nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-04-06 05:28:15 -05:00
Code

Subvault APIs

Browse Source
This commit is contained in:
Kyle Spearrin 2017-03-07 23:06:14 -05:00
parent 7ca8629a13
commit 7f4e79af63
16 changed files with 363 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/Api/Controllers/FoldersController.cs
View File

@ -35,7 +35,7 @@ namespace Bit.Api.Controllers
public async Task<FolderResponseModel> Get(string id) public async Task<FolderResponseModel> Get(string id)
{ {
var userId = _userService.GetProperUserId(User).Value; var userId = _userService.GetProperUserId(User).Value;
var folder = await _cipherRepository.GetByIdAsync(new Guid(id), _userService.GetProperUserId(User).Value); var folder = await _cipherRepository.GetByIdAsync(new Guid(id), userId);
if(folder == null || folder.Type != Core.Enums.CipherType.Folder) if(folder == null || folder.Type != Core.Enums.CipherType.Folder)
{ {
throw new NotFoundException(); throw new NotFoundException();

96
src/Api/Controllers/SubvaultsController.cs Normal file
View File

@ -0,0 +1,96 @@
using System;
using System.Linq;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Mvc;
using Bit.Core.Repositories;
using Microsoft.AspNetCore.Authorization;
using Bit.Api.Models;
using Bit.Core.Exceptions;
using Bit.Core.Services;
namespace Bit.Api.Controllers
{
[Route("subvaults")]
[Authorize("Application")]
public class SubvaultsController : Controller
{
private readonly ISubvaultRepository _subvaultRepository;
private readonly IUserService _userService;
public SubvaultsController(
ISubvaultRepository subvaultRepository,
IUserService userService)
{
_subvaultRepository = subvaultRepository;
_userService = userService;
}
[HttpGet("{id}")]
public async Task<SubvaultResponseModel> Get(string id)
{
var userId = _userService.GetProperUserId(User).Value;
var subvault = await _subvaultRepository.GetByIdAdminUserIdAsync(new Guid(id), userId);
if(subvault == null)
{
throw new NotFoundException();
}
return new SubvaultResponseModel(subvault);
}
[HttpGet("")]
public async Task<ListResponseModel<SubvaultResponseModel>> Get()
{
var subvaults = await _subvaultRepository.GetManyByUserIdAsync(_userService.GetProperUserId(User).Value);
var responses = subvaults.Select(s => new SubvaultResponseModel(s));
return new ListResponseModel<SubvaultResponseModel>(responses);
}
[HttpGet("organization/{organizationId}")]
public async Task<ListResponseModel<SubvaultResponseModel>> GetByOrganization(string organizationId)
{
var subvaults = await _subvaultRepository.GetManyByOrganizationIdAdminUserIdAsync(new Guid(organizationId),
_userService.GetProperUserId(User).Value);
var responses = subvaults.Select(s => new SubvaultResponseModel(s));
return new ListResponseModel<SubvaultResponseModel>(responses);
}
[HttpPost("")]
public async Task<SubvaultResponseModel> Post([FromBody]SubvaultCreateRequestModel model)
{
// TODO: permission check
var subvault = model.ToSubvault();
await _subvaultRepository.CreateAsync(subvault);
return new SubvaultResponseModel(subvault);
}
[HttpPut("{id}")]
[HttpPost("{id}")]
public async Task<SubvaultResponseModel> Put(string id, [FromBody]SubvaultUpdateRequestModel model)
{
var subvault = await _subvaultRepository.GetByIdAdminUserIdAsync(new Guid(id),
_userService.GetProperUserId(User).Value);
if(subvault == null)
{
throw new NotFoundException();
}
await _subvaultRepository.ReplaceAsync(model.ToSubvault(subvault));
return new SubvaultResponseModel(subvault);
}
[HttpDelete("{id}")]
[HttpPost("{id}/delete")]
public async Task Delete(string id)
{
var subvault = await _subvaultRepository.GetByIdAdminUserIdAsync(new Guid(id),
_userService.GetProperUserId(User).Value);
if(subvault == null)
{
throw new NotFoundException();
}
await _subvaultRepository.DeleteAsync(subvault);
}
}
}

35
src/Api/Models/Request/SubvaultRequestModel.cs Normal file
View File

@ -0,0 +1,35 @@
using System;
using System.ComponentModel.DataAnnotations;
using Bit.Api.Utilities;
using Bit.Core.Domains;
using Newtonsoft.Json;
namespace Bit.Api.Models
{
public class SubvaultCreateRequestModel : SubvaultUpdateRequestModel
{
public string OrganizationId { get; set; }
public Subvault ToSubvault()
{
return ToSubvault(new Subvault
{
OrganizationId = new Guid(OrganizationId)
});
}
}
public class SubvaultUpdateRequestModel
{
[Required]
[EncryptedString]
[StringLength(300)]
public string Name { get; set; }
public Subvault ToSubvault(Subvault existingSubvault)
{
existingSubvault.Name = Name;
return existingSubvault;
}
}
}

