Signed-off-by: Nikolai Rodionov <allanger@badhouseplants.net>
This commit is contained in:
133
api/v1/tokens.go
133
api/v1/tokens.go
@@ -49,9 +49,10 @@ func (srv *TokensServer) CreateToken(ctx context.Context, in *tokens.CreateToken
|
||||
}
|
||||
|
||||
tokenData := &controllers.TokenData{
|
||||
Name: in.TokenMetadata.GetName(),
|
||||
UserID: claims.UserID,
|
||||
Scopes: permissions,
|
||||
Name: in.TokenMetadata.GetName(),
|
||||
UserID: claims.UserID,
|
||||
ExpiresAt: in.TokenMetadata.ExpiresAt.AsTime(),
|
||||
Scopes: permissions,
|
||||
}
|
||||
|
||||
token, err := srv.tokenCtrl.Create(ctx, tokenData)
|
||||
@@ -68,13 +69,56 @@ func (srv *TokensServer) CreateToken(ctx context.Context, in *tokens.CreateToken
|
||||
}
|
||||
|
||||
// ForceTokenExpiration implements [v1.TokensServiceServer].
|
||||
func (t *TokensServer) ForceTokenExpiration(context.Context, *tokens.ForceTokenExpirationRequest) (*emptypb.Empty, error) {
|
||||
return nil, status.Error(codes.Unimplemented, "Method is not implemented")
|
||||
func (srv *TokensServer) ForceTokenExpiration(ctx context.Context, in *tokens.ForceTokenExpirationRequest) (*emptypb.Empty, error) {
|
||||
claims, err := srv.authorizationCtrl.ClaimsFromContext(ctx)
|
||||
if err != nil {
|
||||
return nil, status.Error(codes.Aborted, "Context is invalid")
|
||||
}
|
||||
if claims.UserID == "" {
|
||||
return nil, status.Error(codes.Aborted, "Context is invalid")
|
||||
}
|
||||
|
||||
if err := srv.tokenCtrl.ForceExpiration(ctx, in.TokenUuid.GetUuid()); err != nil {
|
||||
if errors.Is(err, controllers.ErrServerError) {
|
||||
return nil, status.Error(codes.Internal, "Something is broken on our side")
|
||||
}
|
||||
return nil, status.Error(codes.Aborted, "Couldn't create a token")
|
||||
}
|
||||
return &emptypb.Empty{}, nil
|
||||
}
|
||||
|
||||
// GetToken implements [v1.TokensServiceServer].
|
||||
func (t *TokensServer) GetToken(context.Context, *tokens.GetTokenRequest) (*tokens.GetTokenResponse, error) {
|
||||
return nil, status.Error(codes.Unimplemented, "Method is not implemented")
|
||||
func (srv *TokensServer) GetToken(ctx context.Context, in *tokens.GetTokenRequest) (*tokens.GetTokenResponse, error) {
|
||||
claims, err := srv.authorizationCtrl.ClaimsFromContext(ctx)
|
||||
if err != nil {
|
||||
return nil, status.Error(codes.Aborted, "Context is invalid")
|
||||
}
|
||||
if claims.UserID == "" {
|
||||
return nil, status.Error(codes.Aborted, "Context is invalid")
|
||||
}
|
||||
|
||||
token, err := srv.tokenCtrl.Get(ctx, in.TokenUuid.Uuid, claims.UserID)
|
||||
if err != nil {
|
||||
if errors.Is(err, controllers.ErrServerError) {
|
||||
return nil, status.Error(codes.Internal, "Something is broken on our side")
|
||||
}
|
||||
return nil, status.Error(codes.Aborted, "Couldn't list tokens")
|
||||
}
|
||||
|
||||
return &tokens.GetTokenResponse{
|
||||
TokenUuid: &tokens.TokenUUID{
|
||||
Uuid: token.UUID,
|
||||
},
|
||||
TokenMetadata: &tokens.TokenMetadata{
|
||||
Name: token.Name,
|
||||
ExpiresAt: timestamppb.New(token.ExpiresAt),
|
||||
LastUsedAt: timestamppb.New(token.LastUsedAt),
|
||||
GeneratedAt: timestamppb.New(token.GeneratedAt),
|
||||
CreatedAt: timestamppb.New(token.CreatedAt),
|
||||
RevokedAt: timestamppb.New(token.RevokedAt),
|
||||
},
|
||||
TokenPermissions: &tokens.TokenPermissions{},
|
||||
}, nil
|
||||
}
|
||||
|
||||
// ListTokens implements [v1.TokensServiceServer].
