feat: add /vouchers endpoint

runcom · runcom · commit 71c67903f0e0 · 2025-07-29T13:38:26.000+02:00
We have a way to GET a voucher by GUID but there's no way to know the
vouchers on the server. We need _at least_ an API like this to list the
GUIDs it knows about. We definitely need more fields exposed but this
will get us started and it's closer to having something which resembles
real life in production at least.

Signed-off-by: Antonio Murdaca &lt;antoniomurdaca@gmail.com&gt;
diff --git a/api/handlers/vouchers.go b/api/handlers/vouchers.go
@@ -9,11 +9,14 @@ import (
 	"crypto/x509"
 	"database/sql"
 	"encoding/hex"
+	"encoding/json"
 	"encoding/pem"
 	"fmt"
 	"io"
 	"net/http"
 
+	"github.com/samber/lo"
+
 	"github.com/fido-device-onboard/go-fdo"
 
 	"github.com/fido-device-onboard/go-fdo-server/internal/utils"
@@ -27,9 +30,27 @@ import (
 )
 
 func GetVoucherHandler(w http.ResponseWriter, r *http.Request) {
-	guidHex := r.URL.Query().Get("guid")
+	guidHex := r.PathValue("guid")
+
 	if guidHex == "" {
-		http.Error(w, "GUID is required", http.StatusBadRequest)
+		dbVouchers, err := db.FetchVouchers()
+		if err != nil {
+			slog.Debug("Error querying database", "error", err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		w.Header().Set("Content-Type", "application/json")
+
+		vouchers := lo.Map(dbVouchers, func(v db.Voucher, _ int) string {
+			return hex.EncodeToString(v.GUID)
+		})
+
+		if err := json.NewEncoder(w).Encode(vouchers); err != nil {
+			http.Error(w, "Error encoding vouchers", http.StatusInternalServerError)
+			return
+		}
+		w.WriteHeader(http.StatusOK)
 		return
 	}
 
diff --git a/api/routes.go b/api/routes.go
@@ -57,6 +57,7 @@ func (h *HTTPHandler) RegisterRoutes() *http.ServeMux {
 	apiRouter.Handle("/rvinfo", handlers.RvInfoHandler(h.rvInfo))
 	apiRouter.HandleFunc("/owner/redirect", handlers.OwnerInfoHandler)
 	apiRouter.Handle("GET /to0/{guid}", handlers.To0Handler(h.rvInfo, h.state))
+	apiRouter.HandleFunc("GET /vouchers/{guid}", handlers.GetVoucherHandler)
 	apiRouter.HandleFunc("GET /vouchers", handlers.GetVoucherHandler)
 	apiRouter.Handle("POST /owner/vouchers", handlers.InsertVoucherHandler(h.rvInfo))
 
diff --git a/go.mod b/go.mod
@@ -6,6 +6,7 @@ require (
 	github.com/fido-device-onboard/go-fdo v0.0.0-20250512135234-b46a4b0731f2
 	github.com/fido-device-onboard/go-fdo/fsim v0.0.0-20250512135234-b46a4b0731f2
 	github.com/fido-device-onboard/go-fdo/sqlite v0.0.0-20250512135234-b46a4b0731f2
+	github.com/samber/lo v1.51.0
 	github.com/spf13/cobra v1.9.1
 	golang.org/x/time v0.11.0
 	hermannm.dev/devlog v0.5.0
@@ -21,4 +22,5 @@ require (
 	golang.org/x/crypto v0.38.0 // indirect
 	golang.org/x/sys v0.33.0 // indirect
 	golang.org/x/term v0.32.0 // indirect
+	golang.org/x/text v0.25.0 // indirect
 )
diff --git a/go.sum b/go.sum
@@ -32,6 +32,8 @@ github.com/nwidger/jsoncolor v0.3.2/go.mod h1:Cs34umxLbJvgBMnVNVqhji9BhoT/N/KinH
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
+github.com/samber/lo v1.51.0 h1:kysRYLbHy/MB7kQZf5DSN50JHmMsNEdeY24VzJFu7wI=
+github.com/samber/lo v1.51.0/go.mod h1:4+MXEGsJzbKGaUEQFKBq2xtfuznW9oz/WrgyzMzRoM0=
 github.com/segmentio/asm v1.1.3 h1:WM03sfUOENvvKexOLp+pCqgb/WDjsi7EK8gIsICtzhc=
 github.com/segmentio/asm v1.1.3/go.mod h1:Ld3L4ZXGNcSLRg4JBsZ3//1+f/TjYl0Mzen/DQy1EJg=
 github.com/segmentio/encoding v0.3.6 h1:E6lVLyDPseWEulBmCmAKPanDd3jiyGDo5gMcugCRwZQ=
diff --git a/internal/db/db.go b/internal/db/db.go
@@ -57,6 +57,27 @@ func FetchVoucher(guid []byte) (Voucher, error) {
 	return voucher, err
 }
 
+func FetchVouchers() ([]Voucher, error) {
+	var vouchers []Voucher
+	rows, err := db.Query("SELECT guid, cbor FROM owner_vouchers")
+	if err != nil {
+		return nil, err
+	}
+	defer rows.Close()
+
+	for rows.Next() {
+		var voucher Voucher
+		if err := rows.Scan(&voucher.GUID, &voucher.CBOR); err != nil {
+			return vouchers, err
+		}
+		vouchers = append(vouchers, voucher)
+	}
+	if err = rows.Err(); err != nil {
+		return vouchers, err
+	}
+	return vouchers, err
+}
+
 func FetchOwnerKeys() ([]OwnerKey, error) {
 	rows, err := db.Query("SELECT type, pkcs8, x509_chain FROM owner_keys")
 	if err != nil {