25
src/Api/Models/Response/SubvaultResponseModel.cs Normal file
View File

@ -0,0 +1,25 @@
using System;
using Bit.Core.Domains;
namespace Bit.Api.Models
{
public class SubvaultResponseModel : ResponseModel
{
public SubvaultResponseModel(Subvault subvault)
: base("subvault")
{
if(subvault == null)
{
throw new ArgumentNullException(nameof(subvault));
}
Id = subvault.Id.ToString();
OrganizationId = subvault.OrganizationId.ToString();
Name = subvault.Name;
}
public string Id { get; set; }
public string OrganizationId { get; set; }
public string Name { get; set; }
}
}

2
src/Api/Startup.cs
View File

@ -78,6 +78,8 @@ namespace Bit.Api
services.AddSingleton<IGrantRepository, SqlServerRepos.GrantRepository>(); services.AddSingleton<IGrantRepository, SqlServerRepos.GrantRepository>();
services.AddSingleton<IOrganizationRepository, SqlServerRepos.OrganizationRepository>(); services.AddSingleton<IOrganizationRepository, SqlServerRepos.OrganizationRepository>();
services.AddSingleton<IOrganizationUserRepository, SqlServerRepos.OrganizationUserRepository>(); services.AddSingleton<IOrganizationUserRepository, SqlServerRepos.OrganizationUserRepository>();
services.AddSingleton<ISubvaultRepository, SqlServerRepos.SubvaultRepository>();
services.AddSingleton<ISubvaultUserRepository, SqlServerRepos.SubvaultUserRepository>();
// Context // Context
services.AddScoped<CurrentContext>(); services.AddScoped<CurrentContext>();

19
src/Core/Domains/Subvault.cs Normal file
View File

@ -0,0 +1,19 @@
using System;
using Bit.Core.Utilities;
namespace Bit.Core.Domains
{
public class Subvault : IDataObject<Guid>
{
public Guid Id { get; set; }
public Guid OrganizationId { get; set; }
public string Name { get; set; }
public DateTime CreationDate { get; internal set; } = DateTime.UtcNow;
public DateTime RevisionDate { get; internal set; } = DateTime.UtcNow;
public void SetNewId()
{
Id = CoreHelpers.GenerateComb();
}
}
}

21
src/Core/Domains/SubvaultUser.cs Normal file
View File

@ -0,0 +1,21 @@
using System;
using Bit.Core.Utilities;
namespace Bit.Core.Domains
{
public class SubvaultUser : IDataObject<Guid>
{
public Guid Id { get; set; }
public Guid SubvaultId { get; set; }
public Guid UserId { get; set; }
public bool Admin { get; set; }
public bool ReadOnly { get; set; }
public DateTime CreationDate { get; internal set; } = DateTime.UtcNow;
public DateTime RevisionDate { get; internal set; } = DateTime.UtcNow;
public void SetNewId()
{
Id = CoreHelpers.GenerateComb();
}
}
}

15
src/Core/Repositories/ISubvaultRepository.cs Normal file
View File

@ -0,0 +1,15 @@
using System;
using System.Threading.Tasks;
using Bit.Core.Domains;
using System.Collections.Generic;
namespace Bit.Core.Repositories
{
public interface ISubvaultRepository : IRepository<Subvault, Guid>
{
Task<Subvault> GetByIdAdminUserIdAsync(Guid id, Guid userId);
Task<ICollection<Subvault>> GetManyByOrganizationIdAdminUserIdAsync(Guid organizationId, Guid userId);
Task<ICollection<Subvault>> GetManyByUserIdAsync(Guid userId);
}
}

11
src/Core/Repositories/ISubvaultUserRepository.cs Normal file
View File

@ -0,0 +1,11 @@
using System;
using System.Threading.Tasks;
using Bit.Core.Domains;
namespace Bit.Core.Repositories
{
public interface ISubvaultUserRepository : IRepository<SubvaultUser, Guid>
{
}
}

