nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-07-19 00:21:35 -05:00
Code Activity

[SM-460] Isolate SecretsManager files (#2616)

Browse Source 
Move SecretsManager files to directories called SecretsManager and add CodeOwners
This commit is contained in:
Oscar Hinton
2023-01-24 19:57:28 +01:00
committed by GitHub
parent 4041d7f009
commit 59f5285c88
122 changed files with 449 additions and 419 deletions
Download Patch File Download Diff File Expand all files Collapse all files

68
src/Api/SecretsManager/Controllers/AccessPoliciesController.cs Normal file
View File

@ -0,0 +1,68 @@
using Bit.Api.SecretsManager.Models.Request;
using Bit.Api.SecretsManager.Models.Response;
using Bit.Core.SecretsManager.Commands.AccessPolicies.Interfaces;
using Bit.Core.SecretsManager.Entities;
using Bit.Core.SecretsManager.Repositories;
using Microsoft.AspNetCore.Mvc;
namespace Bit.Api.SecretsManager.Controllers;
[SecretsManager]
[Route("access-policies")]
public class AccessPoliciesController : Controller
{
private readonly IAccessPolicyRepository _accessPolicyRepository;
private readonly ICreateAccessPoliciesCommand _createAccessPoliciesCommand;
private readonly IDeleteAccessPolicyCommand _deleteAccessPolicyCommand;
private readonly IUpdateAccessPolicyCommand _updateAccessPolicyCommand;
public AccessPoliciesController(
IAccessPolicyRepository accessPolicyRepository,
ICreateAccessPoliciesCommand createAccessPoliciesCommand,
IDeleteAccessPolicyCommand deleteAccessPolicyCommand,
IUpdateAccessPolicyCommand updateAccessPolicyCommand)
{
_accessPolicyRepository = accessPolicyRepository;
_createAccessPoliciesCommand = createAccessPoliciesCommand;
_deleteAccessPolicyCommand = deleteAccessPolicyCommand;
_updateAccessPolicyCommand = updateAccessPolicyCommand;
}
[HttpPost("/projects/{id}/access-policies")]
public async Task<ProjectAccessPoliciesResponseModel> CreateProjectAccessPoliciesAsync([FromRoute] Guid id,
[FromBody] AccessPoliciesCreateRequest request)
{
var policies = request.ToBaseAccessPoliciesForProject(id);
var results = await _createAccessPoliciesCommand.CreateAsync(policies);
return new ProjectAccessPoliciesResponseModel(results);
}
[HttpGet("/projects/{id}/access-policies")]
public async Task<ProjectAccessPoliciesResponseModel> GetProjectAccessPoliciesAsync([FromRoute] Guid id)
{
var results = await _accessPolicyRepository.GetManyByProjectId(id);
return new ProjectAccessPoliciesResponseModel(results);
}
[HttpPut("{id}")]
public async Task<BaseAccessPolicyResponseModel> UpdateAccessPolicyAsync([FromRoute] Guid id,
[FromBody] AccessPolicyUpdateRequest request)
{
var result = await _updateAccessPolicyCommand.UpdateAsync(id, request.Read, request.Write);
return result switch
{
UserProjectAccessPolicy accessPolicy => new UserProjectAccessPolicyResponseModel(accessPolicy),
GroupProjectAccessPolicy accessPolicy => new GroupProjectAccessPolicyResponseModel(accessPolicy),
ServiceAccountProjectAccessPolicy accessPolicy => new ServiceAccountProjectAccessPolicyResponseModel(
accessPolicy),
_ => throw new ArgumentException("Unsupported access policy type provided.")
};
}
[HttpDelete("{id}")]
public async Task DeleteAccessPolicyAsync([FromRoute] Guid id)
{
await _deleteAccessPolicyCommand.DeleteAsync(id);
}
}

112
src/Api/SecretsManager/Controllers/ProjectsController.cs Normal file
View File

