forked from deqode/dq-vault
-
Notifications
You must be signed in to change notification settings - Fork 1
/
path_verify_guardian.go
151 lines (131 loc) · 4.45 KB
/
path_verify_guardian.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
package api
import (
"cloud.google.com/go/pubsub"
"context"
"encoding/base64"
"encoding/json"
"github.com/google/uuid"
"net/http"
"os"
"strings"
"time"
"github.com/hashicorp/vault/sdk/framework"
"github.com/hashicorp/vault/sdk/logical"
"github.com/alfred-hq/dq-vault/api/helpers"
"github.com/alfred-hq/dq-vault/config"
"github.com/alfred-hq/dq-vault/logger"
)
// pathPassphrase corresponds to POST gen/passphrase.
func (b *backend) pathVerifyGuardian(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
// var err error
backendLogger := b.logger
// obtain details:
identifier := d.Get("identifier").(string)
guardianLinkPathEncoded := d.Get("path").(string)
guardianLinkPathDecodedBytes, err := base64.StdEncoding.DecodeString(guardianLinkPathEncoded)
if err != nil {
logger.Log(backendLogger, config.Error, "verifyGuardian: Malformed base64 encoded string", err.Error())
return nil, logical.CodedError(http.StatusUnprocessableEntity, err.Error())
}
guardianLinkPath := string(guardianLinkPathDecodedBytes)
values := strings.Split(guardianLinkPath, "_")
if values[0] != identifier {
return &logical.Response{
Data: map[string]interface{}{
"status": false,
"remarks": "Identifier mismatch!",
},
}, nil
}
// path where user data is stored
path := config.StorageBasePath + identifier
entry, err := req.Storage.Get(ctx, path)
if err != nil {
logger.Log(backendLogger, config.Error, "updateGuardian: could not fetch data from storage", err.Error())
return nil, logical.CodedError(http.StatusUnprocessableEntity, err.Error())
}
// Get User data
var userData helpers.UserDetails
err = entry.DecodeJSON(&userData)
if err != nil {
logger.Log(backendLogger, config.Error, "updateGuardian: could not encode JSON", err.Error())
return nil, logical.CodedError(http.StatusUnprocessableEntity, err.Error())
}
if helpers.StringInSlice(values[1], userData.Guardians) {
return &logical.Response{
Data: map[string]interface{}{
"status": false,
"remarks": "Guardian already added!",
},
}, nil
}
guardianInd := -1
for guardianIndex, guardian := range userData.UnverifiedGuardians {
if guardian == values[1] {
guardianInd = guardianIndex
}
}
if guardianInd == -1 {
return &logical.Response{
Data: map[string]interface{}{
"status": false,
"remarks": "Cannot verify as you have been removed as guardian!",
},
}, nil
}
if userData.UnverifiedGuardians[guardianInd] != values[1] {
return &logical.Response{
Data: map[string]interface{}{
"status": false,
"remarks": "Email mismatch!",
},
}, nil
}
expiryTime := userData.GuardiansAddLinkInitiation[guardianInd] + 604800
if time.Now().Unix() > expiryTime {
return &logical.Response{
Data: map[string]interface{}{
"status": false,
"remarks": "Link Expired!",
},
}, nil
}
userData.Guardians[guardianInd] = userData.UnverifiedGuardians[guardianInd]
userData.GuardiansAddLinkInitiation[guardianInd] = 0
//userData.UnverifiedGuardians[guardianInd] = ""
id := uuid.New()
guardianId := id.String()
userData.GuardianIdentifiers[guardianInd] = guardianId
store, err := logical.StorageEntryJSON(path, userData)
if err != nil {
logger.Log(backendLogger, config.Error, "updateGuardian: could not get storage entry", err.Error())
return nil, logical.CodedError(http.StatusExpectationFailed, err.Error())
}
// put user information in store
if err = req.Storage.Put(ctx, store); err != nil {
logger.Log(backendLogger, config.Error, "updateGuardian: could not put user information in store", err.Error())
return nil, logical.CodedError(http.StatusExpectationFailed, err.Error())
}
mailFormat := &helpers.MailFormatGuardianVerified{To: userData.Guardians[guardianInd], Purpose: "VERIFY_GUARDIAN", MFASource: "email"}
mailFormatJson, _ := json.Marshal(mailFormat)
pubsubTopic := os.Getenv("PUBSUB_TOPIC")
gcpProject := os.Getenv("GCP_PROJECT")
newCtx := context.Background()
client, err := pubsub.NewClient(ctx, gcpProject)
if err != nil {
return nil, logical.CodedError(http.StatusUnprocessableEntity, err.Error())
}
t := client.Topic(pubsubTopic)
res := t.Publish(newCtx, &pubsub.Message{Data: mailFormatJson})
_, err = res.Get(newCtx)
if err != nil {
return nil, logical.CodedError(http.StatusUnprocessableEntity, err.Error())
}
// return response
return &logical.Response{
Data: map[string]interface{}{
"status": true,
"remarks": "guardian verified successfully!",
},
}, nil
}