// AuthenticateDevice wraps the authentication logic for devices func AuthenticateDevice(r doorbot.Repositories, token string) (*doorbot.Device, error) { dr := r.DeviceRepository() device, err := dr.FindByToken(r.DB(), token) if err != nil { log.WithFields(log.Fields{ "error:": err, "device_token": token, "step": "device-get-by-token", }).Error("Api::Handlers->SecuredRouteHandler database error") return nil, err } if device == nil { log.WithFields(log.Fields{ "account_id": r.AccountScope(), "device_id": device.ID, }).Warn("Api::Handlers->SecuredRouteHandler device not found") return nil, nil } if device.IsEnabled == false { log.WithFields(log.Fields{ "account_id": r.AccountScope(), "device_id": device.ID, }).Warn("Api::Handlers->SecuredRouteHandler device disabled.") return nil, nil } return device, nil }
// Index returns people func Index(render render.Render, r doorbot.Repositories, session *auth.Authorization) { repo := r.PersonRepository() people, err := repo.All(r.DB()) if err != nil { log.WithFields(log.Fields{ "error": err, "account_id": r.AccountScope(), }).Error("Api::People->Index database error") render.JSON(http.StatusInternalServerError, doorbot.NewInternalServerErrorResponse([]string{})) return } switch session.Type { case auth.AuthorizationAdministrator: render.JSON(http.StatusOK, PeopleViewModel{People: people}) case auth.AuthorizationDevice: render.JSON(http.StatusOK, PublicPeopleViewModel{People: newPublicPeople(people)}) case auth.AuthorizationPerson: if session.Person.IsAccountManager() { render.JSON(http.StatusOK, PeopleViewModel{People: people}) return } render.JSON(http.StatusOK, PublicPeopleViewModel{People: newPublicPeople(people)}) } }
// AuthenticateAdministrator wraps the authentication logic for administrators. func AuthenticateAdministrator(r doorbot.Repositories, token string) (*doorbot.Administrator, error) { var administrator *doorbot.Administrator ar := r.AdministratorRepository() aar := r.AdministratorAuthenticationRepository() authentication, err := aar.FindByProviderIDAndToken(r.DB(), ProviderAPIToken, token) if err != nil { log.WithFields(log.Fields{ "error": err, }).Error("Auth::Authorization::AuthenticationAdministrator database error") return administrator, errors.New("Not authorized") } if authentication == nil { log.WithFields(log.Fields{ "token": token, }).Warn("Doorbot::Authorization::AuthenticateAdministrator token not found") return administrator, errors.New("Not authorized") } administrator, err = ar.Find(r.DB(), authentication.AdministratorID) if err != nil { log.Println(err) return administrator, errors.New("Doorbot::AuthenticateAdministrator ") } return administrator, nil }
// Put updates a device func Put(render render.Render, r doorbot.Repositories, params martini.Params, vm DeviceViewModel) { id, err := strconv.ParseUint(params["id"], 10, 32) if err != nil { render.JSON(http.StatusBadRequest, doorbot.NewBadRequestErrorResponse([]string{"The id must be an unsigned integer"})) return } repo := r.DeviceRepository() device, err := repo.Find(r.DB(), uint(id)) if err != nil { log.WithFields(log.Fields{ "error": err, "account_id": r.AccountScope(), "device_id": id, "step": "device-find", }).Error("Api::Devices->Put database error") render.JSON(http.StatusInternalServerError, doorbot.NewInternalServerErrorResponse([]string{})) return } if device == nil { render.JSON(http.StatusNotFound, doorbot.NewEntityNotFoundResponse([]string{"The specified device does not exists"})) return } device.Name = vm.Device.Name device.DeviceID = vm.Device.DeviceID device.Make = vm.Device.Make device.Description = vm.Device.Description device.IsEnabled = vm.Device.IsEnabled _, err = repo.Update(r.DB(), device) if err != nil { log.WithFields(log.Fields{ "error": err, "account_id": r.AccountScope(), "device_id": id, "step": "device-update", }).Error("Api::Devices->Put database error") render.JSON(http.StatusInternalServerError, doorbot.NewInternalServerErrorResponse([]string{})) return } log.WithFields(log.Fields{ "account_id": r.AccountScope(), "device_id": id, }).Info("Api::Devices->Put device updated") vm.Device = device render.JSON(http.StatusOK, vm) }
// Index action func Index(render render.Render, r doorbot.Repositories, administrator *doorbot.Administrator) { repo := r.AccountRepository() accounts, err := repo.All(r.DB()) if err != nil { render.JSON(http.StatusInternalServerError, doorbot.NewInternalServerErrorResponse([]string{})) return } render.JSON(http.StatusOK, AccountsViewModel{Accounts: accounts}) }
// Get return a specific account func Get(render render.Render, r doorbot.Repositories, params martini.Params, session *auth.Authorization) { id, err := strconv.ParseUint(params["id"], 10, 32) if err != nil { render.JSON(http.StatusBadRequest, doorbot.NewBadRequestErrorResponse([]string{"The id must be an unsigned integer"})) return } repo := r.AccountRepository() account, err := repo.Find(r.DB(), uint(id)) if err != nil { log.WithFields(log.Fields{ "account_id": id, "error": err, }).Error("Api::Accounts->Get database error.") render.JSON(http.StatusInternalServerError, doorbot.NewInternalServerErrorResponse([]string{})) return } if account == nil { render.JSON(http.StatusNotFound, doorbot.NewEntityNotFoundResponse([]string{})) return } // Switch the view model depending on who/what requests the information. switch session.Type { case auth.AuthorizationAdministrator: render.JSON(http.StatusOK, AccountViewModel{Account: account}) case auth.AuthorizationPerson: if session.Person.IsAccountManager() { render.JSON(http.StatusOK, AccountViewModel{Account: account}) return } // Display a reduced version of the account. public := PublicAccount{ ID: account.ID, Name: account.Name, Host: account.Host, } render.JSON(http.StatusOK, PublicAccountViewModel{Account: public}) default: render.Status(http.StatusForbidden) return } }