@ -0,0 +1,112 @@
using Bit.Api.Models.Response;
using Bit.Api.SecretsManager.Models.Request;
using Bit.Api.SecretsManager.Models.Response;
using Bit.Core.Context;
using Bit.Core.Enums;
using Bit.Core.Exceptions;
using Bit.Core.SecretsManager.Commands.Projects.Interfaces;
using Bit.Core.SecretsManager.Repositories;
using Bit.Core.Services;
using Microsoft.AspNetCore.Mvc;
namespace Bit.Api.SecretsManager.Controllers;
[SecretsManager]
public class ProjectsController : Controller
{
private readonly IUserService _userService;
private readonly IProjectRepository _projectRepository;
private readonly ICreateProjectCommand _createProjectCommand;
private readonly IUpdateProjectCommand _updateProjectCommand;
private readonly IDeleteProjectCommand _deleteProjectCommand;
private readonly ICurrentContext _currentContext;
public ProjectsController(
IUserService userService,
IProjectRepository projectRepository,
ICreateProjectCommand createProjectCommand,
IUpdateProjectCommand updateProjectCommand,
IDeleteProjectCommand deleteProjectCommand,
ICurrentContext currentContext)
{
_userService = userService;
_projectRepository = projectRepository;
_createProjectCommand = createProjectCommand;
_updateProjectCommand = updateProjectCommand;
_deleteProjectCommand = deleteProjectCommand;
_currentContext = currentContext;
}
[HttpPost("organizations/{organizationId}/projects")]
public async Task<ProjectResponseModel> CreateAsync([FromRoute] Guid organizationId, [FromBody] ProjectCreateRequestModel createRequest)
{
if (!await _currentContext.OrganizationUser(organizationId))
{
throw new NotFoundException();
}
var result = await _createProjectCommand.CreateAsync(createRequest.ToProject(organizationId));
return new ProjectResponseModel(result);
}
[HttpPut("projects/{id}")]
public async Task<ProjectResponseModel> UpdateProjectAsync([FromRoute] Guid id, [FromBody] ProjectUpdateRequestModel updateRequest)
{
var userId = _userService.GetProperUserId(User).Value;
var result = await _updateProjectCommand.UpdateAsync(updateRequest.ToProject(id), userId);
return new ProjectResponseModel(result);
}
[HttpGet("organizations/{organizationId}/projects")]
public async Task<ListResponseModel<ProjectResponseModel>> GetProjectsByOrganizationAsync(
[FromRoute] Guid organizationId)
{
var userId = _userService.GetProperUserId(User).Value;
var orgAdmin = await _currentContext.OrganizationAdmin(organizationId);
var accessClient = AccessClientHelper.ToAccessClient(_currentContext.ClientType, orgAdmin);
var projects = await _projectRepository.GetManyByOrganizationIdAsync(organizationId, userId, accessClient);
var responses = projects.Select(project => new ProjectResponseModel(project));
return new ListResponseModel<ProjectResponseModel>(responses);
}
[HttpGet("projects/{id}")]
public async Task<ProjectResponseModel> GetProjectAsync([FromRoute] Guid id)
{
var project = await _projectRepository.GetByIdAsync(id);
if (project == null)
{
throw new NotFoundException();
}
var userId = _userService.GetProperUserId(User).Value;
var orgAdmin = await _currentContext.OrganizationAdmin(project.OrganizationId);
var accessClient = AccessClientHelper.ToAccessClient(_currentContext.ClientType, orgAdmin);
var hasAccess = accessClient switch
{
AccessClientType.NoAccessCheck => true,
AccessClientType.User => await _projectRepository.UserHasReadAccessToProject(id, userId),
_ => false,
};
if (!hasAccess)
{
throw new NotFoundException();
}
return new ProjectResponseModel(project);
}
[HttpPost("projects/delete")]
public async Task<ListResponseModel<BulkDeleteResponseModel>> BulkDeleteProjectsAsync([FromBody] List<Guid> ids)
{
var userId = _userService.GetProperUserId(User).Value;
var results = await _deleteProjectCommand.DeleteProjects(ids, userId);
var responses = results.Select(r => new BulkDeleteResponseModel(r.Item1.Id, r.Item2));
return new ListResponseModel<BulkDeleteResponseModel>(responses);
}
}

79
src/Api/SecretsManager/Controllers/SecretsController.cs Normal file
View File

@ -0,0 +1,79 @@
using Bit.Api.Models.Response;
using Bit.Api.SecretsManager.Models.Request;
using Bit.Api.SecretsManager.Models.Response;
using Bit.Core.Exceptions;
using Bit.Core.SecretsManager.Commands.Secrets.Interfaces;
using Bit.Core.SecretsManager.Repositories;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
namespace Bit.Api.SecretsManager.Controllers;
[SecretsManager]
[Authorize("secrets")]
public class SecretsController : Controller
{
private readonly ISecretRepository _secretRepository;
private readonly IProjectRepository _projectRepository;
private readonly ICreateSecretCommand _createSecretCommand;
private readonly IUpdateSecretCommand _updateSecretCommand;
private readonly IDeleteSecretCommand _deleteSecretCommand;
public SecretsController(ISecretRepository secretRepository, IProjectRepository projectRepository, ICreateSecretCommand createSecretCommand, IUpdateSecretCommand updateSecretCommand, IDeleteSecretCommand deleteSecretCommand)
{
_secretRepository = secretRepository;
_projectRepository = projectRepository;
_createSecretCommand = createSecretCommand;
_updateSecretCommand = updateSecretCommand;
_deleteSecretCommand = deleteSecretCommand;
}
[HttpGet("organizations/{organizationId}/secrets")]
public async Task<SecretWithProjectsListResponseModel> GetSecretsByOrganizationAsync([FromRoute] Guid organizationId)
{
var secrets = await _secretRepository.GetManyByOrganizationIdAsync(organizationId);
return new SecretWithProjectsListResponseModel(secrets);
}
[HttpGet("secrets/{id}")]
public async Task<SecretResponseModel> GetSecretAsync([FromRoute] Guid id)
{
var secret = await _secretRepository.GetByIdAsync(id);
if (secret == null)
{
throw new NotFoundException();
}
return new SecretResponseModel(secret);
}
[HttpGet("projects/{projectId}/secrets")]
public async Task<SecretWithProjectsListResponseModel> GetSecretsByProjectAsync([FromRoute] Guid projectId)
{
var secrets = await _secretRepository.GetManyByProjectIdAsync(projectId);
var responses = secrets.Select(s => new SecretResponseModel(s));
return new SecretWithProjectsListResponseModel(secrets);
}
[HttpPost("organizations/{organizationId}/secrets")]
public async Task<SecretResponseModel> CreateSecretAsync([FromRoute] Guid organizationId, [FromBody] SecretCreateRequestModel createRequest)
{
var result = await _createSecretCommand.CreateAsync(createRequest.ToSecret(organizationId));
return new SecretResponseModel(result);
}
[HttpPut("secrets/{id}")]
public async Task<SecretResponseModel> UpdateSecretAsync([FromRoute] Guid id, [FromBody] SecretUpdateRequestModel updateRequest)
{
var result = await _updateSecretCommand.UpdateAsync(updateRequest.ToSecret(id));
return new SecretResponseModel(result);
}
// TODO Once permissions are setup for Secrets Manager need to enforce them on delete.
[HttpPost("secrets/delete")]
public async Task<ListResponseModel<BulkDeleteResponseModel>> BulkDeleteAsync([FromBody] List<Guid> ids)
{
var results = await _deleteSecretCommand.DeleteSecrets(ids);
var responses = results.Select(r => new BulkDeleteResponseModel(r.Item1.Id, r.Item2));
return new ListResponseModel<BulkDeleteResponseModel>(responses);
}
}

