commit c147b6aac8960a5240803c3d2efd81ab17a5ef41
author Adrià Vilanova Martínez <me@avm99963.com> Wed Sep 01 17:25:38 2021 +0200
committer Adrià Vilanova Martínez <me@avm99963.com> Thu Sep 02 13:52:57 2021 +0200
tree 2a6c47a1857fcd1a744170b8c64e042d405aaa2b
parent 25e1211395cfecfbccad20f91fa03b9cd715b008

Add credential checks

This change adds authentication/credential checks to sensitive API
methods, depending on the access level granted to the authenticated
user. It also adds the logic to save the authenticated user to the audit
log entries.

Note: the protobuf definitions were updated in a backwards-incompatible
way (KillSwitchAuthorizedUser.AccessLevel enum). This can be done since
this product hasn't yet launched.

Fixed: twpowertools:46
Change-Id: I9bf888d6108f463369143610d4bd5b256035b68f

api_proto/kill_switch_objects.pb.go

diff --git a/api_proto/kill_switch_objects.pb.go b/api_proto/kill_switch_objects.pb.go
index f449ce6..078833e 100644
--- a/api_proto/kill_switch_objects.pb.go
+++ b/api_proto/kill_switch_objects.pb.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.26.0
-// 	protoc        v3.17.1
+// 	protoc        v3.17.3
 // source: api_proto/kill_switch_objects.proto
 
 package api_proto
@@ -77,21 +77,21 @@
 
 const (
 	KillSwitchAuthorizedUser_ACCESS_LEVEL_NONE      KillSwitchAuthorizedUser_AccessLevel = 0
-	KillSwitchAuthorizedUser_ACCESS_LEVEL_ACTIVATOR KillSwitchAuthorizedUser_AccessLevel = 1 // The user may enable/disable kill switches.
-	KillSwitchAuthorizedUser_ACCESS_LEVEL_ADMIN     KillSwitchAuthorizedUser_AccessLevel = 2 // The user may perform any action.
+	KillSwitchAuthorizedUser_ACCESS_LEVEL_ACTIVATOR KillSwitchAuthorizedUser_AccessLevel = 5  // The user may enable/disable kill switches.
+	KillSwitchAuthorizedUser_ACCESS_LEVEL_ADMIN     KillSwitchAuthorizedUser_AccessLevel = 10 // The user may perform any action.
 )
 
 // Enum value maps for KillSwitchAuthorizedUser_AccessLevel.
 var (
 	KillSwitchAuthorizedUser_AccessLevel_name = map[int32]string{
-		0: "ACCESS_LEVEL_NONE",
-		1: "ACCESS_LEVEL_ACTIVATOR",
-		2: "ACCESS_LEVEL_ADMIN",
+		0:  "ACCESS_LEVEL_NONE",
+		5:  "ACCESS_LEVEL_ACTIVATOR",
+		10: "ACCESS_LEVEL_ADMIN",
 	}
 	KillSwitchAuthorizedUser_AccessLevel_value = map[string]int32{
 		"ACCESS_LEVEL_NONE":      0,
-		"ACCESS_LEVEL_ACTIVATOR": 1,
-		"ACCESS_LEVEL_ADMIN":     2,
+		"ACCESS_LEVEL_ACTIVATOR": 5,
+		"ACCESS_LEVEL_ADMIN":     10,
 	}
 )
 
@@ -878,9 +878,9 @@
 	0x65, 0x73, 0x73, 0x4c, 0x65, 0x76, 0x65, 0x6c, 0x12, 0x15, 0x0a, 0x11, 0x41, 0x43, 0x43, 0x45,
 	0x53, 0x53, 0x5f, 0x4c, 0x45, 0x56, 0x45, 0x4c, 0x5f, 0x4e, 0x4f, 0x4e, 0x45, 0x10, 0x00, 0x12,
 	0x1a, 0x0a, 0x16, 0x41, 0x43, 0x43, 0x45, 0x53, 0x53, 0x5f, 0x4c, 0x45, 0x56, 0x45, 0x4c, 0x5f,
-	0x41, 0x43, 0x54, 0x49, 0x56, 0x41, 0x54, 0x4f, 0x52, 0x10, 0x01, 0x12, 0x16, 0x0a, 0x12, 0x41,
+	0x41, 0x43, 0x54, 0x49, 0x56, 0x41, 0x54, 0x4f, 0x52, 0x10, 0x05, 0x12, 0x16, 0x0a, 0x12, 0x41,
 	0x43, 0x43, 0x45, 0x53, 0x53, 0x5f, 0x4c, 0x45, 0x56, 0x45, 0x4c, 0x5f, 0x41, 0x44, 0x4d, 0x49,
-	0x4e, 0x10, 0x02, 0x22, 0x58, 0x0a, 0x18, 0x4b, 0x69, 0x6c, 0x6c, 0x53, 0x77, 0x69, 0x74, 0x63,
+	0x4e, 0x10, 0x0a, 0x22, 0x58, 0x0a, 0x18, 0x4b, 0x69, 0x6c, 0x6c, 0x53, 0x77, 0x69, 0x74, 0x63,
 	0x68, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x66, 0x6f, 0x72, 0x6d, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12,
 	0x1d, 0x0a, 0x03, 0x6f, 0x6c, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0b, 0x2e, 0x4b,
 	0x69, 0x6c, 0x6c, 0x53, 0x77, 0x69, 0x74, 0x63, 0x68, 0x52, 0x03, 0x6f, 0x6c, 0x64, 0x12, 0x1d,