Skip to content
Permalink
Browse files

admin can view user-requests

  • Loading branch information
stremovsky committed Jan 13, 2020
1 parent 843e7ec commit d409b05bbfff49c73a8f24a1dd772d128e76c351
Showing with 349 additions and 1 deletion.
  1. +1 −1 build.sh
  2. +3 −0 src/bunker.go
  3. +4 −0 src/qldb.go
  4. +101 −0 src/requests_api.go
  5. +55 −0 src/requests_db.go
  6. +185 −0 ui/site/admin-view-requests.html
@@ -3,7 +3,7 @@ go build -ldflags "-w" -o databunker ./src/bunker.go ./src/qldb.go ./src/xtokens
./src/utils.go ./src/cryptor.go ./src/notify.go \
./src/audit_db.go ./src/audit_api.go \
./src/sms.go ./src/email.go \
./src/requests_db.go \
./src/requests_db.go ./src/requests_api.go \
./src/users_db.go ./src/users_api.go \
./src/userapps_db.go ./src/userapps_api.go \
./src/sessions_db.go ./src/sessions_api.go \
@@ -172,6 +172,9 @@ func (e mainEnv) setupRouter() *httprouter.Router {
router.POST("/v1/sharedrecord/token/:token", e.newSharedRecord)
router.GET("/v1/get/:record", e.getRecord)

router.GET("/v1/request/:request", e.getUserRequest)
router.GET("/v1/requests", e.getUserRequests)

router.GET("/v1/consent/:mode/:address", e.consentAllUserRecords)
router.GET("/v1/consent/:mode/:address/:brief", e.consentUserRecord)
router.GET("/v1/consents/:brief", e.consentFilterRecords)
@@ -987,6 +987,10 @@ func initRequests(db *sql.DB) error {
if err != nil {
return err
}
_, err = tx.Exec(`CREATE INDEX requests_status ON requests (status);`)
if err != nil {
return err
}
if err = tx.Commit(); err != nil {
return err
}
@@ -0,0 +1,101 @@
package main

import (
"fmt"
"net/http"

"github.com/julienschmidt/httprouter"
)

func (e mainEnv) getUserRequests(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
if e.enforceAuth(w, r, nil) == "" {
return
}
var offset int32
var limit int32 = 10
status := "open"
args := r.URL.Query()
if value, ok := args["offset"]; ok {
offset = atoi(value[0])
}
if value, ok := args["limit"]; ok {
limit = atoi(value[0])
}
if value, ok := args["status"]; ok {
status = value[0]
}
resultJSON, counter, err := e.db.getRequests(status, offset, limit)
if err != nil {
returnError(w, r, "internal error", 405, err, nil)
return
}
fmt.Printf("Total count of user requests: %d\n", counter)
//fmt.Fprintf(w, "<html><head><title>title</title></head>")
w.Header().Set("Access-Control-Allow-Origin", "*")
w.Header().Set("Content-Type", "application/json; charset=utf-8")
w.WriteHeader(200)
str := fmt.Sprintf(`{"status":"ok","total":%d,"rows":%s}`, counter, resultJSON)
w.Write([]byte(str))
}

func (e mainEnv) getUserRequest(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
request := ps.ByName("request")
event := audit("get request by request token", request, "request", request)
defer func() { event.submit(e.db) }()

if enforceUUID(w, request, event) == false {
return
}
requestInfo, err := e.db.getRequest(request)
if err != nil {
fmt.Printf("%d access denied for: %s\n", http.StatusForbidden, request)
w.WriteHeader(http.StatusForbidden)
w.Write([]byte("Access denied"))
return
}
var resultJSON []byte
userTOKEN := ""
appName := ""
change := ""
if value, ok := requestInfo["token"]; ok {
userTOKEN = value.(string)
}
if value, ok := requestInfo["change"]; ok {
change = value.(string)
}
if value, ok := requestInfo["app"]; ok {
appName = value.(string)
}
if len(appName) > 0 {
resultJSON, err = e.db.getUserApp(userTOKEN, appName)
} else {
resultJSON, err = e.db.getUser(userTOKEN)
}
if err != nil {
returnError(w, r, "internal error", 405, err, event)
return
}
if resultJSON == nil {
returnError(w, r, "not found", 405, err, event)
return
}
fmt.Printf("Full json: %s\n", resultJSON)
w.Header().Set("Content-Type", "application/json; charset=utf-8")
w.WriteHeader(200)
var str string