120
src/Api/SecretsManager/Controllers/ServiceAccountsController.cs Normal file
View File

@ -0,0 +1,120 @@
using Bit.Api.Models.Response;
using Bit.Api.SecretsManager.Models.Request;
using Bit.Api.SecretsManager.Models.Response;
using Bit.Core.Context;
using Bit.Core.Enums;
using Bit.Core.Exceptions;
using Bit.Core.SecretsManager.Commands.AccessTokens.Interfaces;
using Bit.Core.SecretsManager.Commands.ServiceAccounts.Interfaces;
using Bit.Core.SecretsManager.Repositories;
using Bit.Core.Services;
using Microsoft.AspNetCore.Mvc;
namespace Bit.Api.SecretsManager.Controllers;
[SecretsManager]
[Route("service-accounts")]
public class ServiceAccountsController : Controller
{
private readonly IApiKeyRepository _apiKeyRepository;
private readonly ICreateAccessTokenCommand _createAccessTokenCommand;
private readonly ICreateServiceAccountCommand _createServiceAccountCommand;
private readonly ICurrentContext _currentContext;
private readonly IServiceAccountRepository _serviceAccountRepository;
private readonly IUpdateServiceAccountCommand _updateServiceAccountCommand;
private readonly IUserService _userService;
public ServiceAccountsController(
IUserService userService,
IServiceAccountRepository serviceAccountRepository,
ICreateAccessTokenCommand createAccessTokenCommand,
IApiKeyRepository apiKeyRepository, ICreateServiceAccountCommand createServiceAccountCommand,
IUpdateServiceAccountCommand updateServiceAccountCommand,
ICurrentContext currentContext)
{
_userService = userService;
_serviceAccountRepository = serviceAccountRepository;
_apiKeyRepository = apiKeyRepository;
_createServiceAccountCommand = createServiceAccountCommand;
_updateServiceAccountCommand = updateServiceAccountCommand;
_createAccessTokenCommand = createAccessTokenCommand;
_currentContext = currentContext;
}
[HttpGet("/organizations/{organizationId}/service-accounts")]
public async Task<ListResponseModel<ServiceAccountResponseModel>> GetServiceAccountsByOrganizationAsync(
[FromRoute] Guid organizationId)
{
var userId = _userService.GetProperUserId(User).Value;
var orgAdmin = await _currentContext.OrganizationAdmin(organizationId);
var accessClient = AccessClientHelper.ToAccessClient(_currentContext.ClientType, orgAdmin);
var serviceAccounts =
await _serviceAccountRepository.GetManyByOrganizationIdAsync(organizationId, userId, accessClient);
var responses = serviceAccounts.Select(serviceAccount => new ServiceAccountResponseModel(serviceAccount));
return new ListResponseModel<ServiceAccountResponseModel>(responses);
}
[HttpPost("/organizations/{organizationId}/service-accounts")]
public async Task<ServiceAccountResponseModel> CreateServiceAccountAsync([FromRoute] Guid organizationId,
[FromBody] ServiceAccountCreateRequestModel createRequest)
{
if (!await _currentContext.OrganizationUser(organizationId))
{
throw new NotFoundException();
}
var result = await _createServiceAccountCommand.CreateAsync(createRequest.ToServiceAccount(organizationId));
return new ServiceAccountResponseModel(result);
}
[HttpPut("{id}")]
public async Task<ServiceAccountResponseModel> UpdateServiceAccountAsync([FromRoute] Guid id,
[FromBody] ServiceAccountUpdateRequestModel updateRequest)
{
var userId = _userService.GetProperUserId(User).Value;
var result = await _updateServiceAccountCommand.UpdateAsync(updateRequest.ToServiceAccount(id), userId);
return new ServiceAccountResponseModel(result);
}
[HttpGet("{id}/access-tokens")]
public async Task<ListResponseModel<AccessTokenResponseModel>> GetAccessTokens([FromRoute] Guid id)
{
var userId = _userService.GetProperUserId(User).Value;
var serviceAccount = await _serviceAccountRepository.GetByIdAsync(id);
if (serviceAccount == null)
{
throw new NotFoundException();
}
var orgAdmin = await _currentContext.OrganizationAdmin(serviceAccount.OrganizationId);
var accessClient = AccessClientHelper.ToAccessClient(_currentContext.ClientType, orgAdmin);
var hasAccess = accessClient switch
{
AccessClientType.NoAccessCheck => true,
AccessClientType.User => await _serviceAccountRepository.UserHasReadAccessToServiceAccount(id, userId),
_ => false,
};
if (!hasAccess)
{
throw new NotFoundException();
}
var accessTokens = await _apiKeyRepository.GetManyByServiceAccountIdAsync(id);
var responses = accessTokens.Select(token => new AccessTokenResponseModel(token));
return new ListResponseModel<AccessTokenResponseModel>(responses);
}
[HttpPost("{id}/access-tokens")]
public async Task<AccessTokenCreationResponseModel> CreateAccessTokenAsync([FromRoute] Guid id,
[FromBody] AccessTokenCreateRequestModel request)
{
var userId = _userService.GetProperUserId(User).Value;
var result = await _createAccessTokenCommand.CreateAsync(request.ToApiKey(id), userId);
return new AccessTokenCreationResponseModel(result);
}
}