|
||||
@@ -92,31 +136,86 @@ func (srv *TokensServer) ListTokens(in *emptypb.Empty, stream grpc.ServerStreami
|
||||
if errors.Is(err, controllers.ErrServerError) {
|
||||
return status.Error(codes.Internal, "Something is broken on our side")
|
||||
}
|
||||
return status.Error(codes.Aborted, "Couldn't create a token")
|
||||
return status.Error(codes.Aborted, "Couldn't list tokens")
|
||||
}
|
||||
|
||||
for _, tokenRes := range tokensRes {
|
||||
stream.Send(&tokens.ListTokensResponse{
|
||||
if err := stream.Send(&tokens.ListTokensResponse{
|
||||
TokenUuid: &tokens.TokenUUID{
|
||||
Uuid: tokenRes.UUID,
|
||||
},
|
||||
TokenMetadata: &tokens.TokenMetadata{
|
||||
Name: tokenRes.Name,
|
||||
ExpiresAt: timestamppb.New(tokenRes.ExpiresAt),
|
||||
Name: tokenRes.Name,
|
||||
ExpiresAt: timestamppb.New(tokenRes.ExpiresAt),
|
||||
LastUsedAt: timestamppb.New(tokenRes.LastUsedAt),
|
||||
GeneratedAt: timestamppb.New(tokenRes.GeneratedAt),
|
||||
CreatedAt: timestamppb.New(tokenRes.CreatedAt),
|
||||
RevokedAt: timestamppb.New(tokenRes.RevokedAt),
|
||||
},
|
||||
})
|
||||
}); err != nil {
|
||||
return status.Error(codes.Aborted, "Couldn't send data")
|
||||
}
|
||||
}
|
||||
return status.Error(codes.Unimplemented, "Method is not implemented")
|
||||
return nil
|
||||
}
|
||||
|
||||
// RegenerateToken implements [v1.TokensServiceServer].
|
||||
func (t *TokensServer) RegenerateToken(context.Context, *tokens.RegenerateTokenRequest) (*tokens.RegenerateTokenResponse, error) {
|
||||
return nil, status.Error(codes.Unimplemented, "Method is not implemented")
|
||||
func (srv *TokensServer) RegenerateToken(ctx context.Context, in *tokens.RegenerateTokenRequest) (*tokens.RegenerateTokenResponse, error) {
|
||||
claims, err := srv.authorizationCtrl.ClaimsFromContext(ctx)
|
||||
if err != nil {
|
||||
return nil, status.Error(codes.Aborted, "Context is invalid")
|
||||
}
|
||||
if claims.UserID == "" {
|
||||
return nil, status.Error(codes.Aborted, "Context is invalid")
|
||||
}
|
||||
|
||||
tokenVal, err := srv.tokenCtrl.Regenerate(ctx, in.TokenUuid.GetUuid())
|
||||
if err != nil {
|
||||
if errors.Is(err, controllers.ErrServerError) {
|
||||
return nil, status.Error(codes.Internal, "Something is broken on our side")
|
||||
}
|
||||
return nil, status.Error(codes.Aborted, "Couldn't list tokens")
|
||||
}
|
||||
return &tokens.RegenerateTokenResponse{
|
||||
TokenValue: &tokens.TokenValue{
|
||||
Token: tokenVal,
|
||||
},
|
||||
}, nil
|
||||
}
|
||||
|
||||
// UpdateToken implements [v1.TokensServiceServer].
|
||||
func (t *TokensServer) UpdateToken(context.Context, *tokens.UpdateTokenRequest) (*tokens.UpdateTokenResponse, error) {
|
||||
return nil, status.Error(codes.Unimplemented, "Method is not implemented")
|
||||
func (srv *TokensServer) UpdateToken(ctx context.Context, in *tokens.UpdateTokenRequest) (*tokens.UpdateTokenResponse, error) {
|
||||
claims, err := srv.authorizationCtrl.ClaimsFromContext(ctx)
|
||||
if err != nil {
|
||||
return nil, status.Error(codes.Aborted, "Context is invalid")
|
||||
}
|
||||
if claims.UserID == "" {
|
||||
return nil, status.Error(codes.Aborted, "Context is invalid")
|
||||
}
|
||||
|
||||
if in.TokenPermissions == nil {
|
||||
return nil, status.Error(codes.InvalidArgument, "Permissions must be set")
|
||||
}
|
||||
|
||||
permissions := map[string][]string{}
|
||||
for service, methods := range in.TokenPermissions.Permissions {
|
||||
permissions[service] = methods.GetMethods()
|
||||
}
|
||||
tokenData := &controllers.TokenData{
|
||||
Name: in.TokenMetadata.Name,
|
||||
Scopes: permissions,
|
||||
}
|
||||
if err := srv.tokenCtrl.Update(ctx, tokenData); err != nil {
|
||||
if errors.Is(err, controllers.ErrServerError) {
|
||||
return nil, status.Error(codes.Internal, "Something is broken on our side")
|
||||
}
|
||||
return nil, status.Error(codes.Aborted, "Couldn't list tokens")
|
||||
}
|
||||
return &tokens.UpdateTokenResponse{
|
||||
TokenUuid: &tokens.TokenUUID{},
|
||||
TokenMetadata: &tokens.TokenMetadata{},
|
||||
TokenPermissions: &tokens.TokenPermissions{},
|
||||
}, nil
|
||||
}
|
||||
|
||||
// ListPermissions implements [v1.TokensServiceServer].
|
||||
|
||||
Reference in New Issue
Block a user