From bd2db52dccd7f12dd75c1fd9f2087e68677cd7b8 Mon Sep 17 00:00:00 2001 From: Ehsan-saradar Date: Mon, 9 Sep 2024 06:06:53 +0330 Subject: [PATCH 1/2] Fix vault delete --- internal/handlers/api.go | 2 +- internal/handlers/vault_handler.go | 23 +++++++++++++++++------ 2 files changed, 18 insertions(+), 7 deletions(-) diff --git a/internal/handlers/api.go b/internal/handlers/api.go index 8789f2c..61d0864 100644 --- a/internal/handlers/api.go +++ b/internal/handlers/api.go @@ -65,7 +65,7 @@ func (a *Api) setupRouting() { rg.POST("/derive-public-key", a.derivePublicKeyHandler) // Vaults rg.POST("/vault", a.registerVaultHandler) - rg.DELETE("/vault", a.deleteVaultHandler) + rg.DELETE("/vault/:ecdsaPublicKey/:eddsaPublicKey", a.deleteVaultHandler) rg.GET("/vault/:ecdsaPublicKey/:eddsaPublicKey", a.getVaultHandler) rg.POST("/vault/:ecdsaPublicKey/:eddsaPublicKey/alias", a.updateAliasHandler) rg.GET("/vault/shared/:uid", a.getVaultByUIDHandler) diff --git a/internal/handlers/vault_handler.go b/internal/handlers/vault_handler.go index c91d9d8..51dd0c5 100644 --- a/internal/handlers/vault_handler.go +++ b/internal/handlers/vault_handler.go @@ -206,13 +206,21 @@ func (a *Api) exitAirdrop(c *gin.Context) { c.Status(http.StatusOK) } func (a *Api) deleteVaultHandler(c *gin.Context) { - var vault models.VaultRequest - if err := c.ShouldBindJSON(&vault); err != nil { - c.Error(errInvalidRequest) + ecdsaPublicKey := c.Param("ecdsaPublicKey") + eddsaPublicKey := c.Param("eddsaPublicKey") + hexChainCode := c.GetHeader("x-hex-chain-code") + if hexChainCode == "" { + c.Error(errForbiddenAccess) + return + } + vault, err := a.s.GetVault(ecdsaPublicKey, eddsaPublicKey) + if err != nil { + a.logger.Error(err) + c.Error(errFailedToGetVault) return } // check vault already exists , should we tell front-end that vault already registered? - v, err := a.s.GetVault(vault.PublicKeyECDSA, vault.PublicKeyEDDSA) + v, err := a.s.GetVault(ecdsaPublicKey, eddsaPublicKey) if err != nil { a.logger.Error(err) c.Error(errFailedToGetVault) @@ -222,12 +230,15 @@ func (a *Api) deleteVaultHandler(c *gin.Context) { c.Error(errVaultNotFound) return } - if v.HexChainCode == vault.HexChainCode && v.Uid == vault.Uid { - if err := a.s.DeleteVault(vault.PublicKeyECDSA, vault.PublicKeyEDDSA); err != nil { + if hexChainCode == vault.HexChainCode { + if err := a.s.DeleteVault(ecdsaPublicKey, eddsaPublicKey); err != nil { a.logger.Error(err) c.Error(errFailedToDeleteVault) return } + } else { + c.Error(errForbiddenAccess) + return } c.Status(http.StatusOK) } From 13f0032c340e61dc3540573e3a1baf90864669c8 Mon Sep 17 00:00:00 2001 From: Ehsan-saradar Date: Mon, 9 Sep 2024 06:18:10 +0330 Subject: [PATCH 2/2] Remove extra vault fetch --- internal/handlers/vault_handler.go | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/internal/handlers/vault_handler.go b/internal/handlers/vault_handler.go index 51dd0c5..9843d14 100644 --- a/internal/handlers/vault_handler.go +++ b/internal/handlers/vault_handler.go @@ -219,14 +219,7 @@ func (a *Api) deleteVaultHandler(c *gin.Context) { c.Error(errFailedToGetVault) return } - // check vault already exists , should we tell front-end that vault already registered? - v, err := a.s.GetVault(ecdsaPublicKey, eddsaPublicKey) - if err != nil { - a.logger.Error(err) - c.Error(errFailedToGetVault) - return - } - if v == nil { + if vault == nil { c.Error(errVaultNotFound) return }