egommerce/identity-service
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

Moved lgoin from AccessHandler into Guard Service

Browse Source
This commit is contained in:
PB
2025-10-22 14:10:05 +02:00
parent e97b232207
commit 40a7d841b8
3 changed files with 57 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
src/internal/server/access_handler.go
View File

@@ -1,8 +1,6 @@
package server package server
import ( import (
"fmt"
dto "git.ego.freeddns.org/egommerce/api-entities/identity/dto" dto "git.ego.freeddns.org/egommerce/api-entities/identity/dto"
domain "git.ego.freeddns.org/egommerce/identity-service/domain/repository" domain "git.ego.freeddns.org/egommerce/identity-service/domain/repository"
"git.ego.freeddns.org/egommerce/identity-service/internal/service" "git.ego.freeddns.org/egommerce/identity-service/internal/service"
@@ -14,36 +12,16 @@ func (s *Server) AccessHandlerFn(c *fiber.Ctx) error {
roleRepo := domain.NewRoleRepository(s.GetDatabase()) roleRepo := domain.NewRoleRepository(s.GetDatabase())
urlRepo := domain.NewURLAccessRepository(s.GetDatabase()) urlRepo := domain.NewURLAccessRepository(s.GetDatabase())
authSrv := service.NewAuthService(userRepo, s.GetCache()) authSrv := service.NewAuthService(userRepo, s.GetCache())
guardSrv := service.NewGuardService(authSrv, userRepo, roleRepo, urlRepo)
url, srvName := c.Query("q"), c.Query("srv") url, srvName := c.Query("q"), c.Query("srv")
header := new(dto.AuthorizationHeaderDTO) header := new(dto.AuthorizationHeaderDTO)
c.ReqHeaderParser(header) c.ReqHeaderParser(header)
token, err := authSrv.GetTokenFromAuthorizationHeader(header.Authorization) err := guardSrv.CheckUserPermissions(header, url, srvName)
if err != nil { // FIXME probably never get here cause of jwt parsing in middlewares if err != nil {
return s.Error(c, fiber.StatusNotFound, err.Error()) return s.Error(c, fiber.StatusNotFound, err.Error())
} }
uid, _ := authSrv.GetUIDByAccesssToken(token)
user, err := userRepo.FindByID(uid)
if err != nil {
return s.Error(c, fiber.StatusNotFound, "user not found")
}
role := roleRepo.GetUserRole(user)
urlAcc, err := urlRepo.FindByURLAndServiceForRole(url, srvName, role.Name)
if err != nil {
return s.Error(c, fiber.StatusNotFound, "user has not required permission")
}
fmt.Printf("urlAcc: %#v", urlAcc)
// roles := urlRepo.FindForUser()
// guardSrv := service.NewGuardService()
// guard.CheckAccess("asd")
return c.SendStatus(fiber.StatusNoContent) return c.SendStatus(fiber.StatusNoContent)
} }