if len(appName) > 0 {
str = fmt.Sprintf(`"status":"ok","app":"%s"`, appName)
} else {
str = fmt.Sprintf(`"status":"ok"`)
}
if len(resultJSON) > 0 {
str = fmt.Sprintf(`%s,"original":%s`, str, resultJSON)
}
if len(change) > 0 {
str = fmt.Sprintf(`%s,"change":%s`, str, change)
}
str = fmt.Sprintf(`{%s}`, str)
fmt.Printf("result: %s\n", str)
w.Write([]byte(str))
}
@@ -1,6 +1,9 @@
package main

import (
"encoding/json"
"fmt"
"log"
"time"

uuid "github.com/hashicorp/go-uuid"
@@ -38,3 +41,55 @@ func (dbobj dbcon) saveUserRequest(action string, token string, app string, chan
_, err := dbobj.createRecord(TblName.Requests, &bdoc)
return rtoken, err
}

func (dbobj dbcon) getRequests(status string, offset int32, limit int32) ([]byte, int64, error) {
//var results []*auditEvent
count, err := dbobj.countRecords(TblName.Requests, "status", status)
if err != nil {
return nil, 0, err
}
var results []bson.M
records, err := dbobj.getList(TblName.Requests, "status", status, offset, limit)
if err != nil {
return nil, 0, err
}
for _, element := range records {
element["more"] = false
if _, ok := element["change"]; ok {
element["more"] = true
element["change"] = ""
}
results = append(results, element)
}

resultJSON, err := json.Marshal(records)
if err != nil {
return nil, 0, err
}
//fmt.Printf("Found multiple documents (array of pointers): %+v\n", results)
return resultJSON, count, nil
}

func (dbobj dbcon) getRequest(rtoken string) (bson.M, error) {
//var results []*auditEvent
record, err := dbobj.getRecord(TblName.Requests, "rtoken", rtoken)
if err != nil {
return record, err
}
fmt.Printf("request record: %s\n", record)
userTOKEN := ""
change := ""
if value, ok := record["token"]; ok {
userTOKEN = value.(string)
}
if value, ok := record["change"]; ok {
change = value.(string)
}
//recBson := bson.M{}
if len(change) > 0 {
change2, _ := dbobj.userDecrypt(userTOKEN, change)
log.Printf("change: %s", change2)
record["change"] = change2
}
return record, nil
}
@@ -0,0 +1,185 @@
<!doctype html>
<html>

<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
<title>Data Bunker - admin / view user requests</title>
<link href='https://fonts.googleapis.com/css?family=Roboto' rel='stylesheet' type='text/css'>
<link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/css/bootstrap.min.css"
integrity="sha384-ggOyR0iXCbMQv3Xipma34MD+dH/1fQ784/j6cY/iJTQUOhcWr7x9JvoRxT2MZw1T" crossorigin="anonymous">
<link rel="stylesheet" href="https://use.fontawesome.com/releases/v5.6.3/css/all.css"
integrity="sha384-UHRtZLI+pbxtHCWp1t77Bi1L4ZtiqrqD80Kn4Z8NTSRyMA2Fd33n5dQ8lWUE00s/" crossorigin="anonymous">
<link rel="stylesheet" href="https://unpkg.com/bootstrap-table@1.15.5/dist/bootstrap-table.min.css">
<link rel="stylesheet" href="style.css">

<script src="https://code.jquery.com/jquery-3.3.1.min.js"
integrity="sha256-FgpCb/KJQlLNfOu91ta32o/NMZxltwRo8QtmkMRdAu8=" crossorigin="anonymous"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.7/umd/popper.min.js"
integrity="sha384-UO2eT0CpHqdSJQ6hJty5KVphtPhzWj9WO1clHTMGa3JDZwrnQq4sF86dIHNDz0W1"
crossorigin="anonymous"></script>
<script src="https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/js/bootstrap.min.js"
integrity="sha384-JjSmVgyd0p3pXB1rRibZUAYoIIy6OrQ6VrjIEaFf/nJGzIxFDsf4x0xIM+B07jRM"
crossorigin="anonymous"></script>
<script src="https://unpkg.com/bootstrap-table@1.15.5/dist/bootstrap-table.min.js"></script>
<script src="https://unpkg.com/bootstrap-table@1.15.5/dist/bootstrap-table.min.js"></script>

<script src="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/9.15.10/highlight.min.js"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/9.15.10/languages/json.min.js"></script>
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/9.15.10/styles/a11y-dark.min.css">