// Put updates a door func Put(render render.Render, r doorbot.Repositories, params martini.Params, vm DoorViewModel) { id, err := strconv.ParseUint(params["id"], 10, 32) if err != nil { render.JSON(http.StatusBadRequest, doorbot.NewBadRequestErrorResponse([]string{"The id must be an unsigned integer"})) return } repo := r.DoorRepository() door, err := repo.Find(r.DB(), uint(id)) if err != nil { log.WithFields(log.Fields{ "error": err, "account_id": r.AccountScope(), "door_id": id, "step": "door-find", }).Error("Api::Doors->Put database error") render.JSON(http.StatusInternalServerError, doorbot.NewInternalServerErrorResponse([]string{})) return } if door == nil { render.JSON(http.StatusNotFound, doorbot.NewEntityNotFoundResponse([]string{"The specified door does not exists"})) return } door.Name = vm.Door.Name _, err = repo.Update(r.DB(), door) if err != nil { log.WithFields(log.Fields{ "error": err, "account_id": r.AccountScope(), "door_id": id, "step": "door-update", }).Error("Api::Doors->Put database error") render.JSON(http.StatusInternalServerError, doorbot.NewInternalServerErrorResponse([]string{})) return } log.WithFields(log.Fields{ "account_id": r.AccountScope(), "door_id": vm.Door.ID, }).Error("Api::Doors->Post door updated") render.JSON(http.StatusOK, DoorViewModel{Door: door}) }
// Disable a device func Disable(render render.Render, r doorbot.Repositories, params martini.Params) { id, err := strconv.ParseUint(params["id"], 10, 32) if err != nil { render.JSON(http.StatusBadRequest, doorbot.NewBadRequestErrorResponse([]string{"the id must be an unsigned integer"})) return } repo := r.DeviceRepository() device, err := repo.Find(r.DB(), uint(id)) if err != nil { log.WithFields(log.Fields{ "error": err, "account_id": r.AccountScope(), "device_id": id, "step": "device-find", }).Error("Api::Devices->Disable database error") render.JSON(http.StatusInternalServerError, doorbot.NewInternalServerErrorResponse([]string{})) return } if device == nil { render.JSON(http.StatusNotFound, doorbot.NewEntityNotFoundResponse([]string{"The specified deevice does not exists."})) return } _, err = repo.Enable(r.DB(), device, false) if err != nil { log.WithFields(log.Fields{ "error": err, "account_id": r.AccountScope(), "device_id": id, "step": "device-disable", }).Error("Api::Devices->Disable database error") render.JSON(http.StatusInternalServerError, doorbot.NewInternalServerErrorResponse([]string{})) return } log.WithFields(log.Fields{ "account_id": r.AccountScope(), "device_id": id, }).Info("Api::Devices->Disabled device disabled") render.Status(http.StatusNoContent) }
// Register creates a new device func Register(render render.Render, r doorbot.Repositories, vm DeviceViewModel) { repo := r.DeviceRepository() device, err := repo.FindByToken(r.DB(), vm.Device.Token) if err != nil { log.WithFields(log.Fields{ "error": err, "account_id": r.AccountScope(), "device_token": vm.Device.Token, "step": "device-find", }).Error("Api::Devices->Register database error") render.Status(http.StatusInternalServerError) return } if device == nil { render.Status(http.StatusNotFound) return } device.Make = vm.Device.Make device.DeviceID = vm.Device.DeviceID device.IsEnabled = true _, err = repo.Update(r.DB(), device) if err != nil { log.WithFields(log.Fields{ "error": err, "account_id": r.AccountScope(), "device_id": device.ID, "step": "device-update", }).Error("Api::Devices->Register database error") render.Status(http.StatusInternalServerError) return } log.WithFields(log.Fields{ "account_id": r.AccountScope(), "device_id": device.ID, }).Info("Api::Devices->Put device registered") render.JSON(http.StatusOK, device) }
// Delete an account ( admin panel ) func Delete(render render.Render, r doorbot.Repositories, params martini.Params, administrator *doorbot.Administrator) { id, err := strconv.ParseUint(params["id"], 10, 32) if err != nil { render.JSON(http.StatusBadRequest, doorbot.NewBadRequestErrorResponse([]string{"The id must be an unsigned integer"})) return } repo := r.AccountRepository() account, err := repo.Find(r.DB(), uint(id)) if err != nil { log.WithFields(log.Fields{ "error": err.Error(), "account_id": account.ID, "administrator_id": administrator.ID, }).Error("Api::Accounts->Delete database find error") render.JSON(http.StatusInternalServerError, doorbot.NewInternalServerErrorResponse([]string{})) return } if account == nil { render.JSON(http.StatusNotFound, doorbot.NewEntityNotFoundResponse([]string{"The specified account does not exists."})) return } _, err = repo.Delete(r.DB(), account) if err != nil { log.WithFields(log.Fields{ "error": err.Error(), "administrator_id": administrator.ID, "account_id": account.ID, }).Error("Api::Accounts->Delete database delete error") render.JSON(http.StatusInternalServerError, doorbot.NewInternalServerErrorResponse([]string{})) return } log.WithFields(log.Fields{ "administrator_id": administrator.ID, "account_id": account.ID, }).Info("Api::Accounts->Delete account deleted by administrator.") render.Status(http.StatusNoContent) }
