ripple-api/app/tokens.go

45 lines
1003 B
Go
Raw Normal View History

2016-04-03 17:59:27 +00:00
package app
import (
2016-04-05 20:22:13 +00:00
"crypto/md5"
2016-04-03 17:59:27 +00:00
"database/sql"
2016-04-05 20:22:13 +00:00
"fmt"
2016-04-03 17:59:27 +00:00
"github.com/jmoiron/sqlx"
2016-04-19 14:07:27 +00:00
"git.zxq.co/ripple/rippleapi/common"
2016-04-03 17:59:27 +00:00
)
// GetTokenFull retrieves an user ID and their token privileges knowing their API token.
func GetTokenFull(token string, db *sqlx.DB) (common.Token, bool) {
2016-06-14 10:01:30 +00:00
var t common.Token
var (
tokenPrivsRaw uint64
userPrivsRaw uint64
)
var priv8 bool
err := db.QueryRow(`SELECT
t.id, t.user, t.privileges, t.private, u.privileges
FROM tokens t
LEFT JOIN users u ON u.id = t.user
WHERE token = ? LIMIT 1`,
2016-06-14 10:01:30 +00:00
fmt.Sprintf("%x", md5.Sum([]byte(token)))).
Scan(
&t.ID, &t.UserID, &tokenPrivsRaw, &priv8, &userPrivsRaw,
2016-06-14 10:01:30 +00:00
)
if priv8 {
tokenPrivsRaw = common.PrivilegeReadConfidential | common.PrivilegeWrite
}
t.TokenPrivileges = common.Privileges(tokenPrivsRaw)
t.UserPrivileges = common.UserPrivileges(userPrivsRaw)
2016-04-03 17:59:27 +00:00
switch {
case err == sql.ErrNoRows:
return common.Token{}, false
case err != nil:
panic(err)
default:
2016-06-14 10:01:30 +00:00
t.Value = token
return t, true
2016-04-03 17:59:27 +00:00
}
}