v0

internal/handlers/application.go

@@ -0,0 +1,211 @@
+package handlers
+
+import (
+	"net/http"
+	"strconv"
+
+	"github.com/gin-gonic/gin"
+	"go.uber.org/zap"
+
+	"github.com/kms/api-key-service/internal/domain"
+	"github.com/kms/api-key-service/internal/services"
+)
+
+// ApplicationHandler handles application-related HTTP requests
+type ApplicationHandler struct {
+	appService  services.ApplicationService
+	authService services.AuthenticationService
+	logger      *zap.Logger
+}
+
+// NewApplicationHandler creates a new application handler
+func NewApplicationHandler(
+	appService services.ApplicationService,
+	authService services.AuthenticationService,
+	logger *zap.Logger,
+) *ApplicationHandler {
+	return &ApplicationHandler{
+		appService:  appService,
+		authService: authService,
+		logger:      logger,
+	}
+}
+
+// Create handles POST /applications
+func (h *ApplicationHandler) Create(c *gin.Context) {
+	var req domain.CreateApplicationRequest
+	if err := c.ShouldBindJSON(&req); err != nil {
+		h.logger.Warn("Invalid request body", zap.Error(err))
+		c.JSON(http.StatusBadRequest, gin.H{
+			"error":   "Bad Request",
+			"message": "Invalid request body: " + err.Error(),
+		})
+		return
+	}
+
+	// Get user ID from context
+	userID, exists := c.Get("user_id")
+	if !exists {
+		h.logger.Error("User ID not found in context")
+		c.JSON(http.StatusInternalServerError, gin.H{
+			"error":   "Internal Server Error",
+			"message": "Authentication context not found",
+		})
+		return
+	}
+
+	app, err := h.appService.Create(c.Request.Context(), &req, userID.(string))
+	if err != nil {
+		h.logger.Error("Failed to create application", zap.Error(err))
+		c.JSON(http.StatusInternalServerError, gin.H{
+			"error":   "Internal Server Error",
+			"message": "Failed to create application",
+		})
+		return
+	}
+
+	h.logger.Info("Application created", zap.String("app_id", app.AppID))
+	c.JSON(http.StatusCreated, app)
+}
+
+// GetByID handles GET /applications/:id
+func (h *ApplicationHandler) GetByID(c *gin.Context) {
+	appID := c.Param("id")
+	if appID == "" {
+		c.JSON(http.StatusBadRequest, gin.H{
+			"error":   "Bad Request",
+			"message": "Application ID is required",
+		})
+		return
+	}
+
+	app, err := h.appService.GetByID(c.Request.Context(), appID)
+	if err != nil {
+		h.logger.Error("Failed to get application", zap.Error(err), zap.String("app_id", appID))
+		c.JSON(http.StatusNotFound, gin.H{
+			"error":   "Not Found",
+			"message": "Application not found",
+		})
+		return
+	}
+
+	c.JSON(http.StatusOK, app)
+}
+
+// List handles GET /applications
+func (h *ApplicationHandler) List(c *gin.Context) {
+	// Parse pagination parameters
+	limit := 50
+	offset := 0
+
+	if l := c.Query("limit"); l != "" {
+		if parsed, err := strconv.Atoi(l); err == nil && parsed > 0 {
+			limit = parsed
+		}
+	}
+
+	if o := c.Query("offset"); o != "" {
+		if parsed, err := strconv.Atoi(o); err == nil && parsed >= 0 {
+			offset = parsed
+		}
+	}
+
+	apps, err := h.appService.List(c.Request.Context(), limit, offset)
+	if err != nil {
+		h.logger.Error("Failed to list applications", zap.Error(err))
+		c.JSON(http.StatusInternalServerError, gin.H{
+			"error":   "Internal Server Error",
+			"message": "Failed to list applications",
+		})
+		return
+	}
+
+	c.JSON(http.StatusOK, gin.H{
+		"data":   apps,
+		"limit":  limit,
+		"offset": offset,
+		"count":  len(apps),
+	})
+}
+
+// Update handles PUT /applications/:id
+func (h *ApplicationHandler) Update(c *gin.Context) {
+	appID := c.Param("id")
+	if appID == "" {
+		c.JSON(http.StatusBadRequest, gin.H{
+			"error":   "Bad Request",
+			"message": "Application ID is required",
+		})
+		return
+	}
+
+	var req domain.UpdateApplicationRequest
+	if err := c.ShouldBindJSON(&req); err != nil {
+		h.logger.Warn("Invalid request body", zap.Error(err))
+		c.JSON(http.StatusBadRequest, gin.H{
+			"error":   "Bad Request",
+			"message": "Invalid request body: " + err.Error(),
+		})
+		return
+	}
+
+	// Get user ID from context
+	userID, exists := c.Get("user_id")
+	if !exists {
+		h.logger.Error("User ID not found in context")
+		c.JSON(http.StatusInternalServerError, gin.H{
+			"error":   "Internal Server Error",
+			"message": "Authentication context not found",
+		})
+		return
+	}
+
+	app, err := h.appService.Update(c.Request.Context(), appID, &req, userID.(string))
+	if err != nil {
+		h.logger.Error("Failed to update application", zap.Error(err), zap.String("app_id", appID))
+		c.JSON(http.StatusInternalServerError, gin.H{
+			"error":   "Internal Server Error",
+			"message": "Failed to update application",
+		})
+		return
+	}
+
+	h.logger.Info("Application updated", zap.String("app_id", appID))
+	c.JSON(http.StatusOK, app)
+}
+
+// Delete handles DELETE /applications/:id
+func (h *ApplicationHandler) Delete(c *gin.Context) {
+	appID := c.Param("id")
+	if appID == "" {
+		c.JSON(http.StatusBadRequest, gin.H{
+			"error":   "Bad Request",
+			"message": "Application ID is required",
+		})
+		return
+	}
+
+	// Get user ID from context
+	userID, exists := c.Get("user_id")
+	if !exists {
+		h.logger.Error("User ID not found in context")
+		c.JSON(http.StatusInternalServerError, gin.H{
+			"error":   "Internal Server Error",
+			"message": "Authentication context not found",
+		})
+		return
+	}
+
+	err := h.appService.Delete(c.Request.Context(), appID, userID.(string))
+	if err != nil {
+		h.logger.Error("Failed to delete application", zap.Error(err), zap.String("app_id", appID))
+		c.JSON(http.StatusInternalServerError, gin.H{
+			"error":   "Internal Server Error",
+			"message": "Failed to delete application",
+		})
+		return
+	}
+
+	h.logger.Info("Application deleted", zap.String("app_id", appID))
+	c.JSON(http.StatusNoContent, nil)
+}

