WIP: Almost full token controller

Signed-off-by: Nikolai Rodionov <allanger@badhouseplants.net>
2026-05-14 14:30:09 +02:00
parent e96ec08a86
commit a534a4b92e
7 changed files with 118 additions and 28 deletions
--- a/internal/controllers/tokens.go
+++ b/internal/controllers/tokens.go
@@ -3,6 +3,7 @@ package controllers
 import (
 	"context"
 	"database/sql"
+	"encoding/json"
 	"errors"
 	"regexp"
 	"time"
@@ -37,7 +38,7 @@ type TokenData struct {
 	LastUserAt time.Time
 	RevokedAt  time.Time
 	ExpiredAt  time.Time
-	Scopes     *Scopes
+	Scopes     map[string][]string
 }

 type Scopes struct{}
@@ -74,27 +75,97 @@ func (ctrl *TokenController) Create(ctx context.Context, data *TokenData) (strin
 		return "", ErrServerError
 	}

-	query := "INSERT INTO tokens (uuid, token_hash, user_id, scopes, created_at, expires_at) VALUES ($1, $2, $3, $4, $5, $6)"
-	if _, err := ctrl.DB.Query(query, id, tokenHash, "dummy", time.Now(), data.ExpiredAt); err != nil {
+	scopesJson, err := json.Marshal(data.Scopes)
+	if err != nil {
+		log.Error(err, "Couldn't marshal permissions into json")
+		return "", ErrServerError
+	}
+
+	query := `
+	INSERT INTO tokens (uuid, token_hash, user_id, scopes, created_at, generated_at, expires_at) 
+	VALUES ($1, $2, $3, $4, $5, $6, $7)`
+
+	if _, err := ctrl.DB.Query(
+		query,
+		id,
+		tokenHash,
+		data.UserID,
+		scopesJson,
+		time.Now(),
+		time.Now(),
+		data.ExpiredAt,
+	); err != nil {
 		log.Error(err, "Couldn't insert a token in the database")
 		return "", ErrServerError
 	}

-	return "", nil
+	return tokenValue, nil
 }

 // Update token name or permissions, other changes are ignored by this method
-func (ctrl *TokenController) Update(ctx context.Context) (string, error) {
-	return "", nil
+func (ctrl *TokenController) Update(ctx context.Context, data *TokenData) error {
+	log := logger.FromContext(ctx).WithValues("uuid", data.UUID)
+	log.V(2).Info("Updating a token")
+
+	scopesJson, err := json.Marshal(data.Scopes)
+	if err != nil {
+		log.Error(err, "Couldn't marshal permissions into json")
+		return ErrServerError
+	}
+
+	query := "UPDATE tokens SET name = $1, scopes = $2 WHERE uuid = $3;"
+	if _, err := ctrl.DB.Query(query, data.Name, scopesJson, data.UUID); err != nil {
+		log.Error(err, "Couldn't update a token in the database")
+		return ErrServerError
+	}
+
+	return nil
 }

 // ForceExpiration of a token, so it can no longer be used
-func (ctrl *TokenController) ForceExpiration(ctx context.Context) error {
+func (ctrl *TokenController) ForceExpiration(ctx context.Context, id string) error {
+	log := logger.FromContext(ctx).WithValues("uuid", id)
+	log.V(2).Info("Forcing a token expiration")
+
+	query := "UPDATE tokens SET revoked_at = $1 WHERE uuid = $2;"
+	if _, err := ctrl.DB.Query(query, time.Now(), id); err != nil {
+		log.Error(err, "Couldn't update a token in the database")
+		return ErrServerError
+	}
+
 	return nil
 }

 // Regenerate a token and get a new value
-func (ctrl *TokenController) Regenerate(ctx context.Context) (string, error) {
+func (ctrl *TokenController) Regenerate(ctx context.Context, id string) (string, error) {
+	log := logger.FromContext(ctx).WithValues("uuid", id)
+	log.V(2).Info("Regenerating a token")
+
+	tokenValue, err := token.GenerateToken()
+	if err != nil {
+		log.Error(err, "Couldn't create a token")
+		return "", ErrServerError
+	}
+
+	tokenHash, err := hash.HashPassword(tokenValue, int(ctrl.HashCost))
+	if err != nil {
+		log.Error(err, "Couldn't calculate token hash")
+		return "", ErrServerError
+	}
+
+	query := `
+	UPDATE tokens 
+	SET 
+		token_hash = $1,
+		generated_at = $2,
+		expires_at = NOW() + (expires_at - generated_at),
+	WHERE uuid = $3;`
+
+	if _, err := ctrl.DB.Query(query, tokenHash, time.Now(), data.UUID); err != nil {
+		log.Error(err, "Couldn't insert a token in the database")
+		return "", ErrServerError
+	}
+
 	return "", nil
 }

@@ -104,8 +175,22 @@ func (ctrl *TokenController) Get(ctx context.Context, uuid string) error {
 }

 // List all available token
-func (ctrl *TokenController) List(ctx context.Context) error {
-	return nil
+func (ctrl *TokenController) List(ctx context.Context, userID string) error {
+	query := `
+		SELECT id, name, generated_at, expires_at
+		FROM tokens
+		WHERE user_id = $1`
+	err := ctrl.DB.QueryRowContext(ctx, query, userID).Scan(
+		&t.ID,
+		&t.UserID,
+		&t.Name,
+		&scopes,
+		&t.GeneratedAt,
+		&t.ExpiresAt,
+	)
+	if err != nil {
+		return nil, err
+	}
 }

 // Lis all available permissions