Changed to use UUIDs to identify users instead of API keys

phishdetect · Oct 26, 2020 · b961c64 · b961c64
1 parent a9cd542
commit b961c64
Show file tree

Hide file tree

Showing 8 changed files with 55 additions and 21 deletions.
diff --git a/api_alerts.go b/api_alerts.go
@@ -62,6 +62,10 @@ func apiAlertsAdd(w http.ResponseWriter, r *http.Request) {
 	uuidInstance, _ := uuid.NewV4()
 	alert.UUID = uuidInstance.String()
 
+	key := getAPIKeyFromRequest(r)
+	user, _ := db.GetUserByKey(key)
+	alert.User = user.UUID
+
 	err = db.AddAlert(alert)
 	if err != nil {
 		errorWithJSON(w, "Unable to store alert in database", http.StatusInternalServerError, err)

diff --git a/api_reports.go b/api_reports.go
@@ -68,6 +68,10 @@ func apiReportsAdd(w http.ResponseWriter, r *http.Request) {
 	uuidInstance, _ := uuid.NewV4()
 	report.UUID = uuidInstance.String()
 
+	key := getAPIKeyFromRequest(r)
+	user, _ := db.GetUserByKey(key)
+	report.User = user.UUID
+
 	err = db.AddReport(report)
 	if err != nil {
 		errorWithJSON(w, "Unable to store report in database", http.StatusInternalServerError, err)

diff --git a/api_users.go b/api_users.go
@@ -69,16 +69,16 @@ func apiUsersActivate(w http.ResponseWriter, r *http.Request) {
 	}
 
 	vars := mux.Vars(r)
-	apiKey := vars["apiKey"]
+	uuid := vars["uuid"]
 
-	err := db.ActivateUser(apiKey)
+	err := db.ActivateUser(uuid)
 	if err != nil {
 		errorWithJSON(w, "Failed to activate the user", http.StatusInternalServerError, err)
 		return
 	}
 
 	response := map[string]interface{}{
-		"msg": fmt.Sprintf("User with API key %s activated successfully", apiKey),
+		"msg": fmt.Sprintf("User with UUID %s activated successfully", uuid),
 	}
 
 	responseWithJSON(w, response)
@@ -91,16 +91,16 @@ func apiUsersDeactivate(w http.ResponseWriter, r *http.Request) {
 	}
 
 	vars := mux.Vars(r)
-	apiKey := vars["apiKey"]
+	uuid := vars["uuid"]
 
-	err := db.DeactivateUser(apiKey)
+	err := db.DeactivateUser(uuid)
 	if err != nil {
 		errorWithJSON(w, "Failed to deactivate the user", http.StatusInternalServerError, err)
 		return
 	}
 
 	response := map[string]interface{}{
-		"msg": fmt.Sprintf("User with API key %s deactivated successfully", apiKey),
+		"msg": fmt.Sprintf("User with UUID %s deactivated successfully", uuid),
 	}
 
 	responseWithJSON(w, response)

diff --git a/database.go b/database.go
@@ -34,6 +34,7 @@ type Database struct {
 }
 
 type User struct {
+	UUID      string    `json:"uuid"`
 	Name      string    `json:"name" validate:"required"`
 	Email     string    `json:"email" validate:"required,email"`
 	Key       string    `json:"key"`
@@ -53,28 +54,29 @@ type Indicator struct {
 }
 
 type Alert struct {
+	UUID        string    `json:"uuid"`
+	Datetime    time.Time `json:"datetime"`
 	Type        string    `json:"type"`
 	Match       string    `json:"match"`
 	Indicator   string    `json:"indicator"`
 	UserContact string    `json:"user_contact" bson:"user_contact"`
-	Datetime    time.Time `json:"datetime"`
-	UUID        string    `json:"uuid"`
-	Key         string    `json:"key"`
+	User        string    `json:"user"`
 }
 
 type Report struct {
+	UUID        string    `json:"uuid"`
+	Datetime    time.Time `json:"datetime"`
 	Type        string    `json:"type"`
 	Content     string    `json:"content"`
 	UserContact string    `json:"user_contact" bson:"user_contact"`
-	Datetime    time.Time `json:"datetime"`
-	UUID        string    `json:"uuid"`
-	Key         string    `json:"key"`
+	User        string    `json:"user"`
 }
 
 type Review struct {
+	UUID      string    `json:"uuid"`
 	Indicator string    `json:"indicator"`
 	Datetime  time.Time `json:"datetime"`
-	Key       string    `json:"key"`
+	User      string    `json:"user"`
 }
 
 type AnalysisResults struct {
@@ -137,10 +139,10 @@ func (d *Database) GetAllUsers() ([]User, error) {
 	return users, nil
 }
 