// Get a specific person func Get(render render.Render, r doorbot.Repositories, params martini.Params, session *auth.Authorization) { id, err := strconv.ParseUint(params["id"], 10, 32) if err != nil { render.JSON(http.StatusBadRequest, doorbot.NewBadRequestErrorResponse([]string{"The id must be an unsigned integer"})) return } repo := r.PersonRepository() person, err := repo.Find(r.DB(), uint(id)) if err != nil { log.WithFields(log.Fields{ "error": err, "account_id": r.AccountScope(), "person_id": id, }).Error("Api::People->Get database error") render.JSON(http.StatusInternalServerError, doorbot.NewInternalServerErrorResponse([]string{})) return } if person == nil { err := doorbot.NewEntityNotFoundResponse([]string{"The specified person does not exists"}) render.JSON(http.StatusNotFound, err) return } switch session.Type { case auth.AuthorizationAdministrator: render.JSON(http.StatusOK, PersonViewModel{Person: person}) case auth.AuthorizationDevice: render.JSON(http.StatusOK, PublicPersonViewModel{Person: newPublicPerson(person)}) case auth.AuthorizationPerson: // Display detailed info if the requesting user is an account manager or it is the same person if session.Person.IsAccountManager() || session.Person.ID == person.ID { render.JSON(http.StatusOK, PersonViewModel{Person: person}) return } render.JSON(http.StatusOK, PublicPersonViewModel{Person: newPublicPerson(person)}) default: render.Status(http.StatusForbidden) } }
// Index return a list of doors func Index(render render.Render, r doorbot.Repositories) { repo := r.DoorRepository() doors, err := repo.All(r.DB()) if err != nil { log.WithFields(log.Fields{ "error": err, "account_id": r.AccountScope(), }).Error("Api::Doors->Index database error") render.JSON(http.StatusInternalServerError, doorbot.NewInternalServerErrorResponse([]string{})) return } render.JSON(http.StatusOK, DoorsViewModel{Doors: doors}) }
// Post create a new account ( using the admin panel ) func Post(render render.Render, r doorbot.Repositories, vm AccountViewModel, administrator *doorbot.Administrator) { repo := r.AccountRepository() exists, err := repo.FindByHost(r.DB(), vm.Account.Host) if err != nil { log.WithFields(log.Fields{ "error": err, "host": vm.Account.Host, }).Error("Api::Accounts->Post database error") render.JSON(http.StatusInternalServerError, doorbot.NewInternalServerErrorResponse([]string{})) return } if exists != nil { log.WithFields(log.Fields{ "host": vm.Account.Host, }).Warn("Api::Accounts->Post Host already registered") render.JSON(http.StatusConflict, doorbot.NewConflictErrorResponse([]string{"The specified host is already registered."})) return } err = repo.Create(r.DB(), vm.Account) if err != nil { log.WithFields(log.Fields{ "error": err, "host": vm.Account.Host, }).Error("Api::Accounts->Post database error.") render.JSON(http.StatusInternalServerError, doorbot.NewInternalServerErrorResponse([]string{})) return } log.WithFields(log.Fields{ "administrator_id": administrator.ID, "account_id": vm.Account.ID, "host": vm.Account.Host, }).Info("Account created by administrator") render.JSON(http.StatusCreated, vm) }
// Post creates a new person func Post(render render.Render, r doorbot.Repositories, vm PersonViewModel) { repo := r.PersonRepository() err := repo.Create(r.DB(), vm.Person) if err != nil { log.WithFields(log.Fields{ "error": err, "account_id": r.AccountScope(), }).Error("Api::People->Post database error") render.JSON(http.StatusInternalServerError, doorbot.NewInternalServerErrorResponse([]string{})) return } log.WithFields(log.Fields{ "account_id": r.AccountScope(), "person_id": vm.Person.ID, }).Info("Api::People->Post person added.") render.JSON(http.StatusCreated, vm) }
// Post creates a door func Post(render render.Render, r doorbot.Repositories, vm DoorViewModel) { repo := r.DoorRepository() err := repo.Create(r.DB(), vm.Door) if err != nil { log.WithFields(log.Fields{ "error": err, "account_id": r.AccountScope(), }).Error("Api::Doors->Post database error") render.JSON(http.StatusInternalServerError, doorbot.NewInternalServerErrorResponse([]string{})) return } log.WithFields(log.Fields{ "account_id": r.AccountScope(), "door_id": vm.Door.ID, }).Error("Api::Doors->Post door created") render.JSON(http.StatusCreated, vm) }
// generateHost generates a host that isn't yet taken. func generateHost(r doorbot.Repositories, config *doorbot.DoorbotConfig) (string, error) { repo := r.AccountRepository() // Generate a random valid host name for i := 0; i < 10; i++ { tmp := strings.ToLower(security.RandomPassword(10)) exists, err := repo.FindByHost(r.DB(), tmp) if err != nil { log.WithFields(log.Fields{ "error": err, "host": tmp, }).Error("Api::Accounts->Register database error.") return "", err } if exists == nil { return tmp, nil } } return "", nil }