61
src/Core/Repositories/SqlServer/SubvaultRepository.cs Normal file
View File

@ -0,0 +1,61 @@
using System;
using Bit.Core.Domains;
using System.Collections.Generic;
using System.Threading.Tasks;
using System.Data.SqlClient;
using System.Data;
using Dapper;
using System.Linq;
namespace Bit.Core.Repositories.SqlServer
{
public class SubvaultRepository : Repository<Subvault, Guid>, ISubvaultRepository
{
public SubvaultRepository(GlobalSettings globalSettings)
: this(globalSettings.SqlServer.ConnectionString)
{ }
public SubvaultRepository(string connectionString)
: base(connectionString)
{ }
public async Task<Subvault> GetByIdAdminUserIdAsync(Guid id, Guid userId)
{
using(var connection = new SqlConnection(ConnectionString))
{
var results = await connection.QueryAsync<Subvault>(
$"[{Schema}].[{Table}_ReadByIdAdminUserId]",
new { Id = id, UserId = userId },
commandType: CommandType.StoredProcedure);
return results.FirstOrDefault();
}
}
public async Task<ICollection<Subvault>> GetManyByOrganizationIdAdminUserIdAsync(Guid organizationId, Guid userId)
{
using(var connection = new SqlConnection(ConnectionString))
{
var results = await connection.QueryAsync<Subvault>(
$"[{Schema}].[{Table}_ReadByOrganizationIdAdminUserId]",
new { OrganizationId = organizationId, UserId = userId },
commandType: CommandType.StoredProcedure);
return results.ToList();
}
}
public async Task<ICollection<Subvault>> GetManyByUserIdAsync(Guid userId)
{
using(var connection = new SqlConnection(ConnectionString))
{
var results = await connection.QueryAsync<Subvault>(
$"[{Schema}].[{Table}_ReadByUserId]",
new { UserId = userId },
commandType: CommandType.StoredProcedure);
return results.ToList();
}
}
}
}

16
src/Core/Repositories/SqlServer/SubvaultUserRepository.cs Normal file
View File

@ -0,0 +1,16 @@
using System;
using Bit.Core.Domains;
namespace Bit.Core.Repositories.SqlServer
{
public class SubvaultUserRepository : Repository<SubvaultUser, Guid>, ISubvaultUserRepository
{
public SubvaultUserRepository(GlobalSettings globalSettings)
: this(globalSettings.SqlServer.ConnectionString)
{ }
public SubvaultUserRepository(string connectionString)
: base(connectionString)
{ }
}
}

4
src/Sql/Sql.sqlproj
View File

@ -148,5 +148,9 @@
<Build Include="dbo\Stored Procedures\User_ReadPublicKeyById.sql" /> <Build Include="dbo\Stored Procedures\User_ReadPublicKeyById.sql" />
<Build Include="dbo\Stored Procedures\OrganizationUserOrganizationDetails_ReadByUserId.sql" /> <Build Include="dbo\Stored Procedures\OrganizationUserOrganizationDetails_ReadByUserId.sql" />
<Build Include="dbo\Views\OrganizationUserOrganizationDetailsView.sql" /> <Build Include="dbo\Views\OrganizationUserOrganizationDetailsView.sql" />
<Build Include="dbo\Stored Procedures\Subvault_ReadByIdAdminUserId.sql" />
<Build Include="dbo\Views\SubvaultView.sql" />
<Build Include="dbo\Stored Procedures\Subvault_ReadByUserId.sql" />
<Build Include="dbo\Stored Procedures\Subvault_ReadByOrganizationIdAdminUserId.sql" />
</ItemGroup> </ItemGroup>
</Project> </Project>

18
src/Sql/dbo/Stored Procedures/Subvault_ReadByIdAdminUserId.sql Normal file
View File

@ -0,0 +1,18 @@
CREATE PROCEDURE [dbo].[Subvault_ReadByIdAdminUserId]
@Id UNIQUEIDENTIFIER,
@UserId UNIQUEIDENTIFIER
AS
BEGIN
SET NOCOUNT ON
SELECT
S.*
FROM
[dbo].[SubvaultView] S
INNER JOIN
[OrganizationUser] OU ON OU.[OrganizationId] = S.[OrganizationId]
WHERE
S.[Id] = @Id
AND OU.[UserId] = @UserId
AND OU.[Type] <= 1 -- Owner and admin
END

18
src/Sql/dbo/Stored Procedures/Subvault_ReadByOrganizationIdAdminUserId.sql Normal file
View File

@ -0,0 +1,18 @@
CREATE PROCEDURE [dbo].[Subvault_ReadByOrganizationIdAdminUserId]
@OrganizationId UNIQUEIDENTIFIER,
@UserId UNIQUEIDENTIFIER
AS
BEGIN
SET NOCOUNT ON
SELECT
S.*
FROM
[dbo].[SubvaultView] S
INNER JOIN
[OrganizationUser] OU ON OU.[OrganizationId] = S.[OrganizationId]
WHERE
S.[OrganizationId] = @OrganizationId
AND OU.[UserId] = @UserId
AND OU.[Type] <= 1 -- Owner and admin
END

15
src/Sql/dbo/Stored Procedures/Subvault_ReadByUserId.sql Normal file
View File

@ -0,0 +1,15 @@
CREATE PROCEDURE [dbo].[Subvault_ReadByUserId]
@UserId UNIQUEIDENTIFIER
AS
BEGIN
SET NOCOUNT ON
SELECT
S.*
FROM
[dbo].[SubvaultView] S
INNER JOIN
[SubvaultUser] SU ON SU.[SubvaultId] = S.[Id]
WHERE
SU.[UserId] = @UserId
END

6
src/Sql/dbo/Views/SubvaultView.sql Normal file
View File

@ -0,0 +1,6 @@
CREATE VIEW [dbo].[SubvaultView]
AS
SELECT
*
FROM
[dbo].[Subvault]