77
src/Api/SecretsManager/Models/Request/AccessPoliciesCreateRequest.cs Normal file
View File

@ -0,0 +1,77 @@
#nullable enable
using System.ComponentModel.DataAnnotations;
using Bit.Core.Exceptions;
using Bit.Core.SecretsManager.Entities;
namespace Bit.Api.SecretsManager.Models.Request;
public class AccessPoliciesCreateRequest
{
public IEnumerable<AccessPolicyRequest>? UserAccessPolicyRequests { get; set; }
public IEnumerable<AccessPolicyRequest>? GroupAccessPolicyRequests { get; set; }
public IEnumerable<AccessPolicyRequest>? ServiceAccountAccessPolicyRequests { get; set; }
public List<BaseAccessPolicy> ToBaseAccessPoliciesForProject(Guid projectId)
{
if (UserAccessPolicyRequests == null && GroupAccessPolicyRequests == null && ServiceAccountAccessPolicyRequests == null)
{
throw new BadRequestException("No creation requests provided.");
}
var userAccessPolicies = UserAccessPolicyRequests?
.Select(x => x.ToUserProjectAccessPolicy(projectId)).ToList();
var groupAccessPolicies = GroupAccessPolicyRequests?
.Select(x => x.ToGroupProjectAccessPolicy(projectId)).ToList();
var serviceAccountAccessPolicies = ServiceAccountAccessPolicyRequests?
.Select(x => x.ToServiceAccountProjectAccessPolicy(projectId)).ToList();
var policies = new List<BaseAccessPolicy>();
if (userAccessPolicies != null) { policies.AddRange(userAccessPolicies); }
if (groupAccessPolicies != null) { policies.AddRange(groupAccessPolicies); }
if (serviceAccountAccessPolicies != null) { policies.AddRange(serviceAccountAccessPolicies); }
return policies;
}
}
public class AccessPolicyRequest
{
[Required]
public Guid GranteeId { get; set; }
[Required]
public bool Read { get; set; }
[Required]
public bool Write { get; set; }
public UserProjectAccessPolicy ToUserProjectAccessPolicy(Guid projectId) =>
new()
{
OrganizationUserId = GranteeId,
GrantedProjectId = projectId,
Read = Read,
Write = Write
};
public GroupProjectAccessPolicy ToGroupProjectAccessPolicy(Guid projectId) =>
new()
{
GroupId = GranteeId,
GrantedProjectId = projectId,
Read = Read,
Write = Write
};
public ServiceAccountProjectAccessPolicy ToServiceAccountProjectAccessPolicy(Guid projectId) =>
new()
{
ServiceAccountId = GranteeId,
GrantedProjectId = projectId,
Read = Read,
Write = Write
};
}

12
src/Api/SecretsManager/Models/Request/AccessPolicyUpdateRequest.cs Normal file
View File

@ -0,0 +1,12 @@
using System.ComponentModel.DataAnnotations;
namespace Bit.Api.SecretsManager.Models.Request;
public class AccessPolicyUpdateRequest
{
[Required]
public bool Read { get; set; }
[Required]
public bool Write { get; set; }
}

37
src/Api/SecretsManager/Models/Request/AccessTokenCreateRequestModel.cs Normal file
View File