// Post creates a new device func Post(render render.Render, r doorbot.Repositories, vm DeviceViewModel) { repo := r.DeviceRepository() vm.Device.Token = security.GenerateAPIToken() err := repo.Create(r.DB(), vm.Device) if err != nil { log.WithFields(log.Fields{ "error": err, "account_id": r.AccountScope(), }).Error("Api::Devices->Post database error") render.JSON(http.StatusInternalServerError, doorbot.NewInternalServerErrorResponse([]string{})) return } log.WithFields(log.Fields{ "account_id": r.AccountScope(), "device_id": vm.Device.ID, }).Info("Api::Devices->Put device created") render.JSON(http.StatusCreated, vm) }
// Get return a specific door func Get(render render.Render, r doorbot.Repositories, params martini.Params) { id, err := strconv.ParseUint(params["id"], 10, 32) if err != nil { render.JSON(http.StatusBadRequest, doorbot.NewBadRequestErrorResponse([]string{"The id must be an unsigned integer"})) return } repo := r.DoorRepository() door, err := repo.Find(r.DB(), uint(id)) if door == nil || err != nil { log.WithFields(log.Fields{ "error": err, "account_id": r.AccountScope(), "door_id": id, }).Error("Api::Doors->Get database error") render.JSON(http.StatusNotFound, doorbot.NewEntityNotFoundResponse([]string{"The specified door does not exists"})) return } render.JSON(http.StatusOK, DoorViewModel{Door: door}) }
// AuthenticatePerson wraps the authentication logic for people func AuthenticatePerson(r doorbot.Repositories, token string) (*doorbot.Person, error) { ar := r.AuthenticationRepository() pr := r.PersonRepository() parts := strings.Split(token, ".") if len(parts) != 2 { log.WithFields(log.Fields{ "account_id": r.AccountScope(), "token": token, "parts_count": len(parts), }).Warn("Auth->AuthenticatePerson Invalid person token") return nil, nil } id, err := strconv.ParseUint(parts[0], 10, 32) if err != nil { return nil, nil } token = parts[1] authentication, err := ar.FindByProviderIDAndPersonIDAndToken(r.DB(), ProviderAPIToken, uint(id), token) if err != nil { log.WithFields(log.Fields{ "error": err, "step": "authentication-get-by-person-and-token", "person_id": id, "account_id": r.AccountScope(), "token": token, }).Error("Auth->AuthenticatePerson database error") return nil, err } if authentication == nil { log.WithFields(log.Fields{ "token": token, "person_id": id, "account_id": r.AccountScope(), }).Info("Auth->AuthenticatePerson authentication not found") return nil, nil } person, err := pr.Find(r.DB(), authentication.PersonID) if err != nil { log.WithFields(log.Fields{ "error": err, "account_id": r.AccountScope(), "person_id": id, "authentication_id": authentication.ID, "step": "person-find", }).Error("Auth->AuthenticatePerson database error") return nil, err } if person == nil { log.WithFields(log.Fields{ "token": token, "person_id": id, "account_id": r.AccountScope(), "authentication_id": authentication.ID, }).Error("Auth->AuthenticatePerson person not found") return nil, nil } return person, err }
// Sync doorbot users with a foreign data source using a bridge. func Sync(render render.Render, r doorbot.Repositories, b bridges.Bridges, a *doorbot.Account, session *auth.Authorization) { var bUsers []*doorbot.BridgeUser var registered []*doorbot.BridgeUser var err error personRepo := r.PersonRepository() bUserRepo := r.BridgeUserRepository() var bridgesToSync = []uint{bridges.BridgeHub, bridges.BridgeHipChat} for _, bridgeId := range bridgesToSync { f := func() bool { users, err := b.GetUsers(bridgeId) for _, u := range users { log.WithFields(log.Fields{"user": *u}).Info("User") } if err != nil { log.WithFields(log.Fields{ "error": err, "account_id": a.ID, "bridge_id": bridgeId, }).Error("Api::People->Sync bridge error") return false } existing, err := bUserRepo.FindByBridgeID(r.DB(), bridgeId) if err != nil { log.WithFields(log.Fields{ "error": err, "account_id": r.AccountScope(), "step": "bridge-user-find-by-bridge-id", "bridge_id": bridgeId, }).Error("Api::People->Sync database error") return false } registered = append(registered, existing...) bUsers = append(bUsers, users...) return true } f() } tx, err := r.Transaction() if err != nil { log.WithFields(log.Fields{ "error": err, "account_id": r.AccountScope(), "step": "transaction-create", }).Error("Api::People->Sync database error") render.JSON(http.StatusInternalServerError, doorbot.NewInternalServerErrorResponse([]string{})) return } var buser *doorbot.BridgeUser for _, u := range bUsers { log.WithFields(log.Fields{ "account_id": r.AccountScope(), "bridge_user_id": u.UserID, "bridge_user_email": u.Email, "bridge_user_name": u.Name, }).Debug("Api::People->Sync bridge user") buser = findRegistered(registered, u.UserID) if buser != nil { log.WithFields(log.Fields{ "account_id": r.AccountScope(), "bridge_user_id": buser.UserID, "person_id": buser.PersonID, }).Debug("Api::People->Sync registered user found") person, err := personRepo.Find(tx, buser.PersonID) if err != nil { log.WithFields(log.Fields{ "error": err, "account_id": r.AccountScope(), "bridge_user_id": buser.UserID, "person_id": buser.PersonID, "step": "person-find-from-bridge-id", }).Error("Api::People->Sync database error") break } person.Name = u.Name person.Email = u.Email person.PhoneNumber = u.PhoneNumber _, err = personRepo.Update(tx, person) if err != nil { log.WithFields(log.Fields{ "error": err, "account_id": r.AccountScope(), "bridge_user_id": buser.UserID, "person_id": buser.PersonID, "step": "person-update-from-bridge-data", }).Error("Api::People->Sync