// UpdateAPIKey is the handler for PUT /organizations/{globalid}/apikeys/{label} // Updates the label or other properties of a key. func (api OrganizationsAPI) UpdateAPIKey(w http.ResponseWriter, r *http.Request) { organization := mux.Vars(r)["globalid"] oldlabel := mux.Vars(r)["label"] apiKey := APIKey{} if err := json.NewDecoder(r.Body).Decode(&apiKey); err != nil { http.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest) return } if !isValidAPIKeyLabel(apiKey.Label) { log.Debug("Invalid label: ", apiKey.Label) http.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest) return } mgr := oauthservice.NewManager(r) err := mgr.UpdateClient(organization, oldlabel, apiKey.Label, apiKey.CallbackURL, apiKey.ClientCredentialsGrantType) if err != nil && db.IsDup(err) { log.Debug("Duplicate label") http.Error(w, http.StatusText(http.StatusConflict), http.StatusConflict) return } if err != nil { log.Error("Error renaming api secret label", err.Error()) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) return } w.WriteHeader(http.StatusCreated) }
// CreateNewAPIKey is the handler for POST /organizations/{globalid}/apikeys // Create a new API Key, a secret itself should not be provided, it will be generated // serverside. func (api OrganizationsAPI) CreateNewAPIKey(w http.ResponseWriter, r *http.Request) { organization := mux.Vars(r)["globalid"] apiKey := APIKey{} if err := json.NewDecoder(r.Body).Decode(&apiKey); err != nil { log.Debug("Error decoding apikey: ", err) http.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest) return } //TODO: validate key, not just the label property if !isValidAPIKeyLabel(apiKey.Label) { log.Debug("Invalid label: ", apiKey.Label) http.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest) return } log.Debug("Creating apikey:", apiKey) c := oauthservice.NewOauth2Client(organization, apiKey.Label, apiKey.CallbackURL, apiKey.ClientCredentialsGrantType) mgr := oauthservice.NewManager(r) err := mgr.CreateClient(c) if db.IsDup(err) { log.Debug("Duplicate label") http.Error(w, http.StatusText(http.StatusConflict), http.StatusConflict) return } if err != nil { log.Error("Error creating api secret label", err.Error()) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) return } apiKey.Secret = c.Secret w.Header().Set("Content-Type", "application/json") w.WriteHeader(http.StatusCreated) json.NewEncoder(w).Encode(apiKey) }
// GetCookieSecret gets the cookie secret from mongodb if it exists otherwise, generate a new one and save it func GetCookieSecret() string { session := db.GetSession() defer session.Close() config := globalconfig.NewManager() globalconfig.InitModels() cookie, err := config.GetByKey("cookieSecret") if err != nil { log.Debug("No cookie secret found, generating a new one") secret, err := generateCookieSecret(32) if err != nil { log.Panic("Cannot generate secret cookie") } cookie.Key = "cookieSecret" cookie.Value = secret err = config.Insert(cookie) // Key was inserted by another instance in the meantime if db.IsDup(err) { cookie, err = config.GetByKey("cookieSecret") if err != nil { log.Panic("Cannot retreive cookie secret") } } } log.Debug("Cookie secret: ", cookie.Value) return cookie.Value }