicode_ci;
 `); err != nil {
 		return err
--- a/struct/zone.go
+++ b/struct/zone.go
@ -6,6 +6,7 @@ import (

 type Zone struct {
 	Id         int64  `json:"id"`
+	idUser     int64
 	DomainName string `json:"domain"`
 	Server     string `json:"server,omitempty"`
 	KeyName    string `json:"keyname,omitempty"`
@ -14,14 +15,35 @@ type Zone struct {
 }

 func GetZones() (zones []Zone, err error) {
-	if rows, errr := DBQuery("SELECT id_zone, domain, server, key_name, key_algo, key_blob FROM zones"); errr != nil {
+	if rows, errr := DBQuery("SELECT id_zone, id_user, domain, server, key_name, key_algo, key_blob FROM zones"); errr != nil {
 		return nil, errr
 	} else {
 		defer rows.Close()

 		for rows.Next() {
 			var z Zone
-			if err = rows.Scan(&z.Id, &z.DomainName, &z.Server, &z.KeyName, &z.KeyAlgo, &z.KeyBlob); err != nil {
+			if err = rows.Scan(&z.Id, &z.idUser, &z.DomainName, &z.Server, &z.KeyName, &z.KeyAlgo, &z.KeyBlob); err != nil {
+				return
+			}
+			zones = append(zones, z)
+		}
+		if err = rows.Err(); err != nil {
+			return
+		}
+
+		return
+	}
+}
+
+func (u *User) GetZones() (zones []Zone, err error) {
+	if rows, errr := DBQuery("SELECT id_zone, id_user, domain, server, key_name, key_algo, key_blob FROM zones WHERE id_user = ?", u.Id); errr != nil {
+		return nil, errr
+	} else {
+		defer rows.Close()
+
+		for rows.Next() {
+			var z Zone
+			if err = rows.Scan(&z.Id, &z.idUser, &z.DomainName, &z.Server, &z.KeyName, &z.KeyAlgo, &z.KeyBlob); err != nil {
 				return
 			}
 			zones = append(zones, z)
@ -35,12 +57,22 @@ func GetZones() (zones []Zone, err error) {
 }

 func GetZone(id int) (z Zone, err error) {
-	err = DBQueryRow("SELECT id_user, domain, server, key_name, key_algo, key_blob FROM zones WHERE id_zone=?", id).Scan(&z.Id, &z.DomainName, &z.Server, &z.KeyName, &z.KeyAlgo, &z.KeyBlob)
+	err = DBQueryRow("SELECT id_zone, id_user, domain, server, key_name, key_algo, key_blob FROM zones WHERE id_zone=?", id).Scan(&z.Id, &z.idUser, &z.DomainName, &z.Server, &z.KeyName, &z.KeyAlgo, &z.KeyBlob)
+	return
+}
+
+func (u *User) GetZone(id int) (z Zone, err error) {
+	err = DBQueryRow("SELECT id_zone, id_user, domain, server, key_name, key_algo, key_blob FROM zones WHERE id_zone=? AND id_user=?", id, u.Id).Scan(&z.Id, &z.idUser, &z.DomainName, &z.Server, &z.KeyName, &z.KeyAlgo, &z.KeyBlob)
 	return
 }

 func GetZoneByDN(dn string) (z Zone, err error) {
-	err = DBQueryRow("SELECT id_zone, domain, server, key_name, key_algo, key_blob FROM zones WHERE domain=?", dn).Scan(&z.Id, &z.DomainName, &z.Server, &z.KeyName, &z.KeyAlgo, &z.KeyBlob)
+	err = DBQueryRow("SELECT id_zone, id_user, domain, server, key_name, key_algo, key_blob FROM zones WHERE domain=?", dn).Scan(&z.Id, &z.idUser, &z.DomainName, &z.Server, &z.KeyName, &z.KeyAlgo, &z.KeyBlob)
+	return
+}
+
+func (u *User) GetZoneByDN(dn string) (z Zone, err error) {
+	err = DBQueryRow("SELECT id_zone, id_user, domain, server, key_name, key_algo, key_blob FROM zones WHERE domain=? AND id_user=?", dn, u.Id).Scan(&z.Id, &z.idUser, &z.DomainName, &z.Server, &z.KeyName, &z.KeyAlgo, &z.KeyBlob)
 	return
 }

@ -50,8 +82,8 @@ func ZoneExists(dn string) bool {
 	return err == nil && z == 1
 }

-func (z *Zone) NewZone() (Zone, error) {
-	if res, err := DBExec("INSERT INTO zones (domain, server, key_name, key_algo, key_blob) VALUES (?, ?, ?, ?, ?)", z.DomainName, z.Server, z.KeyName, z.KeyAlgo, z.KeyBlob); err != nil {
+func (z *Zone) NewZone(u User) (Zone, error) {
+	if res, err := DBExec("INSERT INTO zones (id_user, domain, server, key_name, key_blob) VALUES (?, ?, ?, ?, ?)", u.Id, z.DomainName, z.Server, z.KeyName, z.KeyBlob); err != nil {
 		return *z, err
 	} else if z.Id, err = res.LastInsertId(); err != nil {
 		return *z, err
@ -70,6 +102,17 @@ func (z *Zone) Update() (int64, error) {
 	}
 }

+func (z *Zone) UpdateOwner(u User) (int64, error) {
+	if res, err := DBExec("UPDATE zones SET id_user = ? WHERE id_zone = ?", u.Id, z.Id); err != nil {
+		return 0, err
+	} else if nb, err := res.RowsAffected(); err != nil {
+		return 0, err
+	} else {
+		z.idUser = u.Id
+		return nb, err
+	}
+}
+
 func (z *Zone) Delete() (int64, error) {
 	if res, err := DBExec("DELETE FROM zones WHERE id_zone = ?", z.Id); err != nil {
 		return 0, err