Add private information to the user keys API

This adjusts the keys API to give out private information to user keys if the current user is the owner or an admin. Signed-off-by: Andrew Thornton <[email protected]>
go-gitea · techknowlogick · Nov 1, 2018 · Sep 19, 2018 · Sep 19, 2018 · Sep 29, 2018
commit ad4160cbf0e38ba1b24b4c33c74dccc19c874b92
diff --git a/routers/api/v1/user/key.go b/routers/api/v1/user/key.go
@@ -14,6 +14,29 @@ import (
  "code.gitea.io/gitea/routers/api/v1/repo"
 )
 
+// appendPrivateInformation appends the owner and key type information to api.PublicKey
+func appendPrivateInformation(apiKey *api.PublicKey, key *models.PublicKey, defaultUser *models.User) (*api.PublicKey, error) {
+ if key.Type == models.KeyTypeDeploy {
+ apiKey.KeyType = "deploy"
+ } else if key.Type == models.KeyTypeUser {
+ apiKey.KeyType = "user"
+
+ if defaultUser.ID == key.OwnerID {
+ apiKey.Owner = defaultUser.APIFormat()
+ } else {
+ user, err := models.GetUserByID(key.OwnerID)
+ if err != nil {
+ return apiKey, err
+ }
+ apiKey.Owner = user.APIFormat()
+ }
+ } else {
+ apiKey.KeyType = "unknown"
+ }
+ apiKey.ReadOnly = key.Mode == models.AccessModeRead
+ return apiKey, nil
+}
+
 // GetUserByParamsName get user by name
 func GetUserByParamsName(ctx *context.APIContext, name string) *models.User {
  user, err := models.GetUserByName(ctx.Params(name))
@@ -37,8 +60,9 @@ func composePublicKeysAPILink() string {
  return setting.AppURL + "api/v1/user/keys/"
 }
 
-func listPublicKeys(ctx *context.APIContext, uid int64) {
- keys, err := models.ListPublicKeys(uid)
+func listPublicKeys(ctx *context.APIContext, user *models.User) {
+ keys, err := models.ListPublicKeys(user.ID)
+
  if err != nil {
  ctx.Error(500, "ListPublicKeys", err)
  return
@@ -48,6 +72,9 @@ func listPublicKeys(ctx *context.APIContext, uid int64) {
  apiKeys := make([]*api.PublicKey, len(keys))
  for i := range keys {
  apiKeys[i] = convert.ToPublicKey(apiLink, keys[i])
+ if ctx.User.IsAdmin || ctx.User.ID == keys[i].OwnerID {
+ apiKeys[i], _ = appendPrivateInformation(apiKeys[i], keys[i], user)
+ }
  }
 
  ctx.JSON(200, &apiKeys)
@@ -63,7 +90,7 @@ func ListMyPublicKeys(ctx *context.APIContext) {
  // responses:
  // "200":
  // "$ref": "#/responses/PublicKeyList"
- listPublicKeys(ctx, ctx.User.ID)
+ listPublicKeys(ctx, ctx.User)
 }
 
 // ListPublicKeys list the given user's public keys
@@ -86,7 +113,7 @@ func ListPublicKeys(ctx *context.APIContext) {
  if ctx.Written() {
  return
  }
- listPublicKeys(ctx, user.ID)
+ listPublicKeys(ctx, user)
 }
 
 // GetPublicKey get a public key
@@ -119,7 +146,11 @@ func GetPublicKey(ctx *context.APIContext) {
  }
 
  apiLink := composePublicKeysAPILink()
- ctx.JSON(200, convert.ToPublicKey(apiLink, key))
+ apiKey := convert.ToPublicKey(apiLink, key)
+ if ctx.User.IsAdmin || ctx.User.ID == key.OwnerID {
+ apiKey, _ = appendPrivateInformation(apiKey, key, ctx.User)
+ }
+ ctx.JSON(200, apiKey)
 }
 
 // CreateUserPublicKey creates new public key to given user by ID.
@@ -136,7 +167,11 @@ func CreateUserPublicKey(ctx *context.APIContext, form api.CreateKeyOption, uid
  return
  }
  apiLink := composePublicKeysAPILink()
- ctx.JSON(201, convert.ToPublicKey(apiLink, key))
+ apiKey := convert.ToPublicKey(apiLink, key)
+ if ctx.User.IsAdmin || ctx.User.ID == key.OwnerID {
+ apiKey, _ = appendPrivateInformation(apiKey, key, ctx.User)
+ }
+ ctx.JSON(201, apiKey)
 }
 
 // CreatePublicKey create one public key for me