Merge pull request #106 from silinternational/feature/scan-api-key

add the ability to scan the WebAuthn table by apiKey

Author: briskt

storage.go

@@ -13,6 +13,8 @@ import (
 
 const StorageContextKey = "storage"
 
+var tableNameMissingError = errors.New("table name must not be empty")
+
 // Storage provides wrapper methods for interacting with DynamoDB
 type Storage struct {
 	client *dynamodb.Client
@@ -51,7 +53,7 @@ func (s *Storage) Store(table string, item interface{}) error {
 // Load retrieves the value at key and unmarshals it into item.
 func (s *Storage) Load(table, attrName, attrVal string, item interface{}) error {
 	if table == "" {
-		return errors.New("table must not be empty")
+		return tableNameMissingError
 	}
 	if attrName == "" {
 		return errors.New("attrName must not be empty")
@@ -84,7 +86,7 @@ func (s *Storage) Load(table, attrName, attrVal string, item interface{}) error
 // Delete deletes key.
 func (s *Storage) Delete(table, attrName, attrVal string) error {
 	if table == "" {
-		return errors.New("table must not be empty")
+		return tableNameMissingError
 	}
 	if attrName == "" {
 		return errors.New("attrName must not be empty")
@@ -101,3 +103,34 @@ func (s *Storage) Delete(table, attrName, attrVal string) error {
 	_, err := s.client.DeleteItem(ctx, input)
 	return err
 }
+
+// ScanApiKey a table using apiKey-index
+func (s *Storage) ScanApiKey(table, apiKey string, items any) error {
+	if table == "" {
+		return tableNameMissingError
+	}
+
+	input := &dynamodb.ScanInput{
+		FilterExpression: aws.String("apiKey = :val"),
+		ExpressionAttributeValues: map[string]types.AttributeValue{
+			":val": &types.AttributeValueMemberS{Value: apiKey},
+		},
+		TableName: aws.String(table),
+	}
+
+	ctx := context.Background()
+	result, err := s.client.Scan(ctx, input)
+	if err != nil {
+		return err
+	}
+
+	if result.LastEvaluatedKey != nil {
+		return errors.New("too many results, pagination has not been implemented")
+	}
+
+	err = attributevalue.UnmarshalListOfMaps(result.Items, &items)
+	if err != nil {
+		return err
+	}
+	return nil
+}

storage_test.go

@@ -71,3 +71,33 @@ func (ms *MfaSuite) TestStorage_StoreLoad() {
 		})
 	}
 }
+
+func (ms *MfaSuite) TestStorageScanApiKey() {
+	cfg, err := config.LoadDefaultConfig(
+		context.Background(),
+		config.WithRegion("local"),
+		config.WithBaseEndpoint(os.Getenv("AWS_ENDPOINT")),
+	)
+	ms.NoError(err)
+
+	s, err := NewStorage(cfg)
+	ms.NoError(err)
+	must(s.Store(TestTableName, &WebauthnUser{
+		ID:             "user1",
+		ApiKeyValue:    "key1",
+		EncryptedAppId: "xyz123",
+	}))
+	must(s.Store(TestTableName, &WebauthnUser{
+		ID:             "user2",
+		ApiKeyValue:    "key2",
+		EncryptedAppId: "abc123",
+	}))
+
+	var users []WebauthnUser
+	err = s.ScanApiKey(TestTableName, "key1", &users)
+	ms.NoError(err)
+	ms.Len(users, 1)
+	ms.Equal("user1", users[0].ID)
+	ms.Equal("key1", users[0].ApiKeyValue)
+	ms.Equal("xyz123", users[0].EncryptedAppId)
+}