<script>
var xtoken = window.localStorage.getItem('xtoken');
var token = window.localStorage.getItem('token');
function displayTargetObject(target, row, index) {
if (row.mode) {
return '(' + row.mode + ') ' + target;
}
return target;
}
function displayActivity(action, row, index) {
var app = '';
if (row.app) {
app = '(' + row.app + ') ';
}
result = '';
if (row.status && row.status == "ok") {
result = '<i class="fas fa-check"></i>&nbsp;' + app + action;
} else {
result = '<i class="fas fa-times"></i>&nbsp;' + app + action;
}
return result;
}
function displayDrillDownLink(rtoken, row, index) {
console.log(row);
return '<a href=\'javascript:displayRequest(\"' + rtoken + '\");\'>*</a>';
}
var confirmModal;

function displayRequest(rtoken) {
var xhr0 = new XMLHttpRequest();
// first save consent
xhr0.open('GET', '/v1/request/' + rtoken, false);
xhr0.setRequestHeader("X-Bunker-Token", xtoken)
xhr0.setRequestHeader('Content-type', 'application/json');
xhr0.onload = function () {
if (xhr0.status === 200) {
console.log(xhr0.responseText);
//$('#drilldown').html(xhr0.responseText)
//$('#drilldown').append("HELLO");
var data = JSON.parse(xhr0.responseText);
if (data.status == "ok") {
var d = JSON.stringify(data, null, 4);
setTimeout(function () {
$('#drilldown').html('<code class="json">' + d + '</code>');
document.querySelectorAll('pre code').forEach((block) => {
hljs.highlightBlock(block);
});
}, 300);
}
}
}
xhr0.send();

var heading = "Request drill down";
var text = "Display event: " + rtoken;
var cancelButtonTxt = "Close popup";
if (confirmModal) {
$('#request-event-text').text(text)
confirmModal.modal('show');
return;
}
confirmModal =
$('<div class="modal fade" role="dialog"><div class="modal-dialog" role="document"><div class="modal-content">' +
'<div class="modal-header">' +
'<h5 class="modal-title">' + heading + '</h5>' +
'<button type="button" class="close" data-dismiss="modal" aria-label="Close">' +
'<span aria-hidden="true">&times;</span></button>' +
'</div>' +
'<div class="modal-body">' +
'<p id="request-event-text">' + text + '</p>' +
'<pre id="drilldown"></pre>' +
'</div>' +
'<div class="modal-footer">' +
'<a href="#" class="btn" data-dismiss="modal">' +
cancelButtonTxt +
'</a>' +
'</div>' +
'</div></div></div>');

confirmModal.find('#okButton').click(function (event) {
//callback();
//cancelConsent(brief);
confirmModal.modal('hide');
});

confirmModal.modal('show');
}

$(function () {
//$('#msg').text("Loading data")
//token = "faa006da-475e-45c6-a4a1-6586dce8b8d2";
$('#table').bootstrapTable({
/*data: mydata */
url: "/v1/requests",
undefinedText: 'n/a',
/* url: "data1.json", */
method: "GET",
ajaxOptions: {
headers: { "X-Bunker-Token": xtoken },
crossDomain: true
},
showExtendedPagination: true,
sidePagination: "server",
pagination: true,
search: false,
classes: "table",
onLoadError: function (status, res) {
console.log(status);
if (status > 400 && status < 500) {
document.location = "/";
}
}
});
});
</script>
<script src="site.js"></script>
</head>

<body>
<div class="container">
<div class="row col-md-12">
<div style="width:100%;">
<nav class="navbar navbar-expand-lg navbar-light bg-light">
<a class="navbar-brand" href="#">Admin</a>
<button class="navbar-toggler" type="button" data-toggle="collapse" data-target="#navbarNavAltMarkup"
aria-controls="navbarNavAltMarkup" aria-expanded="false" aria-label="Toggle navigation">
<span class="navbar-toggler-icon"></span>
</button>
<div class="collapse navbar-collapse" id="navbarNavAltMarkup">
<div class="navbar-nav">
<a class="nav-item nav-link active" href="admin-view-requests.html">User requests</a>
<a class="nav-item nav-link" href="javascript:bunker_logout();">Logout</a>
</div>
</div>
</nav>
</div>
<div class="bigblock">
<h4>User requests</h4>
<p id="msg">All open requests listed below.</p>
<table id="table" class="table">
<thead>
<tr>
<th scope="col-1" data-field="when" data-formatter="dateFormat">Time</th>
<th scope="col-2" data-field="token" data-formatter="displayTargetObject">User Record Identifier</th>
<th scope="col-4" data-field="action" data-formatter="displayActivity">Activity</th>
<th scope="col-1" data-field="rtoken" data-formatter="displayDrillDownLink">More</th>
</tr>
</thead>
</table>
</div>
</div>
</div>
</body>

</html>

0 comments on commit d409b05

Please sign in to comment.
You can’t perform that action at this time.