database error") break } log.WithFields(log.Fields{ "account_id": r.AccountScope(), "bridge_user_id": buser.UserID, "person_id": buser.PersonID, }).Info("Api::People->Sync person updated from bridge data") continue } log.WithFields(log.Fields{ "account_id": r.AccountScope(), "bridge_user_id": u.UserID, "bridge_user_email": u.Email, "bridge_user_name": u.Name, }).Info("Api::People->Sync new bridge user") // User does not exists. Create them args := doorbot.PersonArguments{ Name: u.Name, Email: u.Email, } person := doorbot.NewPerson(args) err = personRepo.Create(tx, person) if err != nil { log.WithFields(log.Fields{ "error": err, "account_id": r.AccountScope(), "bridge_user_id": buser.UserID, "step": "person-create-from-bridge-data", }).Error("Api::People->Sync database error") break } u.PersonID = person.ID err = bUserRepo.Create(tx, u) if err != nil { log.WithFields(log.Fields{ "error": err, "account_id": r.AccountScope(), "bridge_user_id": buser.UserID, "step": "bridge-user-create", }).Error("Api::People->Sync database error") break } continue } if err != nil { log.WithFields(log.Fields{ "error": err, "account_id": r.AccountScope(), }).Error("Api::People->Sync error") tx.Rollback() render.JSON(http.StatusInternalServerError, doorbot.NewInternalServerErrorResponse([]string{})) return } err = tx.Commit() if err != nil { log.WithFields(log.Fields{ "error": err, "account_id": r.AccountScope(), "step": "transaction-commit", }).Error("Api::People->Sync database error") render.JSON(http.StatusInternalServerError, doorbot.NewInternalServerErrorResponse([]string{})) return } log.WithFields(log.Fields{ "account_id": r.AccountScope(), }).Info("Api::People->Sync bridge sync completed.") render.Status(http.StatusNoContent) }
// Delete a person func Delete(render render.Render, r doorbot.Repositories, params martini.Params, a *doorbot.Account, session *auth.Authorization) { id, err := strconv.ParseUint(params["id"], 10, 32) if err != nil { render.JSON(http.StatusBadRequest, doorbot.NewBadRequestErrorResponse([]string{"The id must be an unsigned integer"})) return } var logFields log.Fields var logMessage string switch session.Type { case auth.AuthorizationAdministrator: logFields = log.Fields{ "account_id": r.AccountScope(), "person_id": id, "admnistrator_id": session.Administrator.ID, } logMessage = "Api::People->Delete user deleted by administrator" case auth.AuthorizationPerson: if !session.Person.IsAccountManager() { log.WithFields(log.Fields{ "account_id": r.AccountScope(), "person_id": id, "request_person_id": session.Person.ID, }).Warn("Api::People->Delete forbidden") render.Status(http.StatusForbidden) return } logFields = log.Fields{ "account_id": r.AccountScope(), "person_id": id, "modified_by_id": session.Person.ID, } logMessage = "Api::People->Put user deleted by user" default: log.WithFields(log.Fields{ "account_id": r.AccountScope(), "person_id": id, "request_person_id": session.Person.ID, }).Warn("Api::People->Delete forbidden") render.Status(http.StatusForbidden) return } repo := r.PersonRepository() person, err := repo.Find(r.DB(), uint(id)) if err != nil { log.WithFields(log.Fields{ "error": err, "account_id": r.AccountScope(), "person_id": person.ID, "step": "person-find", }).Error("Api::People->Delete database error") render.JSON(http.StatusInternalServerError, doorbot.NewInternalServerErrorResponse([]string{})) return } if person == nil { render.JSON(http.StatusNotFound, doorbot.NewEntityNotFoundResponse([]string{"The specified person does not exists"})) return } _, err = repo.Delete(r.DB(), person) if err != nil { log.WithFields(log.Fields{ "error": err, "account_id": r.AccountScope(), "person_id": person.ID, "step": "person-delete", }).Error("Api::People->Delete database error") render.Status(http.StatusInternalServerError) return } log.WithFields(logFields).Info(logMessage) render.Status(http.StatusNoContent) }
// Put updates a person func Put(render render.Render, r doorbot.Repositories, params martini.Params, vm PersonViewModel, session *auth.Authorization) { id, err := strconv.ParseUint(params["id"], 10, 32) if err != nil { render.JSON(http.StatusBadRequest, doorbot.NewBadRequestErrorResponse([]string{"The id must be an unsigned integer"})) return } var logFields log.Fields var logMessage string canUpdateAccountType := false switch session.Type { case auth.AuthorizationAdministrator: logFields = log.Fields{ "account_id": r.AccountScope(), "person_id": id, "admnistrator_id": session.Administrator.ID, } logMessage = "Api::People->Put user updated by administrator" canUpdateAccountType = true case auth.AuthorizationPerson: if uint(id) != session.Person.ID { if session.Person.IsAccountManager() { canUpdateAccountType = true } else { log.WithFields(log.Fields{ "account_id": r.AccountScope(), "person_id": id, "request_person_id": session.Person.ID, }).Warn("Api::People->Delete forbidden") render.Status(http.StatusForbidden) return } } logFields = log.Fields{ "account_id": r.AccountScope(), "person_id": id, "request_person_id": session.Person.ID, } logMessage = "Api::People->Put user updated by user" default: log.WithFields(log.Fields{ "account_id": r.AccountScope(), "person_id": id, "request_person_id": session.Person.ID, }).Warn("Api::People->Put