@ -0,0 +1,37 @@
using System.ComponentModel.DataAnnotations;
using Bit.Core.SecretsManager.Entities;
using Bit.Core.Utilities;
namespace Bit.Api.SecretsManager.Models.Request;
public class AccessTokenCreateRequestModel
{
[Required]
[EncryptedString]
[EncryptedStringLength(200)]
public string Name { get; set; }
[Required]
[EncryptedString]
[EncryptedStringLength(4000)]
public string EncryptedPayload { get; set; }
[Required]
[EncryptedString]
public string Key { get; set; }
public DateTime? ExpireAt { get; set; }
public ApiKey ToApiKey(Guid serviceAccountId)
{
return new ApiKey()
{
ServiceAccountId = serviceAccountId,
Name = Name,
Key = Key,
ExpireAt = ExpireAt,
Scope = "[\"api.secrets\"]",
EncryptedPayload = EncryptedPayload,
};
}
}

21
src/Api/SecretsManager/Models/Request/ProjectCreateRequestModel.cs Normal file
View File

@ -0,0 +1,21 @@
using System.ComponentModel.DataAnnotations;
using Bit.Core.SecretsManager.Entities;
using Bit.Core.Utilities;
namespace Bit.Api.SecretsManager.Models.Request;
public class ProjectCreateRequestModel
{
[Required]
[EncryptedString]
public string Name { get; set; }
public Project ToProject(Guid organizationId)
{
return new Project()
{
OrganizationId = organizationId,
Name = Name,
};
}
}

22
src/Api/SecretsManager/Models/Request/ProjectUpdateRequestModel.cs Normal file
View File

@ -0,0 +1,22 @@
using System.ComponentModel.DataAnnotations;
using Bit.Core.SecretsManager.Entities;
using Bit.Core.Utilities;
namespace Bit.Api.SecretsManager.Models.Request;
public class ProjectUpdateRequestModel
{
[Required]
[EncryptedString]
public string Name { get; set; }
public Project ToProject(Guid id)
{
return new Project()
{
Id = id,
Name = Name,
};
}
}

35
src/Api/SecretsManager/Models/Request/SecretCreateRequestModel.cs Normal file
View File

@ -0,0 +1,35 @@
using System.ComponentModel.DataAnnotations;
using Bit.Core.SecretsManager.Entities;
using Bit.Core.Utilities;
namespace Bit.Api.SecretsManager.Models.Request;
public class SecretCreateRequestModel
{
[Required]
[EncryptedString]
public string Key { get; set; }
[Required]
[EncryptedString]
public string Value { get; set; }
[Required]
[EncryptedString]
public string Note { get; set; }
public Guid[] ProjectIds { get; set; }
public Secret ToSecret(Guid organizationId)
{
return new Secret()
{
OrganizationId = organizationId,
Key = Key,
Value = Value,
Note = Note,
DeletedDate = null,
Projects = ProjectIds != null && ProjectIds.Any() ? ProjectIds.Select(x => new Project() { Id = x }).ToList() : null,
};
}
}

35
src/Api/SecretsManager/Models/Request/SecretUpdateRequestModel.cs Normal file
View File

@ -0,0 +1,35 @@
using System.ComponentModel.DataAnnotations;
using Bit.Core.SecretsManager.Entities;
using Bit.Core.Utilities;
namespace Bit.Api.SecretsManager.Models.Request;
public class SecretUpdateRequestModel
{
[Required]
[EncryptedString]
public string Key { get; set; }
[Required]
[EncryptedString]
public string Value { get; set; }
[Required]
[EncryptedString]
public string Note { get; set; }
public Guid[] ProjectIds { get; set; }
public Secret ToSecret(Guid id)
{
return new Secret()
{
Id = id,
Key = Key,
Value = Value,
Note = Note,
DeletedDate = null,
Projects = ProjectIds != null && ProjectIds.Any() ? ProjectIds.Select(x => new Project() { Id = x }).ToList() : null,
};
}
}

21
src/Api/SecretsManager/Models/Request/SerivceAccountUpdateRequestModel.cs Normal file
View File

@ -0,0 +1,21 @@
using System.ComponentModel.DataAnnotations;
using Bit.Core.SecretsManager.Entities;
using Bit.Core.Utilities;
namespace Bit.Api.SecretsManager.Models.Request;
public class ServiceAccountUpdateRequestModel
{
[Required]
[EncryptedString]
public string Name { get; set; }
public ServiceAccount ToServiceAccount(Guid id)
{
return new ServiceAccount()
{
Id = id,
Name = Name,
};
}
}

21
src/Api/SecretsManager/Models/Request/ServiceAccountCreateRequestModel.cs Normal file
View File

@ -0,0 +1,21 @@
using System.ComponentModel.DataAnnotations;
using Bit.Core.SecretsManager.Entities;
using Bit.Core.Utilities;
namespace Bit.Api.SecretsManager.Models.Request;
public class ServiceAccountCreateRequestModel
{
[Required]
[EncryptedString]
public string Name { get; set; }
public ServiceAccount ToServiceAccount(Guid organizationId)
{
return new ServiceAccount()
{
OrganizationId = organizationId,
Name = Name,
};
}
}

128
src/Api/SecretsManager/Models/Response/AccessPolicyResponseModel.cs Normal file
View File