internal/handlers/auth.go

@@ -0,0 +1,141 @@
+package handlers
+
+import (
+	"net/http"
+
+	"github.com/gin-gonic/gin"
+	"go.uber.org/zap"
+
+	"github.com/kms/api-key-service/internal/domain"
+	"github.com/kms/api-key-service/internal/services"
+)
+
+// AuthHandler handles authentication-related HTTP requests
+type AuthHandler struct {
+	authService  services.AuthenticationService
+	tokenService services.TokenService
+	logger       *zap.Logger
+}
+
+// NewAuthHandler creates a new auth handler
+func NewAuthHandler(
+	authService services.AuthenticationService,
+	tokenService services.TokenService,
+	logger *zap.Logger,
+) *AuthHandler {
+	return &AuthHandler{
+		authService:  authService,
+		tokenService: tokenService,
+		logger:       logger,
+	}
+}
+
+// Login handles POST /login
+func (h *AuthHandler) Login(c *gin.Context) {
+	var req domain.LoginRequest
+	if err := c.ShouldBindJSON(&req); err != nil {
+		h.logger.Warn("Invalid login request", zap.Error(err))
+		c.JSON(http.StatusBadRequest, gin.H{
+			"error":   "Bad Request",
+			"message": "Invalid request body: " + err.Error(),
+		})
+		return
+	}
+
+	// For now, we'll extract user ID from headers since we're using HeaderAuthenticationProvider
+	userID := c.GetHeader("X-User-Email")
+	if userID == "" {
+		h.logger.Warn("User email not found in headers")
+		c.JSON(http.StatusUnauthorized, gin.H{
+			"error":   "Unauthorized",
+			"message": "User authentication required",
+		})
+		return
+	}
+
+	h.logger.Info("Processing login request", zap.String("user_id", userID), zap.String("app_id", req.AppID))
+
+	// Generate user token
+	token, err := h.tokenService.GenerateUserToken(c.Request.Context(), req.AppID, userID, req.Permissions)
+	if err != nil {
+		h.logger.Error("Failed to generate user token", zap.Error(err))
+		c.JSON(http.StatusInternalServerError, gin.H{
+			"error":   "Internal Server Error",
+			"message": "Failed to generate token",
+		})
+		return
+	}
+
+	// For now, we'll just return the token directly
+	// In a real implementation, this would redirect to the callback URL
+	response := domain.LoginResponse{
+		RedirectURL: req.RedirectURI + "?token=" + token,
+	}
+
+	if req.RedirectURI == "" {
+		// If no redirect URI, return token directly
+		c.JSON(http.StatusOK, gin.H{
+			"token":      token,
+			"user_id":    userID,
+			"app_id":     req.AppID,
+			"expires_in": 604800, // 7 days in seconds
+		})
+		return
+	}
+
+	c.JSON(http.StatusOK, response)
+}
+
+// Verify handles POST /verify
+func (h *AuthHandler) Verify(c *gin.Context) {
+	var req domain.VerifyRequest
+	if err := c.ShouldBindJSON(&req); err != nil {
+		h.logger.Warn("Invalid verify request", zap.Error(err))
+		c.JSON(http.StatusBadRequest, gin.H{
+			"error":   "Bad Request",
+			"message": "Invalid request body: " + err.Error(),
+		})
+		return
+	}
+
+	h.logger.Debug("Verifying token", zap.String("app_id", req.AppID), zap.String("type", string(req.Type)))
+
+	response, err := h.tokenService.VerifyToken(c.Request.Context(), &req)
+	if err != nil {
+		h.logger.Error("Failed to verify token", zap.Error(err))
+		c.JSON(http.StatusInternalServerError, gin.H{
+			"error":   "Internal Server Error",
+			"message": "Failed to verify token",
+		})
+		return
+	}
+
+	c.JSON(http.StatusOK, response)
+}
+
+// Renew handles POST /renew
+func (h *AuthHandler) Renew(c *gin.Context) {
+	var req domain.RenewRequest
+	if err := c.ShouldBindJSON(&req); err != nil {
+		h.logger.Warn("Invalid renew request", zap.Error(err))
+		c.JSON(http.StatusBadRequest, gin.H{
+			"error":   "Bad Request",
+			"message": "Invalid request body: " + err.Error(),
+		})
+		return
+	}
+
+	h.logger.Info("Renewing token", zap.String("app_id", req.AppID), zap.String("user_id", req.UserID))
+
+	response, err := h.tokenService.RenewUserToken(c.Request.Context(), &req)
+	if err != nil {
+		h.logger.Error("Failed to renew token", zap.Error(err))
+		c.JSON(http.StatusInternalServerError, gin.H{
+			"error":   "Internal Server Error",
+			"message": "Failed to renew token",
+		})
+		return
+	}
+
+	c.JSON(http.StatusOK, response)
+}