forbidden") render.Status(http.StatusForbidden) return } repo := r.PersonRepository() person, err := repo.Find(r.DB(), uint(id)) if err != nil { log.WithFields(log.Fields{ "error": err, "account_id": r.AccountScope(), "person_id": id, "step": "person-find", }).Error("Api::People->Put database error") render.JSON(http.StatusInternalServerError, doorbot.NewInternalServerErrorResponse([]string{})) return } if person == nil { render.JSON(http.StatusNotFound, doorbot.NewEntityNotFoundResponse([]string{"The specified person does not exists"})) return } person.Name = vm.Person.Name person.Email = vm.Person.Email person.PhoneNumber = vm.Person.PhoneNumber person.Title = vm.Person.Title person.IsVisible = vm.Person.IsVisible person.IsAvailable = vm.Person.IsAvailable person.NotificationsEnabled = vm.Person.NotificationsEnabled person.NotificationsAppEnabled = vm.Person.NotificationsAppEnabled person.NotificationsChatEnabled = vm.Person.NotificationsChatEnabled person.NotificationsEmailEnabled = vm.Person.NotificationsEmailEnabled person.NotificationsSMSEnabled = vm.Person.NotificationsSMSEnabled if canUpdateAccountType { person.AccountType = vm.Person.AccountType } _, err = repo.Update(r.DB(), person) if err != nil { log.WithFields(log.Fields{ "error": err, "account_id": r.AccountScope(), "person_id": person.ID, "request_person_id": session.Person.ID, "step": "person-update", }).Error("Api::People->Put database error") render.JSON(http.StatusInternalServerError, doorbot.NewInternalServerErrorResponse([]string{})) return } vm.Person = person log.WithFields(logFields).Info(logMessage) render.JSON(http.StatusOK, vm) }
// Notify someone their presence is needed at a given door. func Notify(render render.Render, account *doorbot.Account, r doorbot.Repositories, notificator notifications.Notificator, vm ViewModel) { notification := vm.Notification log.WithFields(log.Fields{ "account_id": account.ID, "person_id": notification.PersonID, "door_id": notification.DoorID, }).Info("Api::Notifications->Notify request") peopleRepo := r.PersonRepository() doorRepo := r.DoorRepository() person, err := peopleRepo.Find(r.DB(), notification.PersonID) if err != nil { log.WithFields(log.Fields{ "error": err, "account_id": account.ID, "person_id": notification.PersonID, "door_id": notification.DoorID, "step": "person-find", }).Error("Api::Notifications->Notify database error") render.JSON(http.StatusInternalServerError, doorbot.NewInternalServerErrorResponse([]string{})) return } if person == nil { render.JSON(http.StatusNotFound, doorbot.NewEntityNotFoundResponse([]string{"The specified person does not exists."})) log.WithFields(log.Fields{ "account_id": account.ID, "person_id": notification.PersonID, "door_id": notification.DoorID, }).Info("Api::Notifications->Notify person not found") return } if !person.IsVisible || !person.IsAvailable { log.WithFields(log.Fields{ "account_id": account.ID, "person_id": notification.PersonID, "door_id": notification.DoorID, "person_is_visible": person.IsVisible, "person_is_available": person.IsAvailable, }).Info("Api::Notifications->Notify person is not available/visible") //TODO Would there be a better status code? render.JSON(http.StatusForbidden, doorbot.NewForbiddenErrorResponse([]string{"The specified user is currently not available."})) return } //TODO Infer from the device token? door, err := doorRepo.Find(r.DB(), notification.DoorID) if err != nil { log.WithFields(log.Fields{ "error": err, "account_id": account.ID, "person_id": notification.PersonID, "door_id": notification.DoorID, "step": "door-find", }).Error("Api::Notifications->Notify database error") render.JSON(http.StatusInternalServerError, doorbot.NewInternalServerErrorResponse([]string{})) return } if door == nil { render.JSON(http.StatusNotFound, doorbot.NewEntityNotFoundResponse([]string{"The specified door does not exists."})) log.WithFields(log.Fields{ "account_id": account.ID, "person_id": person.ID, "door_id": notification.DoorID, }).Info("Api::Notifications->Notify door not found") return } notificator.KnockKnock(door, person) render.JSON(http.StatusAccepted, ViewModel{Notification: notification}) }
// Password will authenticate a person using the provided email and password. // A token will be generated if the authentication succeeds. func Password(render render.Render, account *doorbot.Account, r doorbot.Repositories, vm PasswordRequest) { personRepo := r.PersonRepository() authRepo := r.AuthenticationRepository() // Find the person by email person, err := personRepo.FindByEmail(r.DB(), vm.Authentication.Email) if err != nil { log.WithFields(log.Fields{ "error": err, "email": vm.Authentication.Email, "account_id": account.ID, "step": "find-person-by-email", }).Error("Api::Auth->Password database error") render.JSON(http.StatusUnauthorized, doorbot.NewUnauthorizedErrorResponse([]string{"Invalid email or password"})) return } if person == nil { log.WithFields(log.Fields{ "account_id": account.ID, "email": vm.Authentication.Email, "step": "find-person-by-email", }).Info("Api::Auth->Password invalid email.") render.JSON(http.StatusUnauthorized, doorbot.NewUnauthorizedErrorResponse([]string{"Invalid email or password"})) return } //Fetch the password authentication record authentication, err := authRepo.FindByPersonIDAndProviderID(r.DB(), person.ID, auth.ProviderPassword) if