@ -0,0 +1,128 @@
#nullable enable
using Bit.Core.Models.Api;
using Bit.Core.SecretsManager.Entities;
namespace Bit.Api.SecretsManager.Models.Response;
public abstract class BaseAccessPolicyResponseModel : ResponseModel
{
protected BaseAccessPolicyResponseModel(BaseAccessPolicy baseAccessPolicy, string obj) : base(obj)
{
Id = baseAccessPolicy.Id;
Read = baseAccessPolicy.Read;
Write = baseAccessPolicy.Write;
CreationDate = baseAccessPolicy.CreationDate;
RevisionDate = baseAccessPolicy.RevisionDate;
}
public Guid Id { get; set; }
public bool Read { get; set; }
public bool Write { get; set; }
public DateTime CreationDate { get; set; }
public DateTime RevisionDate { get; set; }
}
public class UserProjectAccessPolicyResponseModel : BaseAccessPolicyResponseModel
{
private const string _objectName = "userProjectAccessPolicy";
public UserProjectAccessPolicyResponseModel(UserProjectAccessPolicy accessPolicy) : base(accessPolicy, _objectName)
{
OrganizationUserId = accessPolicy.OrganizationUserId;
GrantedProjectId = accessPolicy.GrantedProjectId;
OrganizationUserName = accessPolicy.User?.Name;
}
public UserProjectAccessPolicyResponseModel() : base(new UserProjectAccessPolicy(), _objectName)
{
}
public Guid? OrganizationUserId { get; set; }
public string? OrganizationUserName { get; set; }
public Guid? GrantedProjectId { get; set; }
}
public class UserServiceAccountAccessPolicyResponseModel : BaseAccessPolicyResponseModel
{
private const string _objectName = "userServiceAccountAccessPolicy";
public UserServiceAccountAccessPolicyResponseModel(UserServiceAccountAccessPolicy accessPolicy)
: base(accessPolicy, _objectName)
{
OrganizationUserId = accessPolicy.OrganizationUserId;
GrantedServiceAccountId = accessPolicy.GrantedServiceAccountId;
OrganizationUserName = accessPolicy.User?.Name;
}
public UserServiceAccountAccessPolicyResponseModel() : base(new UserServiceAccountAccessPolicy(), _objectName)
{
}
public Guid? OrganizationUserId { get; set; }
public string? OrganizationUserName { get; set; }
public Guid? GrantedServiceAccountId { get; set; }
}
public class GroupProjectAccessPolicyResponseModel : BaseAccessPolicyResponseModel
{
private const string _objectName = "groupProjectAccessPolicy";
public GroupProjectAccessPolicyResponseModel(GroupProjectAccessPolicy accessPolicy)
: base(accessPolicy, _objectName)
{
GroupId = accessPolicy.GroupId;
GrantedProjectId = accessPolicy.GrantedProjectId;
GroupName = accessPolicy.Group?.Name;
}
public GroupProjectAccessPolicyResponseModel() : base(new GroupProjectAccessPolicy(), _objectName)
{
}
public Guid? GroupId { get; set; }
public string? GroupName { get; set; }
public Guid? GrantedProjectId { get; set; }
}
public class GroupServiceAccountAccessPolicyResponseModel : BaseAccessPolicyResponseModel
{
private const string _objectName = "groupServiceAccountAccessPolicy";
public GroupServiceAccountAccessPolicyResponseModel(GroupServiceAccountAccessPolicy accessPolicy)
: base(accessPolicy, _objectName)
{
GroupId = accessPolicy.GroupId;
GroupName = accessPolicy.Group?.Name;
GrantedServiceAccountId = accessPolicy.GrantedServiceAccountId;
}
public GroupServiceAccountAccessPolicyResponseModel() : base(new GroupServiceAccountAccessPolicy(), _objectName)
{
}
public Guid? GroupId { get; set; }
public string? GroupName { get; set; }
public Guid? GrantedServiceAccountId { get; set; }
}
public class ServiceAccountProjectAccessPolicyResponseModel : BaseAccessPolicyResponseModel
{
private const string _objectName = "serviceAccountProjectAccessPolicy";
public ServiceAccountProjectAccessPolicyResponseModel(ServiceAccountProjectAccessPolicy accessPolicy)
: base(accessPolicy, _objectName)
{
ServiceAccountId = accessPolicy.ServiceAccountId;
GrantedProjectId = accessPolicy.GrantedProjectId;
ServiceAccountName = accessPolicy.ServiceAccount?.Name;
}
public ServiceAccountProjectAccessPolicyResponseModel()
: base(new ServiceAccountProjectAccessPolicy(), _objectName)
{
}
public Guid? ServiceAccountId { get; set; }
public string? ServiceAccountName { get; set; }
public Guid? GrantedProjectId { get; set; }
}

31
src/Api/SecretsManager/Models/Response/AccessTokenCreationResponseModel.cs Normal file
View File

