diff --git a/pinecrypt/server/api/tag.py b/pinecrypt/server/api/tag.py index b958c85..7d7535d 100644 --- a/pinecrypt/server/api/tag.py +++ b/pinecrypt/server/api/tag.py @@ -1,13 +1,33 @@ -from pinecrypt.server import db +from pinecrypt.server import authority, db from pinecrypt.server.decorators import serialize, csrf_protection from .utils.firewall import login_required, authorize_admin +from bson import ObjectId +import falcon + class TagResource(object): + + @serialize + @login_required + @authorize_admin + def on_get_cn(self, req, resp, cn): + try: + id = authority.get_common_name_id(cn) + except ValueError: + raise falcon.HTTPNotFound("Unknown Common name", + "Object not found with common name %s" % cn) + + id = authority.get_common_name_id(cn) + url = req.forwarded_uri.replace(cn, "id/%s" % id) + + resp.status = falcon.HTTP_307 + resp.location = url + @serialize @login_required @authorize_admin def on_get(self, req, resp, id): - tags = db.certificates.find_one({"_id": db.ObjectId(id), "status": "signed"}).get("tags") + tags = db.certificates.find_one({"_id": ObjectId(id), "status": "signed"}).get("tags") return tags @csrf_protection @@ -17,7 +37,7 @@ class TagResource(object): # TODO: Sanitize input key, value = req.get_param("key", required=True), req.get_param("value", required=True) db.certificates.update_one({ - "_id": db.ObjectId(id), + "_id": ObjectId(id), "status": "signed" }, { "$addToSet": {"tags": "%s=%s" % (key, value)} @@ -36,26 +56,25 @@ class TagDetailResource(object): value = req.get_param("value", required=True) # TODO: Make atomic https://docs.mongodb.com/manual/reference/operator/update-array/ db.certificates.find_one_and_update({ - "_id": db.ObjectId(id), + "_id": ObjectId(id), "status": "signed" }, { "$pull": {"tags": tag} }) db.certificates.find_one_and_update({ - "_id": db.ObjectId(id), + "_id": ObjectId(id), "status": "signed" }, { "$addToSet": {"tags": "%s=%s" % (key, value)} }) - @csrf_protection @login_required @authorize_admin def on_delete(self, req, resp, id, tag): db.certificates.find_one_and_update({ - "_id": db.ObjectId(id), + "_id": ObjectId(id), "status": "signed" }, { "$pull": {"tags": tag} diff --git a/pinecrypt/server/cli.py b/pinecrypt/server/cli.py index 72940ae..4f613b2 100644 --- a/pinecrypt/server/cli.py +++ b/pinecrypt/server/cli.py @@ -398,6 +398,7 @@ def pinecone_serve_backend(): # CN to Id api call app.add_route("/api/signed/{cn}", SignedCertificateDetailResource(), suffix="cn") + app.add_route("/api/signed/{cn}/tag", TagResource(), suffix="cn") # Certificate authority API calls app.add_route("/api/certificate", CertificateAuthorityResource())