From 7f4e79af63e51f182d78a3aea52cf0940a4befd9 Mon Sep 17 00:00:00 2001 From: Kyle Spearrin Date: Tue, 7 Mar 2017 23:06:14 -0500 Subject: [PATCH] Subvault APIs --- src/Api/Controllers/FoldersController.cs | 2 +- src/Api/Controllers/SubvaultsController.cs | 96 +++++++++++++++++++ .../Models/Request/SubvaultRequestModel.cs | 35 +++++++ .../Models/Response/SubvaultResponseModel.cs | 25 +++++ src/Api/Startup.cs | 2 + src/Core/Domains/Subvault.cs | 19 ++++ src/Core/Domains/SubvaultUser.cs | 21 ++++ src/Core/Repositories/ISubvaultRepository.cs | 15 +++ .../Repositories/ISubvaultUserRepository.cs | 11 +++ .../SqlServer/SubvaultRepository.cs | 61 ++++++++++++ .../SqlServer/SubvaultUserRepository.cs | 16 ++++ src/Sql/Sql.sqlproj | 4 + .../Subvault_ReadByIdAdminUserId.sql | 18 ++++ ...bvault_ReadByOrganizationIdAdminUserId.sql | 18 ++++ .../Subvault_ReadByUserId.sql | 15 +++ src/Sql/dbo/Views/SubvaultView.sql | 6 ++ 16 files changed, 363 insertions(+), 1 deletion(-) create mode 100644 src/Api/Controllers/SubvaultsController.cs create mode 100644 src/Api/Models/Request/SubvaultRequestModel.cs create mode 100644 src/Api/Models/Response/SubvaultResponseModel.cs create mode 100644 src/Core/Domains/Subvault.cs create mode 100644 src/Core/Domains/SubvaultUser.cs create mode 100644 src/Core/Repositories/ISubvaultRepository.cs create mode 100644 src/Core/Repositories/ISubvaultUserRepository.cs create mode 100644 src/Core/Repositories/SqlServer/SubvaultRepository.cs create mode 100644 src/Core/Repositories/SqlServer/SubvaultUserRepository.cs create mode 100644 src/Sql/dbo/Stored Procedures/Subvault_ReadByIdAdminUserId.sql create mode 100644 src/Sql/dbo/Stored Procedures/Subvault_ReadByOrganizationIdAdminUserId.sql create mode 100644 src/Sql/dbo/Stored Procedures/Subvault_ReadByUserId.sql create mode 100644 src/Sql/dbo/Views/SubvaultView.sql diff --git a/src/Api/Controllers/FoldersController.cs b/src/Api/Controllers/FoldersController.cs index 7f39430c4e..d95bef2fe1 100644 --- a/src/Api/Controllers/FoldersController.cs +++ b/src/Api/Controllers/FoldersController.cs @@ -35,7 +35,7 @@ namespace Bit.Api.Controllers public async Task Get(string id) { var userId = _userService.GetProperUserId(User).Value; - var folder = await _cipherRepository.GetByIdAsync(new Guid(id), _userService.GetProperUserId(User).Value); + var folder = await _cipherRepository.GetByIdAsync(new Guid(id), userId); if(folder == null || folder.Type != Core.Enums.CipherType.Folder) { throw new NotFoundException(); diff --git a/src/Api/Controllers/SubvaultsController.cs b/src/Api/Controllers/SubvaultsController.cs new file mode 100644 index 0000000000..5e85c94979 --- /dev/null +++ b/src/Api/Controllers/SubvaultsController.cs @@ -0,0 +1,96 @@ +using System; +using System.Linq; +using System.Threading.Tasks; +using Microsoft.AspNetCore.Mvc; +using Bit.Core.Repositories; +using Microsoft.AspNetCore.Authorization; +using Bit.Api.Models; +using Bit.Core.Exceptions; +using Bit.Core.Services; + +namespace Bit.Api.Controllers +{ + [Route("subvaults")] + [Authorize("Application")] + public class SubvaultsController : Controller + { + private readonly ISubvaultRepository _subvaultRepository; + private readonly IUserService _userService; + + public SubvaultsController( + ISubvaultRepository subvaultRepository, + IUserService userService) + { + _subvaultRepository = subvaultRepository; + _userService = userService; + } + + [HttpGet("{id}")] + public async Task Get(string id) + { + var userId = _userService.GetProperUserId(User).Value; + var subvault = await _subvaultRepository.GetByIdAdminUserIdAsync(new Guid(id), userId); + if(subvault == null) + { + throw new NotFoundException(); + } + + return new