ripple-api/app/tokens.go

package app

import (
	"crypto/md5"
	"database/sql"
	"fmt"

	"git.zxq.co/ripple/rippleapi/common"
)

// GetTokenFull retrieves an user ID and their token privileges knowing their API token.
func GetTokenFull(token string, db *sql.DB) (common.Token, bool) {
	var t common.Token
	var privs uint64
	var priv8 bool
	err := db.QueryRow("SELECT id, user, privileges, private FROM tokens WHERE token = ? LIMIT 1",
		fmt.Sprintf("%x", md5.Sum([]byte(token)))).
		Scan(
			&t.ID, &t.UserID, &privs, &priv8,
		)
	if priv8 {
		privs = common.PrivilegeReadConfidential | common.PrivilegeWrite
	}
	t.Privileges = common.Privileges(privs)
	switch {
	case err == sql.ErrNoRows:
		return common.Token{}, false
	case err != nil:
		panic(err)
	default:
		t.Value = token
		return t, true
	}
}
Initial commit 2016-04-03 17:59:27 +00:00			`package app`

			`import (`
Add token creation (login) 2016-04-05 20:22:13 +00:00			`"crypto/md5"`
Initial commit 2016-04-03 17:59:27 +00:00			`"database/sql"`
Add token creation (login) 2016-04-05 20:22:13 +00:00			`"fmt"`
Initial commit 2016-04-03 17:59:27 +00:00
We git.zxq.co now 2016-04-19 14:07:27 +00:00			`"git.zxq.co/ripple/rippleapi/common"`
Initial commit 2016-04-03 17:59:27 +00:00			`)`

			`// GetTokenFull retrieves an user ID and their token privileges knowing their API token.`
			`func GetTokenFull(token string, db *sql.DB) (common.Token, bool) {`
add GET /tokens/self 2016-06-14 10:01:30 +00:00			`var t common.Token`
			`var privs uint64`
Force private API keys to have Privileges write, read, read confidential 2016-05-15 05:20:11 +00:00			`var priv8 bool`
add GET /tokens/self 2016-06-14 10:01:30 +00:00			`err := db.QueryRow("SELECT id, user, privileges, private FROM tokens WHERE token = ? LIMIT 1",`
			`fmt.Sprintf("%x", md5.Sum([]byte(token)))).`
			`Scan(`
			`&t.ID, &t.UserID, &privs, &priv8,`
			`)`
Force private API keys to have Privileges write, read, read confidential 2016-05-15 05:20:11 +00:00			`if priv8 {`
Remove read privilege. Public data is now readable by everyone without having to pass an API token. Feel free to test around as much as you like! 2016-07-06 12:22:43 +00:00			`privs = common.PrivilegeReadConfidential \| common.PrivilegeWrite`
Force private API keys to have Privileges write, read, read confidential 2016-05-15 05:20:11 +00:00			`}`
Fix misplaced if 2016-06-16 11:14:19 +00:00			`t.Privileges = common.Privileges(privs)`
Initial commit 2016-04-03 17:59:27 +00:00			`switch {`
			`case err == sql.ErrNoRows:`
			`return common.Token{}, false`
			`case err != nil:`
			`panic(err)`
			`default:`
add GET /tokens/self 2016-06-14 10:01:30 +00:00			`t.Value = token`
			`return t, true`
Initial commit 2016-04-03 17:59:27 +00:00			`}`
			`}`