internal/handlers/health.go

@@ -0,0 +1,72 @@
+package handlers
+
+import (
+	"context"
+	"net/http"
+	"time"
+
+	"github.com/gin-gonic/gin"
+	"go.uber.org/zap"
+
+	"github.com/kms/api-key-service/internal/repository"
+)
+
+// HealthHandler handles health check endpoints
+type HealthHandler struct {
+	db     repository.DatabaseProvider
+	logger *zap.Logger
+}
+
+// NewHealthHandler creates a new health handler
+func NewHealthHandler(db repository.DatabaseProvider, logger *zap.Logger) *HealthHandler {
+	return &HealthHandler{
+		db:     db,
+		logger: logger,
+	}
+}
+
+// HealthResponse represents the health check response
+type HealthResponse struct {
+	Status    string            `json:"status"`
+	Timestamp string            `json:"timestamp"`
+	Version   string            `json:"version,omitempty"`
+	Checks    map[string]string `json:"checks,omitempty"`
+}
+
+// Health handles basic health check - lightweight endpoint for load balancers
+func (h *HealthHandler) Health(c *gin.Context) {
+	response := HealthResponse{
+		Status:    "healthy",
+		Timestamp: time.Now().UTC().Format(time.RFC3339),
+	}
+
+	c.JSON(http.StatusOK, response)
+}
+
+// Ready handles readiness check - checks if service is ready to accept traffic
+func (h *HealthHandler) Ready(c *gin.Context) {
+	ctx, cancel := context.WithTimeout(c.Request.Context(), 5*time.Second)
+	defer cancel()
+
+	checks := make(map[string]string)
+	status := "ready"
+	statusCode := http.StatusOK
+
+	// Check database connectivity
+	if err := h.db.Ping(ctx); err != nil {
+		h.logger.Error("Database health check failed", zap.Error(err))
+		checks["database"] = "unhealthy: " + err.Error()
+		status = "not ready"
+		statusCode = http.StatusServiceUnavailable
+	} else {
+		checks["database"] = "healthy"
+	}
+
+	response := HealthResponse{
+		Status:    status,
+		Timestamp: time.Now().UTC().Format(time.RFC3339),
+		Checks:    checks,
+	}
+
+	c.JSON(statusCode, response)
+}