err != nil { log.WithFields(log.Fields{ "error": err, "account_id": account.ID, "person_id": person.ID, "step": "find-person-authentication", }).Error("Api::Auth->Password database error") render.JSON(http.StatusUnauthorized, doorbot.NewUnauthorizedErrorResponse([]string{"Invalid email or password"})) return } if authentication == nil { log.WithFields(log.Fields{ "account_id": account.ID, "person_id": person.ID, "step": "find-person-authentication", }).Info("Api::Auth->Password no authentication") render.JSON(http.StatusUnauthorized, doorbot.NewUnauthorizedErrorResponse([]string{"Invalid email or password"})) return } //Compare the passwords err = security.PasswordCompare([]byte(authentication.Token), []byte(vm.Authentication.Password)) if err != nil { log.WithFields(log.Fields{ "error": err, "person_id": person.ID, "account_id": account.ID, "step": "compare-password", }).Info("Api::Auth->Password compare password error") render.JSON(http.StatusUnauthorized, doorbot.NewUnauthorizedErrorResponse([]string{"Invalid email or password"})) return } // Find the first active API token for this person. token, err := authRepo.FindByPersonIDAndProviderID(r.DB(), person.ID, auth.ProviderAPIToken) if err != nil { log.WithFields(log.Fields{ "error": err, "account_id": account.ID, "person_id": person.ID, "step": "find-authentication", }).Error("Api::Auth->Password database error") render.JSON(http.StatusInternalServerError, doorbot.NewInternalServerErrorResponse([]string{})) return } // No active token or the person has not yet signed in. Generate a new token. if token == nil { token = &doorbot.Authentication{ PersonID: person.ID, ProviderID: auth.ProviderAPIToken, Token: security.GenerateAPIToken(), } err = authRepo.Create(r.DB(), token) if err != nil { log.WithFields(log.Fields{ "error": err, "person_id": person.ID, "account_id": account.ID, "step": "save-authentication", }).Error("Api::Auth->Password database error") render.JSON(http.StatusInternalServerError, doorbot.NewInternalServerErrorResponse([]string{})) return } } log.WithFields(log.Fields{ "account_id": account.ID, "person_id": person.ID, }).Info("Api::Auth->Password user logged in") resp := APITokenResponse{} resp.Authentication.Token = fmt.Sprintf("%d.%s", person.ID, token.Token) resp.Person = person resp.Policy = getPolicyForPerson(person) render.JSON(http.StatusOK, resp) }
func Token(render render.Render, account *doorbot.Account, r doorbot.Repositories, vm TokenRequest) { var person *doorbot.Person var device *doorbot.Device var policy *security.Policy switch vm.Authentication.Type { case auth.AuthorizationPerson: authRepo := r.AuthenticationRepository() personRepo := r.PersonRepository() authentication, err := authRepo.FindByProviderIDAndToken(r.DB(), auth.ProviderAPIToken, vm.Authentication.Token) if err != nil { log.WithFields(log.Fields{ "error": err, "account_id": account.ID, "token": vm.Authentication.Token, "step": "find-token", }).Error("Api::Auth->Token database error") render.JSON(http.StatusInternalServerError, doorbot.NewInternalServerErrorResponse([]string{})) return } if authentication == nil { log.WithFields(log.Fields{ "account_id": account.ID, "token": vm.Authentication.Token, "step": "find-token", }).Info("Api::Auth->Token no token found.") render.JSON(http.StatusUnauthorized, doorbot.NewUnauthorizedErrorResponse([]string{"Invalid token"})) return } person, err = personRepo.Find(r.DB(), authentication.PersonID) if err != nil { log.WithFields(log.Fields{ "error": err, "account_id": account.ID, "token": vm.Authentication.Token, "step": "find-person", }).Error("Api::Auth->Token database error") render.JSON(http.StatusInternalServerError, doorbot.NewInternalServerErrorResponse([]string{})) return } if person == nil { log.WithFields(log.Fields{ "account_id": account.ID, "token": vm.Authentication.Token, "step": "find-device", }).Warning("Api::Auth->Token person not found.") render.JSON(http.StatusUnauthorized, doorbot.NewUnauthorizedErrorResponse([]string{"Invalid token"})) return } policy = getPolicyForPerson(person) break case auth.AuthorizationDevice: deviceRepo := r.DeviceRepository() device, err := deviceRepo.FindByToken(r.DB(), vm.Authentication.Token) if err != nil { log.WithFields(log.Fields{ "error": err, "account_id": account.ID, "token": vm.Authentication.Token, "step": "find-device", }).Error("Api::Auth->Token database error") render.JSON(http.StatusInternalServerError, doorbot.NewInternalServerErrorResponse([]string{})) return } if device == nil { log.WithFields(log.Fields{ "account_id": account.ID, "token": vm.Authentication.Token, "step": "find-device", }).Info("Api::Auth->Token no device found.") render.JSON(http.StatusUnauthorized, doorbot.NewUnauthorizedErrorResponse([]string{"Invalid token"})) return } } resp := APITokenResponse{} resp.Authentication.Token = vm.Authentication.Token resp.Person = person resp.Policy = policy resp.Device = device render.JSON(http.StatusOK, resp) }