SubvaultResponseModel(subvault); + } + + [HttpGet("")] + public async Task> Get() + { + var subvaults = await _subvaultRepository.GetManyByUserIdAsync(_userService.GetProperUserId(User).Value); + var responses = subvaults.Select(s => new SubvaultResponseModel(s)); + return new ListResponseModel(responses); + } + + [HttpGet("organization/{organizationId}")] + public async Task> GetByOrganization(string organizationId) + { + var subvaults = await _subvaultRepository.GetManyByOrganizationIdAdminUserIdAsync(new Guid(organizationId), + _userService.GetProperUserId(User).Value); + var responses = subvaults.Select(s => new SubvaultResponseModel(s)); + return new ListResponseModel(responses); + } + + [HttpPost("")] + public async Task Post([FromBody]SubvaultCreateRequestModel model) + { + // TODO: permission check + var subvault = model.ToSubvault(); + await _subvaultRepository.CreateAsync(subvault); + return new SubvaultResponseModel(subvault); + } + + [HttpPut("{id}")] + [HttpPost("{id}")] + public async Task Put(string id, [FromBody]SubvaultUpdateRequestModel model) + { + var subvault = await _subvaultRepository.GetByIdAdminUserIdAsync(new Guid(id), + _userService.GetProperUserId(User).Value); + if(subvault == null) + { + throw new NotFoundException(); + } + + await _subvaultRepository.ReplaceAsync(model.ToSubvault(subvault)); + return new SubvaultResponseModel(subvault); + } + + [HttpDelete("{id}")] + [HttpPost("{id}/delete")] + public async Task Delete(string id) + { + var subvault = await _subvaultRepository.GetByIdAdminUserIdAsync(new Guid(id), + _userService.GetProperUserId(User).Value); + if(subvault == null) + { + throw new NotFoundException(); + } + + await _subvaultRepository.DeleteAsync(subvault); + } + } +} diff --git a/src/Api/Models/Request/SubvaultRequestModel.cs b/src/Api/Models/Request/SubvaultRequestModel.cs new file mode 100644 index 0000000000..6e9bd45a3a --- /dev/null +++ b/src/Api/Models/Request/SubvaultRequestModel.cs @@ -0,0 +1,35 @@ +using System; +using System.ComponentModel.DataAnnotations; +using Bit.Api.Utilities; +using Bit.Core.Domains; +using Newtonsoft.Json; + +namespace Bit.Api.Models +{ + public class SubvaultCreateRequestModel : SubvaultUpdateRequestModel + { + public string OrganizationId { get; set; } + + public Subvault ToSubvault() + { + return ToSubvault(new Subvault + { + OrganizationId = new Guid(OrganizationId) + }); + } + } + + public class SubvaultUpdateRequestModel + { + [Required] + [EncryptedString] + [StringLength(300)] + public string Name { get; set; } + + public Subvault ToSubvault(Subvault existingSubvault) + { + existingSubvault.Name = Name; + return existingSubvault; + } + } +} diff --git a/src/Api/Models/Response/SubvaultResponseModel.cs b/src/Api/Models/Response/SubvaultResponseModel.cs new file mode 100644 index 0000000000..f7d0c94e93 --- /dev/null +++ b/src/Api/Models/Response/SubvaultResponseModel.cs @@ -0,0 +1,25 @@ +using System; +using Bit.Core.Domains; + +namespace Bit.Api.Models +{ + public class SubvaultResponseModel : ResponseModel + { + public SubvaultResponseModel(Subvault subvault) + : base("subvault") + { + if(subvault == null) + { + throw new ArgumentNullException(nameof(subvault)); + } + + Id = subvault.Id.ToString(); + OrganizationId = subvault.OrganizationId.ToString(); + Name = subvault.Name; + } + + public string Id { get; set; } + public string OrganizationId { get; set; } + public string Name { get; set; } + } +} diff --git a/src/Api/Startup.cs b/src/Api/Startup.cs index 506851e588..003ed880fb 100644 --- a/src/Api/Startup.cs +++ b/src/Api/Startup.cs @@ -78,6 +78,8 @@ namespace Bit.Api services.AddSingleton(); services.AddSingleton(); services.AddSingleton(); + services.AddSingleton(); + services.AddSingleton(); // Context