vaulterm/server/models/keychain.go

package models

import (
	"encoding/json"

	"rul.sh/vaulterm/server/lib"
)

const (
	KeychainTypeUserPass    = "user"
	KeychainTypePVE         = "pve"
	KeychainTypeRSA         = "rsa"
	KeychainTypeCertificate = "cert"
)

type Keychain struct {
	Model

	OwnerID *string `json:"userId" gorm:"type:varchar(26)"`
	Owner   *User   `json:"user" gorm:"foreignKey:OwnerID"`
	TeamID  *string `json:"teamId" gorm:"type:varchar(26)"`
	Team    *Team   `json:"team" gorm:"foreignKey:TeamID"`

	Label string `json:"label"`
	Type  string `json:"type" gorm:"not null;index:keychains_type_idx;type:varchar(12)"`
	Data  string `json:"-" gorm:"type:text"`

	Timestamps
	SoftDeletes
}

func (k *Keychain) EncryptData(data interface{}) error {
	// Encrypt data
	jsonData, err := json.Marshal(data)
	if err != nil {
		return err
	}

	enc, err := lib.Encrypt(string(jsonData))
	if err == nil {
		k.Data = enc
	}
	return err
}

func (k *Keychain) DecryptData(data interface{}) error {
	// Decrypt stored data
	dec, err := lib.Decrypt(k.Data)
	if err != nil {
		return err
	}

	err = json.Unmarshal([]byte(dec), &data)
	if err != nil {
		return err
	}

	return nil
}

func (k *Keychain) HasAccess(user *User) bool {
	if user.IsAdmin() {
		return true
	}
	return *k.OwnerID == user.ID || user.IsInTeam(k.TeamID)
}

func (k *Keychain) CanWrite(user *User) bool {
	if user.IsAdmin() {
		return true
	}
	teamRole := user.GetTeamRole(k.TeamID)
	return *k.OwnerID == user.ID || teamRole == TeamRoleOwner || teamRole == TeamRoleAdmin
}
feat: init api, db, app 2024-11-07 19:07:41 +00:00			`package models`

			`import (`
			`"encoding/json"`

feat: add desktop build using wails 2024-11-16 02:34:07 +07:00			`"rul.sh/vaulterm/server/lib"`
feat: init api, db, app 2024-11-07 19:07:41 +00:00			`)`

			`const (`
			`KeychainTypeUserPass = "user"`
feat: update 2024-11-09 14:37:09 +00:00			`KeychainTypePVE = "pve"`
feat: init api, db, app 2024-11-07 19:07:41 +00:00			`KeychainTypeRSA = "rsa"`
			`KeychainTypeCertificate = "cert"`
			`)`

			`type Keychain struct {`
feat: add hosts management 2024-11-09 10:33:07 +00:00			`Model`
feat: init api, db, app 2024-11-07 19:07:41 +00:00
feat: team access control 2024-11-12 17:17:10 +00:00			OwnerID *string `json:"userId" gorm:"type:varchar(26)"`
			Owner *User `json:"user" gorm:"foreignKey:OwnerID"`
			TeamID *string `json:"teamId" gorm:"type:varchar(26)"`
			Team *Team `json:"team" gorm:"foreignKey:TeamID"`
feat: add auth, hosts, & keychains ownership 2024-11-10 18:49:18 +07:00
feat: init api, db, app 2024-11-07 19:07:41 +00:00			Label string `json:"label"`
			Type string `json:"type" gorm:"not null;index:keychains_type_idx;type:varchar(12)"`
			Data string `json:"-" gorm:"type:text"`

			`Timestamps`
			`SoftDeletes`
			`}`

			`func (k *Keychain) EncryptData(data interface{}) error {`
			`// Encrypt data`
			`jsonData, err := json.Marshal(data)`
			`if err != nil {`
			`return err`
			`}`

			`enc, err := lib.Encrypt(string(jsonData))`
			`if err == nil {`
			`k.Data = enc`
			`}`
			`return err`
			`}`

			`func (k *Keychain) DecryptData(data interface{}) error {`
			`// Decrypt stored data`
			`dec, err := lib.Decrypt(k.Data)`
			`if err != nil {`
			`return err`
			`}`

			`err = json.Unmarshal([]byte(dec), &data)`
			`if err != nil {`
			`return err`
			`}`

			`return nil`
			`}`
feat: team access control 2024-11-12 17:17:10 +00:00
			`func (k Keychain) HasAccess(user User) bool {`
			`if user.IsAdmin() {`
			`return true`
			`}`
			`return *k.OwnerID == user.ID \|\| user.IsInTeam(k.TeamID)`
			`}`

			`func (k Keychain) CanWrite(user User) bool {`
			`if user.IsAdmin() {`
			`return true`
			`}`
			`teamRole := user.GetTeamRole(k.TeamID)`
			`return *k.OwnerID == user.ID \|\| teamRole == TeamRoleOwner \|\| teamRole == TeamRoleAdmin`
			`}`