// Register a new account ( used by the dashboard ) func Register(render render.Render, config *doorbot.DoorbotConfig, r doorbot.Repositories, n notifications.Notificator, data RegisterViewModel) { repo := r.AccountRepository() tx, err := r.Transaction() if err != nil { log.WithFields(log.Fields{ "error": err, "step": "transaction-create", }).Error("Api::Accounts->Register database error.") render.Status(http.StatusInternalServerError) return } var host string if len(data.Account.Host) == 0 { host, err = generateHost(r, config) } else { var account *doorbot.Account account, err = repo.FindByHost(r.DB(), data.Account.Host) if account != nil { tx.Rollback() render.Status(http.StatusConflict) return } host = data.Account.Host } if err != nil { tx.Rollback() render.Status(http.StatusInternalServerError) return } if len(host) == 0 { log.WithFields(log.Fields{ "host": host, "step": "host-generation", }).Error("Api::Accounts->Register Unable to set a hostname.") tx.Rollback() render.Status(http.StatusServiceUnavailable) return } // Create the account instance account := &doorbot.Account{ Name: data.Account.Name, ContactName: data.Account.ContactName, ContactEmail: data.Account.ContactEmail, //TODO append the doorbot production domain Host: host, IsEnabled: true, } err = repo.Create(tx, account) if err != nil { tx.Rollback() log.WithFields(log.Fields{ "error": err, "host": host, "step": "account-create", }).Error("Api::Accounts->Register database error.") render.JSON(http.StatusInternalServerError, doorbot.NewInternalServerErrorResponse([]string{})) return } // Update the repositories account scopes to the one we just created. r.SetAccountScope(account.ID) // We need to create a person with a password to let them log in on the dashboard. person := &doorbot.Person{ Name: data.Account.ContactName, Email: data.Account.ContactEmail, AccountType: doorbot.AccountOwner, } ar := r.PersonRepository() err = ar.Create(tx, person) if err != nil { log.WithFields(log.Fields{ "error": err, "host": host, "email": person.Email, "step": "person-create", }).Error("Api::Accounts->Register database error.") tx.Rollback() render.Status(http.StatusInternalServerError) return } // Generate a random password password := security.RandomPassword(8) hash, err := security.PasswordCrypt([]byte(password)) if err != nil { log.WithFields(log.Fields{ "error": err, "host": host, "email": person.Email, "step": "person-password", }).Error("Api::Accounts->Register password generation error.") tx.Rollback() render.Status(http.StatusInternalServerError) return } // Create a new authentication record for the user authr := r.AuthenticationRepository() authentication := &doorbot.Authentication{ PersonID: person.ID, ProviderID: auth.ProviderPassword, Token: string(hash), } err = authr.Create(tx, authentication) if err != nil { log.WithFields(log.Fields{ "error": err, "host": host, "email": person.Email, "step": "person-authentication", }).Error("Api::Accounts->Register database error.") tx.Rollback() render.Status(http.StatusInternalServerError) return } err = tx.Commit() if err != nil { log.WithFields(log.Fields{ "error": err, "host": host, "email": person.Email, "step": "transaction-commit", }).Error("Api::Accounts->Register database error.") tx.Rollback() render.Status(http.StatusInternalServerError) return } //TODO Send an email to the user. log.WithFields(log.Fields{ "account_id": account.ID, "account_host": account.Host, "person_id": person.ID, }).Info("Account created") n.AccountCreated(account, person, password) render.JSON(http.StatusCreated, AccountViewModel{Account: account}) }
// Put updates an account ( using the admin panel ) func Put(render render.Render, a *doorbot.Account, r doorbot.Repositories, vm AccountViewModel, session *auth.Authorization) { repo := r.AccountRepository() switch session.Type { case auth.AuthorizationAdministrator: // ok case auth.AuthorizationPerson: if !session.Person.IsAccountManager() { log.WithFields(log.Fields{ "person_id": session.Person.ID, "account_id": a.ID, }).Warn("Api::Accounts->Put unauthorized user attempted to modify account.") render.Status(http.StatusForbidden) return } } a.Name = vm.Account.Name a.BridgeHubEnabled = vm.Account.BridgeHubEnabled a.BridgeHubURL = vm.Account.BridgeHubURL a.BridgeHubToken = vm.Account.BridgeHubToken a.BridgeHipChatEnabled = vm.Account.BridgeHipChatEnabled a.BridgeHipChatToken = vm.Account.BridgeHipChatToken a.BridgeSlackEnabled = vm.Account.BridgeSlackEnabled a.BridgeSlackToken = vm.Account.BridgeSlackToken a.NotificationsEmailMessageTemplate = vm.Account.NotificationsEmailMessageTemplate a.NotificationsSMSMessageTemplate = vm.Account.NotificationsSMSMessageTemplate a.NotificationsEnabled = vm.Account.NotificationsEnabled a.NotificationsMailgunEnabled = vm.Account.NotificationsMailgunEnabled a.NotificationsPostmarkEnabled = vm.Account.NotificationsPostmarkEnabled a.NotificationsMailgunEnabled = vm.Account.NotificationsMailgunEnabled a.NotificationsNexmoEnabled = vm.Account.NotificationsNexmoEnabled a.NotificationsNexmoToken = vm.Account.NotificationsNexmoToken a.NotificationsSlackEnabled = vm.Account.NotificationsSlackEnabled a.NotificationsSlackToken = vm.Account.NotificationsSlackToken a.NotificationsTwilioEnabled = vm.Account.NotificationsTwilioEnabled _, err := repo.Update(r.DB(), a) if err != nil { log.WithFields(log.Fields{ "error": err, "account_id": a.ID, }).Error("Api::Accounts->Put database error") render.JSON(http.StatusInternalServerError, doorbot.NewInternalServerErrorResponse([]string{})) return } vm.Account = a render.JSON(http.StatusOK, vm) }