internal/handlers/token.go

@@ -0,0 +1,172 @@
+package handlers
+
+import (
+	"net/http"
+	"strconv"
+
+	"github.com/gin-gonic/gin"
+	"github.com/google/uuid"
+	"go.uber.org/zap"
+
+	"github.com/kms/api-key-service/internal/domain"
+	"github.com/kms/api-key-service/internal/services"
+)
+
+// TokenHandler handles token-related HTTP requests
+type TokenHandler struct {
+	tokenService services.TokenService
+	authService  services.AuthenticationService
+	logger       *zap.Logger
+}
+
+// NewTokenHandler creates a new token handler
+func NewTokenHandler(
+	tokenService services.TokenService,
+	authService services.AuthenticationService,
+	logger *zap.Logger,
+) *TokenHandler {
+	return &TokenHandler{
+		tokenService: tokenService,
+		authService:  authService,
+		logger:       logger,
+	}
+}
+
+// Create handles POST /applications/:id/tokens
+func (h *TokenHandler) Create(c *gin.Context) {
+	appID := c.Param("id")
+	if appID == "" {
+		c.JSON(http.StatusBadRequest, gin.H{
+			"error":   "Bad Request",
+			"message": "Application ID is required",
+		})
+		return
+	}
+
+	var req domain.CreateStaticTokenRequest
+	if err := c.ShouldBindJSON(&req); err != nil {
+		h.logger.Warn("Invalid request body", zap.Error(err))
+		c.JSON(http.StatusBadRequest, gin.H{
+			"error":   "Bad Request",
+			"message": "Invalid request body: " + err.Error(),
+		})
+		return
+	}
+
+	// Set app ID from URL parameter
+	req.AppID = appID
+
+	// Get user ID from context
+	userID, exists := c.Get("user_id")
+	if !exists {
+		h.logger.Error("User ID not found in context")
+		c.JSON(http.StatusInternalServerError, gin.H{
+			"error":   "Internal Server Error",
+			"message": "Authentication context not found",
+		})
+		return
+	}
+
+	token, err := h.tokenService.CreateStaticToken(c.Request.Context(), &req, userID.(string))
+	if err != nil {
+		h.logger.Error("Failed to create token", zap.Error(err))
+		c.JSON(http.StatusInternalServerError, gin.H{
+			"error":   "Internal Server Error",
+			"message": "Failed to create token",
+		})
+		return
+	}
+
+	h.logger.Info("Token created", zap.String("token_id", token.ID.String()))
+	c.JSON(http.StatusCreated, token)
+}
+
+// ListByApp handles GET /applications/:id/tokens
+func (h *TokenHandler) ListByApp(c *gin.Context) {
+	appID := c.Param("id")
+	if appID == "" {
+		c.JSON(http.StatusBadRequest, gin.H{
+			"error":   "Bad Request",
+			"message": "Application ID is required",
+		})
+		return
+	}
+
+	// Parse pagination parameters
+	limit := 50
+	offset := 0
+
+	if l := c.Query("limit"); l != "" {
+		if parsed, err := strconv.Atoi(l); err == nil && parsed > 0 {
+			limit = parsed
+		}
+	}
+
+	if o := c.Query("offset"); o != "" {
+		if parsed, err := strconv.Atoi(o); err == nil && parsed >= 0 {
+			offset = parsed
+		}
+	}
+
+	tokens, err := h.tokenService.ListByApp(c.Request.Context(), appID, limit, offset)
+	if err != nil {
+		h.logger.Error("Failed to list tokens", zap.Error(err), zap.String("app_id", appID))
+		c.JSON(http.StatusInternalServerError, gin.H{
+			"error":   "Internal Server Error",
+			"message": "Failed to list tokens",
+		})
+		return
+	}
+
+	c.JSON(http.StatusOK, gin.H{
+		"data":   tokens,
+		"limit":  limit,
+		"offset": offset,
+		"count":  len(tokens),
+	})
+}
+
+// Delete handles DELETE /tokens/:id
+func (h *TokenHandler) Delete(c *gin.Context) {
+	tokenIDStr := c.Param("id")
+	if tokenIDStr == "" {
+		c.JSON(http.StatusBadRequest, gin.H{
+			"error":   "Bad Request",
+			"message": "Token ID is required",
+		})
+		return
+	}
+
+	tokenID, err := uuid.Parse(tokenIDStr)
+	if err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{
+			"error":   "Bad Request",
+			"message": "Invalid token ID format",
+		})
+		return
+	}
+
+	// Get user ID from context
+	userID, exists := c.Get("user_id")
+	if !exists {
+		h.logger.Error("User ID not found in context")
+		c.JSON(http.StatusInternalServerError, gin.H{
+			"error":   "Internal Server Error",
+			"message": "Authentication context not found",
+		})
+		return
+	}
+
+	err = h.tokenService.Delete(c.Request.Context(), tokenID, userID.(string))
+	if err != nil {
+		h.logger.Error("Failed to delete token", zap.Error(err), zap.String("token_id", tokenID.String()))
+		c.JSON(http.StatusInternalServerError, gin.H{
+			"error":   "Internal Server Error",
+			"message": "Failed to delete token",
+		})
+		return
+	}
+
+	h.logger.Info("Token deleted", zap.String("token_id", tokenID.String()))
+	c.JSON(http.StatusNoContent, nil)
+}