18
src/internal/service/auth.go
View File

@@ -25,19 +25,19 @@ func init() {
passSrv = NewPasswordService() passSrv = NewPasswordService()
} }
type Auth struct { type AuthService struct {
userRepo *domain.UserRepository userRepo *domain.UserRepository
cache *redis.Client cache *redis.Client
} }
func NewAuthService(userRepo *domain.UserRepository, cache *redis.Client) *Auth { func NewAuthService(userRepo *domain.UserRepository, cache *redis.Client) *AuthService {
return &Auth{ return &AuthService{
userRepo: userRepo, userRepo: userRepo,
cache: cache, cache: cache,
} }
} }
func (a *Auth) Login(login, passwd string) (string, error) { func (a *AuthService) Login(login, passwd string) (string, error) {
user, err := a.userRepo.FindByUsername(login) user, err := a.userRepo.FindByUsername(login)
if err != nil { if err != nil {
// if err = database.NoRowsInQuerySet(err); err != nil { // if err = database.NoRowsInQuerySet(err); err != nil {
@@ -66,7 +66,7 @@ func (a *Auth) Login(login, passwd string) (string, error) {
return accessToken, nil return accessToken, nil
} }
func (a *Auth) RefreshToken(accessToken string) (string, error) { func (a *AuthService) RefreshToken(accessToken string) (string, error) {
token, claims, err := jwtSrv.ValidateAccessToken(accessToken) token, claims, err := jwtSrv.ValidateAccessToken(accessToken)
if err != nil || !token.Valid { if err != nil || !token.Valid {
return "", ErrInvalidAccessToken return "", ErrInvalidAccessToken
@@ -95,7 +95,7 @@ func (a *Auth) RefreshToken(accessToken string) (string, error) {
return newAccessToken, nil return newAccessToken, nil
} }
func (a *Auth) Register(email, login, passwd string) (string, error) { func (a *AuthService) Register(email, login, passwd string) (string, error) {
passwd, _ = passSrv.Hash(passwd) passwd, _ = passSrv.Hash(passwd)
id, err := a.userRepo.Create(&entity.User{ id, err := a.userRepo.Create(&entity.User{
@@ -110,7 +110,7 @@ func (a *Auth) Register(email, login, passwd string) (string, error) {
return id, nil return id, nil
} }
func (a *Auth) GetTokenFromAuthorizationHeader(header string) (string, error) { func (a *AuthService) getTokenFromAuthorizationHeader(header string) (string, error) {
split := strings.Split(header, " ") split := strings.Split(header, " ")
if len(split) != 2 { if len(split) != 2 {
return "", ErrParsingAccessToken return "", ErrParsingAccessToken
@@ -119,7 +119,7 @@ func (a *Auth) GetTokenFromAuthorizationHeader(header string) (string, error) {
return split[1], nil return split[1], nil
} }
func (a *Auth) GetUIDByAccesssToken(aToken string) (string, error) { func (a *AuthService) getUIDByAccesssToken(aToken string) (string, error) {
res := a.cache.Get(context.Background(), "user:"+aToken) res := a.cache.Get(context.Background(), "user:"+aToken)
if err := res.Err(); err != nil { if err := res.Err(); err != nil {
return "", err return "", err
@@ -130,7 +130,7 @@ func (a *Auth) GetUIDByAccesssToken(aToken string) (string, error) {
return uid, nil return uid, nil
} }
func (a *Auth) saveTokensToCache(id, aToken, rToken string) error { func (a *AuthService) saveTokensToCache(id, aToken, rToken string) error {
res := a.cache.Set(context.Background(), "auth:access_token:"+id, aToken, accessTokenExpireTime) res := a.cache.Set(context.Background(), "auth:access_token:"+id, aToken, accessTokenExpireTime)
if err := res.Err(); err != nil { if err := res.Err(); err != nil {
fmt.Println("failed to save access token in cache: ", err.Error()) fmt.Println("failed to save access token in cache: ", err.Error())

45
src/internal/service/guard.go Normal file
View File

@@ -0,0 +1,45 @@
package service
import (
"errors"
dto "git.ego.freeddns.org/egommerce/api-entities/identity/dto"
domain "git.ego.freeddns.org/egommerce/identity-service/domain/repository"
)
type Guard struct {
authSrv *AuthService
userRepo *domain.UserRepository
roleRepo *domain.RoleRepository
urlRepo *domain.URLAccessRepository
}
func NewGuardService(authSrv *AuthService, userRepo *domain.UserRepository, roleRepo *domain.RoleRepository, urlRepo *domain.URLAccessRepository) *Guard {
return &Guard{
authSrv: authSrv,
userRepo: userRepo,
roleRepo: roleRepo,
urlRepo: urlRepo,
}
}
func (g *Guard) CheckUserPermissions(authHeader *dto.AuthorizationHeaderDTO, url, srvName string) error {
token, err := g.authSrv.getTokenFromAuthorizationHeader(authHeader.Authorization)
if err != nil { // FIXME probably never get here cause of jwt parsing in middlewares
return err
}
uid, _ := g.authSrv.getUIDByAccesssToken(token)
user, err := g.userRepo.FindByID(uid)
if err != nil {
return errors.New("user not found")
}
role := g.roleRepo.GetUserRole(user)
if _, err := g.urlRepo.FindByURLAndServiceForRole(url, srvName, role.Name); err != nil {
return errors.New("user has not required permission")
}
return nil
}