_
This commit is contained in:
@ -113,6 +113,7 @@ type VerifyRequest struct {
|
||||
// VerifyResponse represents a token verification response
|
||||
type VerifyResponse struct {
|
||||
Valid bool `json:"valid"`
|
||||
Permitted bool `json:"permitted"`
|
||||
UserID string `json:"user_id,omitempty"`
|
||||
Permissions []string `json:"permissions"`
|
||||
PermissionResults map[string]bool `json:"permission_results,omitempty"`
|
||||
|
||||
@ -211,8 +211,9 @@ func (s *tokenService) VerifyToken(ctx context.Context, req *domain.VerifyReques
|
||||
// Validate request
|
||||
if req.Token == "" {
|
||||
return &domain.VerifyResponse{
|
||||
Valid: false,
|
||||
Error: "Token is required",
|
||||
Valid: false,
|
||||
Permitted: false,
|
||||
Error: "Token is required",
|
||||
}, nil
|
||||
}
|
||||
|
||||
@ -221,8 +222,9 @@ func (s *tokenService) VerifyToken(ctx context.Context, req *domain.VerifyReques
|
||||
if err != nil {
|
||||
s.logger.Error("Failed to get application", zap.Error(err), zap.String("app_id", req.AppID))
|
||||
return &domain.VerifyResponse{
|
||||
Valid: false,
|
||||
Error: "Invalid application",
|
||||
Valid: false,
|
||||
Permitted: false,
|
||||
Error: "Invalid application",
|
||||
}, nil
|
||||
}
|
||||
|
||||
@ -233,8 +235,9 @@ func (s *tokenService) VerifyToken(ctx context.Context, req *domain.VerifyReques
|
||||
return s.verifyUserToken(ctx, req, app)
|
||||
default:
|
||||
return &domain.VerifyResponse{
|
||||
Valid: false,
|
||||
Error: "Invalid token type",
|
||||
Valid: false,
|
||||
Permitted: false,
|
||||
Error: "Invalid token type",
|
||||
}, nil
|
||||
}
|
||||
}
|
||||
@ -247,8 +250,9 @@ func (s *tokenService) verifyStaticToken(ctx context.Context, req *domain.Verify
|
||||
if !crypto.IsValidTokenFormat(req.Token) {
|
||||
s.logger.Warn("Invalid token format", zap.String("app_id", req.AppID))
|
||||
return &domain.VerifyResponse{
|
||||
Valid: false,
|
||||
Error: "Invalid token format",
|
||||
Valid: false,
|
||||
Permitted: false,
|
||||
Error: "Invalid token format",
|
||||
}, nil
|
||||
}
|
||||
|
||||
@ -257,8 +261,9 @@ func (s *tokenService) verifyStaticToken(ctx context.Context, req *domain.Verify
|
||||
if err != nil {
|
||||
s.logger.Error("Failed to get tokens for app", zap.Error(err), zap.String("app_id", req.AppID))
|
||||
return &domain.VerifyResponse{
|
||||
Valid: false,
|
||||
Error: "Token verification failed",
|
||||
Valid: false,
|
||||
Permitted: false,
|
||||
Error: "Token verification failed",
|
||||
}, nil
|
||||
}
|
||||
|
||||
@ -273,8 +278,9 @@ func (s *tokenService) verifyStaticToken(ctx context.Context, req *domain.Verify
|
||||
if matchedToken == nil {
|
||||
s.logger.Warn("Token not found or invalid", zap.String("app_id", req.AppID))
|
||||
return &domain.VerifyResponse{
|
||||
Valid: false,
|
||||
Error: "Invalid token",
|
||||
Valid: false,
|
||||
Permitted: false,
|
||||
Error: "Invalid token",
|
||||
}, nil
|
||||
}
|
||||
|
||||
@ -283,31 +289,45 @@ func (s *tokenService) verifyStaticToken(ctx context.Context, req *domain.Verify
|
||||
if err != nil {
|
||||
s.logger.Error("Failed to get token permissions", zap.Error(err), zap.String("token_id", matchedToken.ID.String()))
|
||||
return &domain.VerifyResponse{
|
||||
Valid: false,
|
||||
Error: "Failed to retrieve permissions",
|
||||
Valid: false,
|
||||
Permitted: false,
|
||||
Error: "Failed to retrieve permissions",
|
||||
}, nil
|
||||
}
|
||||
|
||||
// Check specific permissions if requested
|
||||
var permissionResults map[string]bool
|
||||
var permitted bool = true // Default to true if no specific permissions requested
|
||||
|
||||
if len(req.Permissions) > 0 {
|
||||
permissionResults, err = s.grantRepo.HasAnyPermission(ctx, domain.TokenTypeStatic, matchedToken.ID, req.Permissions)
|
||||
if err != nil {
|
||||
s.logger.Error("Failed to check specific permissions", zap.Error(err))
|
||||
return &domain.VerifyResponse{
|
||||
Valid: false,
|
||||
Error: "Failed to check permissions",
|
||||
Valid: false,
|
||||
Permitted: false,
|
||||
Error: "Failed to check permissions",
|
||||
}, nil
|
||||
}
|
||||
|
||||
// Check if all requested permissions are granted
|
||||
for _, requestedPerm := range req.Permissions {
|
||||
if hasPermission, exists := permissionResults[requestedPerm]; !exists || !hasPermission {
|
||||
permitted = false
|
||||
break
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
s.logger.Info("Static token verified successfully",
|
||||
zap.String("token_id", matchedToken.ID.String()),
|
||||
zap.String("app_id", req.AppID),
|
||||
zap.Strings("permissions", permissions))
|
||||
zap.Strings("permissions", permissions),
|
||||
zap.Bool("permitted", permitted))
|
||||
|
||||
return &domain.VerifyResponse{
|
||||
Valid: true,
|
||||
Permitted: permitted,
|
||||
Permissions: permissions,
|
||||
PermissionResults: permissionResults,
|
||||
TokenType: domain.TokenTypeStatic,
|
||||
@ -321,8 +341,9 @@ func (s *tokenService) verifyUserToken(ctx context.Context, req *domain.VerifyRe
|
||||
// TODO: Implement JWT token verification
|
||||
// For now, return an error since user tokens are not fully implemented
|
||||
return &domain.VerifyResponse{
|
||||
Valid: false,
|
||||
Error: "User token verification not yet implemented",
|
||||
Valid: false,
|
||||
Permitted: false,
|
||||
Error: "User token verification not yet implemented",
|
||||
}, nil
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user