services.AddScoped(); diff --git a/src/Core/Domains/Subvault.cs b/src/Core/Domains/Subvault.cs new file mode 100644 index 0000000000..af3a0afa78 --- /dev/null +++ b/src/Core/Domains/Subvault.cs @@ -0,0 +1,19 @@ +using System; +using Bit.Core.Utilities; + +namespace Bit.Core.Domains +{ + public class Subvault : IDataObject + { + public Guid Id { get; set; } + public Guid OrganizationId { get; set; } + public string Name { get; set; } + public DateTime CreationDate { get; internal set; } = DateTime.UtcNow; + public DateTime RevisionDate { get; internal set; } = DateTime.UtcNow; + + public void SetNewId() + { + Id = CoreHelpers.GenerateComb(); + } + } +} diff --git a/src/Core/Domains/SubvaultUser.cs b/src/Core/Domains/SubvaultUser.cs new file mode 100644 index 0000000000..3e51e7301d --- /dev/null +++ b/src/Core/Domains/SubvaultUser.cs @@ -0,0 +1,21 @@ +using System; +using Bit.Core.Utilities; + +namespace Bit.Core.Domains +{ + public class SubvaultUser : IDataObject + { + public Guid Id { get; set; } + public Guid SubvaultId { get; set; } + public Guid UserId { get; set; } + public bool Admin { get; set; } + public bool ReadOnly { get; set; } + public DateTime CreationDate { get; internal set; } = DateTime.UtcNow; + public DateTime RevisionDate { get; internal set; } = DateTime.UtcNow; + + public void SetNewId() + { + Id = CoreHelpers.GenerateComb(); + } + } +} diff --git a/src/Core/Repositories/ISubvaultRepository.cs b/src/Core/Repositories/ISubvaultRepository.cs new file mode 100644 index 0000000000..522f54a636 --- /dev/null +++ b/src/Core/Repositories/ISubvaultRepository.cs @@ -0,0 +1,15 @@ +using System; +using System.Threading.Tasks; +using Bit.Core.Domains; +using System.Collections.Generic; + +namespace Bit.Core.Repositories +{ + public interface ISubvaultRepository : IRepository + { + Task GetByIdAdminUserIdAsync(Guid id, Guid userId); + Task> GetManyByOrganizationIdAdminUserIdAsync(Guid organizationId, Guid userId); + Task> GetManyByUserIdAsync(Guid userId); + + } +} diff --git a/src/Core/Repositories/ISubvaultUserRepository.cs b/src/Core/Repositories/ISubvaultUserRepository.cs new file mode 100644 index 0000000000..9f1de45ac6 --- /dev/null +++ b/src/Core/Repositories/ISubvaultUserRepository.cs @@ -0,0 +1,11 @@ +using System; +using System.Threading.Tasks; +using Bit.Core.Domains; + +namespace Bit.Core.Repositories +{ + public interface ISubvaultUserRepository : IRepository + { + + } +} diff --git a/src/Core/Repositories/SqlServer/SubvaultRepository.cs b/src/Core/Repositories/SqlServer/SubvaultRepository.cs new file mode 100644 index 0000000000..95d03019a3 --- /dev/null +++ b/src/Core/Repositories/SqlServer/SubvaultRepository.cs @@ -0,0 +1,61 @@ +using System; +using Bit.Core.Domains; +using System.Collections.Generic; +using System.Threading.Tasks; +using System.Data.SqlClient; +using System.Data; +using Dapper; +using System.Linq; + +namespace Bit.Core.Repositories.SqlServer +{ + public class SubvaultRepository : Repository, ISubvaultRepository + { + public SubvaultRepository(GlobalSettings globalSettings) + : this(globalSettings.SqlServer.ConnectionString) + { } + + public SubvaultRepository(string connectionString) + : base(connectionString) + { } + + public async Task GetByIdAdminUserIdAsync(Guid id, Guid userId) + { + using(var connection = new SqlConnection(ConnectionString)) + { + var results = await connection.QueryAsync( + $"[{Schema}].[{Table}_ReadByIdAdminUserId]", + new { Id = id, UserId = userId }, + commandType: CommandType.StoredProcedure); + + return results.FirstOrDefault(); + } + } + + public async Task> GetManyByOrganizationIdAdminUserIdAsync(Guid organizationId, Guid userId) + { + using(var connection = new SqlConnection(ConnectionString)) + { + var results = await connection.QueryAsync( + $"[{Schema}].