-func (d *Database) ActivateUser(key string) error {
+func (d *Database) ActivateUser(uuid string) error {
 	coll := d.DB.Collection("users")
 
-	_, err := coll.UpdateOne(context.Background(), bson.D{{"key", key}},
+	_, err := coll.UpdateOne(context.Background(), bson.D{{"uuid", uuid}},
 		bson.M{"$set": bson.M{"activated": true}})
 	if err != nil {
 		return err
@@ -149,10 +151,10 @@ func (d *Database) ActivateUser(key string) error {
 	return nil
 }
 
-func (d *Database) DeactivateUser(key string) error {
+func (d *Database) DeactivateUser(uuid string) error {
 	coll := d.DB.Collection("users")
 
-	_, err := coll.UpdateOne(context.Background(), bson.D{{"key", key}},
+	_, err := coll.UpdateOne(context.Background(), bson.D{{"uuid", uuid}},
 		bson.M{"$set": bson.M{"activated": false}})
 	if err != nil {
 		return err
@@ -190,6 +192,18 @@ func (d *Database) GetUserByKey(key string) (User, error) {
 	return userFound, nil
 }
 
+func (d *Database) GetUserByUUID(uuid string) (User, error) {
+	coll := d.DB.Collection("users")
+
+	var userFound User
+	err := coll.FindOne(context.Background(), bson.D{{"uuid", uuid}}).Decode(&userFound)
+	if err != nil {
+		return User{}, err
+	}
+
+	return userFound, nil
+}
+
 func (d *Database) GetIndicators(limit int, enabled bool) ([]Indicator, error) {
 	var iocs []Indicator
 	coll := d.DB.Collection("indicators")

diff --git a/gui_report.go b/gui_report.go
@@ -56,13 +56,16 @@ func guiReport(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
+	key := getAPIKeyFromRequest(r)
+	user, _ := db.GetUserByKey(key)
+
 	uuidInstance, _ := uuid.NewV4()
 	report := Report{
 		Type:     "url",
 		Content:  urlDecoded,
 		Datetime: time.Now().UTC(),
 		UUID:     uuidInstance.String(),
-		Key:      getAPIKeyFromRequest(r),
+		User:     user.UUID,
 	}
 
 	err = db.AddReport(report)

diff --git a/gui_review.go b/gui_review.go
@@ -23,6 +23,7 @@ import (
 
 	pongo "github.com/flosch/pongo2"
 	"github.com/gorilla/mux"
+	"github.com/nu7hatch/gouuid"
 	log "github.com/sirupsen/logrus"
 )
 
@@ -36,10 +37,15 @@ func guiReview(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
+	key := getAPIKeyFromRequest(r)
+	user, _ := db.GetUserByKey(key)
+
+	uuidInstance, _ := uuid.NewV4()
 	review := Review{
+		UUID:      uuidInstance.String(),
 		Indicator: ioc,
 		Datetime:  time.Now().UTC(),
-		Key:       getAPIKeyFromRequest(r),
+		User:      user.UUID,
 	}
 
 	err = db.AddReview(review)

diff --git a/main.go b/main.go
@@ -258,9 +258,9 @@ func startServer() {
 			authMiddleware(apiUsersPending, roleAdmin)).Methods("GET")
 		router.HandleFunc("/api/users/active/",
 			authMiddleware(apiUsersActive, roleAdmin)).Methods("GET")
-		router.HandleFunc(fmt.Sprintf("/api/users/activate/{apiKey:%s}/", sha1Regex),
+		router.HandleFunc(fmt.Sprintf("/api/users/activate/{uuid:%s}/", uuidRegex),
 			authMiddleware(apiUsersActivate, roleAdmin)).Methods("GET")
-		router.HandleFunc(fmt.Sprintf("/api/users/deactivate/{apiKey:%s}/", sha1Regex),
+		router.HandleFunc(fmt.Sprintf("/api/users/deactivate/{uuid:%s}/", uuidRegex),
 			authMiddleware(apiUsersDeactivate, roleAdmin)).Methods("GET")
 	}
 

diff --git a/users.go b/users.go
@@ -21,6 +21,7 @@ import (
 	"time"
 
 	"github.com/manifoldco/promptui"
+	"github.com/nu7hatch/gouuid"
 	log "github.com/sirupsen/logrus"
 	"gopkg.in/go-playground/validator.v9"
 )
@@ -85,7 +86,9 @@ func createNewUser() {
 		return
 	}
 
+	uuidInstance, _ := uuid.NewV4()
 	user := User{
+		UUID:      uuidInstance.String(),
 		Name:      name,
 		Email:     email,
 		Key:       apiKey,