@ -0,0 +1,31 @@
#nullable enable
using Bit.Core.Models.Api;
using Bit.Core.SecretsManager.Entities;
namespace Bit.Api.SecretsManager.Models.Response;
public class AccessTokenCreationResponseModel : ResponseModel
{
private const string _objectName = "accessTokenCreation";
public AccessTokenCreationResponseModel(ApiKey apiKey) : base(_objectName)
{
Id = apiKey.Id;
Name = apiKey.Name;
ClientSecret = apiKey.ClientSecret;
ExpireAt = apiKey.ExpireAt;
CreationDate = apiKey.CreationDate;
RevisionDate = apiKey.RevisionDate;
}
public AccessTokenCreationResponseModel() : base(_objectName)
{
}
public Guid Id { get; set; }
public string Name { get; set; }
public string ClientSecret { get; set; }
public DateTime? ExpireAt { get; set; }
public DateTime CreationDate { get; set; }
public DateTime RevisionDate { get; set; }
}

27
src/Api/SecretsManager/Models/Response/AccessTokenResponseModel.cs Normal file
View File

@ -0,0 +1,27 @@
using Bit.Core.Models.Api;
using Bit.Core.SecretsManager.Entities;
namespace Bit.Api.SecretsManager.Models.Response;
public class AccessTokenResponseModel : ResponseModel
{
public AccessTokenResponseModel(ApiKey apiKey, string obj = "accessToken")
: base(obj)
{
Id = apiKey.Id;
Name = apiKey.Name;
Scopes = apiKey.GetScopes();
ExpireAt = apiKey.ExpireAt;
CreationDate = apiKey.CreationDate;
RevisionDate = apiKey.RevisionDate;
}
public Guid Id { get; set; }
public string Name { get; set; }
public ICollection<string> Scopes { get; set; }
public DateTime? ExpireAt { get; set; }
public DateTime CreationDate { get; set; }
public DateTime RevisionDate { get; set; }
}

31
src/Api/SecretsManager/Models/Response/BulkDeleteResponseModel.cs Normal file
View File

@ -0,0 +1,31 @@
#nullable enable
using Bit.Core.Models.Api;
namespace Bit.Api.SecretsManager.Models.Response;
public class BulkDeleteResponseModel : ResponseModel
{
private const string _objectName = "BulkDeleteResponseModel";
public BulkDeleteResponseModel(Guid id, string error) : base(_objectName)
{
Id = id;
if (string.IsNullOrWhiteSpace(error))
{
Error = null;
}
else
{
Error = error;
}
}
public BulkDeleteResponseModel() : base(_objectName)
{
}
public Guid Id { get; set; }
public string? Error { get; set; }
}

43
src/Api/SecretsManager/Models/Response/ProjectAccessPoliciesResponseModel.cs Normal file
View File

@ -0,0 +1,43 @@
using Bit.Core.Models.Api;
using Bit.Core.SecretsManager.Entities;
namespace Bit.Api.SecretsManager.Models.Response;
public class ProjectAccessPoliciesResponseModel : ResponseModel
{
private const string _objectName = "projectAccessPolicies";
public ProjectAccessPoliciesResponseModel(IEnumerable<BaseAccessPolicy> baseAccessPolicies)
: base(_objectName)
{
if (baseAccessPolicies == null)
{
return;
}
foreach (var baseAccessPolicy in baseAccessPolicies)
switch (baseAccessPolicy)
{
case UserProjectAccessPolicy accessPolicy:
UserAccessPolicies.Add(new UserProjectAccessPolicyResponseModel(accessPolicy));
break;
case GroupProjectAccessPolicy accessPolicy:
GroupAccessPolicies.Add(new GroupProjectAccessPolicyResponseModel(accessPolicy));
break;
case ServiceAccountProjectAccessPolicy accessPolicy:
ServiceAccountAccessPolicies.Add(
new ServiceAccountProjectAccessPolicyResponseModel(accessPolicy));
break;
}
}
public ProjectAccessPoliciesResponseModel() : base(_objectName)
{
}
public List<UserProjectAccessPolicyResponseModel> UserAccessPolicies { get; set; } = new();
public List<GroupProjectAccessPolicyResponseModel> GroupAccessPolicies { get; set; } = new();
public List<ServiceAccountProjectAccessPolicyResponseModel> ServiceAccountAccessPolicies { get; set; } = new();
}

40
src/Api/SecretsManager/Models/Response/ProjectResponseModel.cs Normal file
View File

@ -0,0 +1,40 @@
using Bit.Core.Models.Api;
using Bit.Core.SecretsManager.Entities;
namespace Bit.Api.SecretsManager.Models.Response;
public class ProjectResponseModel : ResponseModel
{
private const string _objectName = "project";
public ProjectResponseModel(Project project)
: base(_objectName)
{
if (project == null)
{
throw new ArgumentNullException(nameof(project));
}
Id = project.Id.ToString();
OrganizationId = project.OrganizationId.ToString();
Name = project.Name;
CreationDate = project.CreationDate;
RevisionDate = project.RevisionDate;
}
public ProjectResponseModel() : base(_objectName)
{
}
public string Id { get; set; }
public string OrganizationId { get; set; }
public string Name { get; set; }
public DateTime CreationDate { get; set; }
public DateTime RevisionDate { get; set; }
public IEnumerable<Guid> Secrets { get; set; }
}