[{Table}_ReadByOrganizationIdAdminUserId]", + new { OrganizationId = organizationId, UserId = userId }, + commandType: CommandType.StoredProcedure); + + return results.ToList(); + } + } + + public async Task> GetManyByUserIdAsync(Guid userId) + { + using(var connection = new SqlConnection(ConnectionString)) + { + var results = await connection.QueryAsync( + $"[{Schema}].[{Table}_ReadByUserId]", + new { UserId = userId }, + commandType: CommandType.StoredProcedure); + + return results.ToList(); + } + } + } +} diff --git a/src/Core/Repositories/SqlServer/SubvaultUserRepository.cs b/src/Core/Repositories/SqlServer/SubvaultUserRepository.cs new file mode 100644 index 0000000000..4550bf140c --- /dev/null +++ b/src/Core/Repositories/SqlServer/SubvaultUserRepository.cs @@ -0,0 +1,16 @@ +using System; +using Bit.Core.Domains; + +namespace Bit.Core.Repositories.SqlServer +{ + public class SubvaultUserRepository : Repository, ISubvaultUserRepository + { + public SubvaultUserRepository(GlobalSettings globalSettings) + : this(globalSettings.SqlServer.ConnectionString) + { } + + public SubvaultUserRepository(string connectionString) + : base(connectionString) + { } + } +} diff --git a/src/Sql/Sql.sqlproj b/src/Sql/Sql.sqlproj index 24dcec9628..b34c099889 100644 --- a/src/Sql/Sql.sqlproj +++ b/src/Sql/Sql.sqlproj @@ -148,5 +148,9 @@ + + + + \ No newline at end of file diff --git a/src/Sql/dbo/Stored Procedures/Subvault_ReadByIdAdminUserId.sql b/src/Sql/dbo/Stored Procedures/Subvault_ReadByIdAdminUserId.sql new file mode 100644 index 0000000000..23658d760a --- /dev/null +++ b/src/Sql/dbo/Stored Procedures/Subvault_ReadByIdAdminUserId.sql @@ -0,0 +1,18 @@ +CREATE PROCEDURE [dbo].[Subvault_ReadByIdAdminUserId] + @Id UNIQUEIDENTIFIER, + @UserId UNIQUEIDENTIFIER +AS +BEGIN + SET NOCOUNT ON + + SELECT + S.* + FROM + [dbo].[SubvaultView] S + INNER JOIN + [OrganizationUser] OU ON OU.[OrganizationId] = S.[OrganizationId] + WHERE + S.[Id] = @Id + AND OU.[UserId] = @UserId + AND OU.[Type] <= 1 -- Owner and admin +END \ No newline at end of file diff --git a/src/Sql/dbo/Stored Procedures/Subvault_ReadByOrganizationIdAdminUserId.sql b/src/Sql/dbo/Stored Procedures/Subvault_ReadByOrganizationIdAdminUserId.sql new file mode 100644 index 0000000000..86853cba34 --- /dev/null +++ b/src/Sql/dbo/Stored Procedures/Subvault_ReadByOrganizationIdAdminUserId.sql @@ -0,0 +1,18 @@ +CREATE PROCEDURE [dbo].[Subvault_ReadByOrganizationIdAdminUserId] + @OrganizationId UNIQUEIDENTIFIER, + @UserId UNIQUEIDENTIFIER +AS +BEGIN + SET NOCOUNT ON + + SELECT + S.* + FROM + [dbo].[SubvaultView] S + INNER JOIN + [OrganizationUser] OU ON OU.[OrganizationId] = S.[OrganizationId] + WHERE + S.[OrganizationId] = @OrganizationId + AND OU.[UserId] = @UserId + AND OU.[Type] <= 1 -- Owner and admin +END \ No newline at end of file diff --git a/src/Sql/dbo/Stored Procedures/Subvault_ReadByUserId.sql b/src/Sql/dbo/Stored Procedures/Subvault_ReadByUserId.sql new file mode 100644 index 0000000000..2c98312417 --- /dev/null +++ b/src/Sql/dbo/Stored Procedures/Subvault_ReadByUserId.sql @@ -0,0 +1,15 @@ +CREATE PROCEDURE [dbo].[Subvault_ReadByUserId] + @UserId UNIQUEIDENTIFIER +AS +BEGIN + SET NOCOUNT ON + + SELECT + S.* + FROM + [dbo].[SubvaultView] S + INNER JOIN + [SubvaultUser] SU ON SU.[SubvaultId] = S.[Id] + WHERE + SU.[UserId] = @UserId +END \ No newline at end of file diff --git a/src/Sql/dbo/Views/SubvaultView.sql b/src/Sql/dbo/Views/SubvaultView.sql new file mode 100644 index 0000000000..429f2063f6 --- /dev/null +++ b/src/Sql/dbo/Views/SubvaultView.sql @@ -0,0 +1,6 @@ +CREATE VIEW [dbo].[SubvaultView] +AS +SELECT + * +FROM + [dbo].[Subvault]