62
src/Api/SecretsManager/Models/Response/SecretResponseModel.cs Normal file
View File

@ -0,0 +1,62 @@
using Bit.Core.Models.Api;
using Bit.Core.SecretsManager.Entities;
namespace Bit.Api.SecretsManager.Models.Response;
public class SecretResponseModel : ResponseModel
{
private const string _objectName = "secret";
public SecretResponseModel(Secret secret) : base(_objectName)
{
if (secret == null)
{
throw new ArgumentNullException(nameof(secret));
}
Id = secret.Id.ToString();
OrganizationId = secret.OrganizationId.ToString();
Key = secret.Key;
Value = secret.Value;
Note = secret.Note;
CreationDate = secret.CreationDate;
RevisionDate = secret.RevisionDate;
Projects = secret.Projects?.Select(p => new InnerProject(p));
}
public SecretResponseModel() : base(_objectName)
{
}
public string Id { get; set; }
public string OrganizationId { get; set; }
public string Key { get; set; }
public string Value { get; set; }
public string Note { get; set; }
public DateTime CreationDate { get; set; }
public DateTime RevisionDate { get; set; }
public IEnumerable<InnerProject> Projects { get; set; }
public class InnerProject
{
public InnerProject(Project project)
{
Id = project.Id;
Name = project.Name;
}
public InnerProject()
{
}
public Guid Id { get; set; }
public string Name { get; set; }
}
}

69
src/Api/SecretsManager/Models/Response/SecretWithProjectsListResponseModel.cs Normal file
View File

@ -0,0 +1,69 @@
using Bit.Core.Models.Api;
using Bit.Core.SecretsManager.Entities;
namespace Bit.Api.SecretsManager.Models.Response;
public class SecretWithProjectsListResponseModel : ResponseModel
{
private const string _objectName = "SecretsWithProjectsList";
public SecretWithProjectsListResponseModel(IEnumerable<Secret> secrets) : base(_objectName)
{
Secrets = secrets.Select(s => new InnerSecret(s));
Projects = secrets.SelectMany(s => s.Projects).DistinctBy(p => p.Id).Select(p => new InnerProject(p));
}
public SecretWithProjectsListResponseModel() : base(_objectName)
{
}
public IEnumerable<InnerSecret> Secrets { get; set; }
public IEnumerable<InnerProject> Projects { get; set; }
public class InnerProject
{
public InnerProject(Project project)
{
Id = project.Id;
Name = project.Name;
}
public InnerProject()
{
}
public Guid Id { get; set; }
public string Name { get; set; }
}
public class InnerSecret
{
public InnerSecret(Secret secret)
{
Id = secret.Id.ToString();
OrganizationId = secret.OrganizationId.ToString();
Key = secret.Key;
CreationDate = secret.CreationDate;
RevisionDate = secret.RevisionDate;
Projects = secret.Projects?.Select(p => new InnerProject(p));
}
public InnerSecret()
{
}
public string Id { get; set; }
public string OrganizationId { get; set; }
public string Key { get; set; }
public DateTime CreationDate { get; set; }
public DateTime RevisionDate { get; set; }
public IEnumerable<InnerProject> Projects { get; set; }
}
}

37
src/Api/SecretsManager/Models/Response/ServiceAccountResponseModel.cs Normal file
View File

@ -0,0 +1,37 @@
using Bit.Core.Models.Api;
using Bit.Core.SecretsManager.Entities;
namespace Bit.Api.SecretsManager.Models.Response;
public class ServiceAccountResponseModel : ResponseModel
{
private const string _objectName = "serviceAccount";
public ServiceAccountResponseModel(ServiceAccount serviceAccount) : base(_objectName)
{
if (serviceAccount == null)
{
throw new ArgumentNullException(nameof(serviceAccount));
}
Id = serviceAccount.Id.ToString();
OrganizationId = serviceAccount.OrganizationId.ToString();
Name = serviceAccount.Name;
CreationDate = serviceAccount.CreationDate;
RevisionDate = serviceAccount.RevisionDate;
}
public ServiceAccountResponseModel() : base(_objectName)
{
}
public string Id { get; set; }
public string OrganizationId { get; set; }
public string Name { get; set; }
public DateTime CreationDate { get; set; }
public DateTime RevisionDate { get; set; }
}

21
src/Api/SecretsManager/SecretsManagerAttribute.cs Normal file
View File

@ -0,0 +1,21 @@
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Mvc.Filters;
namespace Bit.Api.SecretsManager;
[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method)]
public class SecretsManagerAttribute : Attribute, IResourceFilter
{
public void OnResourceExecuting(ResourceExecutingContext context)
{
var isDev = context.HttpContext.RequestServices.GetService<IHostEnvironment>().IsDevelopment();
var isEE = Environment.GetEnvironmentVariable("EE_TESTING_ENV") != null;
if (!isDev && !isEE)
{
context.Result = new NotFoundResult();
}
}
public void OnResourceExecuted(ResourceExecutedContext context) { }
}