_
This commit is contained in:
@ -113,6 +113,7 @@ type VerifyRequest struct {
|
|||||||
// VerifyResponse represents a token verification response
|
// VerifyResponse represents a token verification response
|
||||||
type VerifyResponse struct {
|
type VerifyResponse struct {
|
||||||
Valid bool `json:"valid"`
|
Valid bool `json:"valid"`
|
||||||
|
Permitted bool `json:"permitted"`
|
||||||
UserID string `json:"user_id,omitempty"`
|
UserID string `json:"user_id,omitempty"`
|
||||||
Permissions []string `json:"permissions"`
|
Permissions []string `json:"permissions"`
|
||||||
PermissionResults map[string]bool `json:"permission_results,omitempty"`
|
PermissionResults map[string]bool `json:"permission_results,omitempty"`
|
||||||
|
|||||||
@ -212,6 +212,7 @@ func (s *tokenService) VerifyToken(ctx context.Context, req *domain.VerifyReques
|
|||||||
if req.Token == "" {
|
if req.Token == "" {
|
||||||
return &domain.VerifyResponse{
|
return &domain.VerifyResponse{
|
||||||
Valid: false,
|
Valid: false,
|
||||||
|
Permitted: false,
|
||||||
Error: "Token is required",
|
Error: "Token is required",
|
||||||
}, nil
|
}, nil
|
||||||
}
|
}
|
||||||
@ -222,6 +223,7 @@ func (s *tokenService) VerifyToken(ctx context.Context, req *domain.VerifyReques
|
|||||||
s.logger.Error("Failed to get application", zap.Error(err), zap.String("app_id", req.AppID))
|
s.logger.Error("Failed to get application", zap.Error(err), zap.String("app_id", req.AppID))
|
||||||
return &domain.VerifyResponse{
|
return &domain.VerifyResponse{
|
||||||
Valid: false,
|
Valid: false,
|
||||||
|
Permitted: false,
|
||||||
Error: "Invalid application",
|
Error: "Invalid application",
|
||||||
}, nil
|
}, nil
|
||||||
}
|
}
|
||||||
@ -234,6 +236,7 @@ func (s *tokenService) VerifyToken(ctx context.Context, req *domain.VerifyReques
|
|||||||
default:
|
default:
|
||||||
return &domain.VerifyResponse{
|
return &domain.VerifyResponse{
|
||||||
Valid: false,
|
Valid: false,
|
||||||
|
Permitted: false,
|
||||||
Error: "Invalid token type",
|
Error: "Invalid token type",
|
||||||
}, nil
|
}, nil
|
||||||
}
|
}
|
||||||
@ -248,6 +251,7 @@ func (s *tokenService) verifyStaticToken(ctx context.Context, req *domain.Verify
|
|||||||
s.logger.Warn("Invalid token format", zap.String("app_id", req.AppID))
|
s.logger.Warn("Invalid token format", zap.String("app_id", req.AppID))
|
||||||
return &domain.VerifyResponse{
|
return &domain.VerifyResponse{
|
||||||
Valid: false,
|
Valid: false,
|
||||||
|
Permitted: false,
|
||||||
Error: "Invalid token format",
|
Error: "Invalid token format",
|
||||||
}, nil
|
}, nil
|
||||||
}
|
}
|
||||||
@ -258,6 +262,7 @@ func (s *tokenService) verifyStaticToken(ctx context.Context, req *domain.Verify
|
|||||||
s.logger.Error("Failed to get tokens for app", zap.Error(err), zap.String("app_id", req.AppID))
|
s.logger.Error("Failed to get tokens for app", zap.Error(err), zap.String("app_id", req.AppID))
|
||||||
return &domain.VerifyResponse{
|
return &domain.VerifyResponse{
|
||||||
Valid: false,
|
Valid: false,
|
||||||
|
Permitted: false,
|
||||||
Error: "Token verification failed",
|
Error: "Token verification failed",
|
||||||
}, nil
|
}, nil
|
||||||
}
|
}
|
||||||
@ -274,6 +279,7 @@ func (s *tokenService) verifyStaticToken(ctx context.Context, req *domain.Verify
|
|||||||
s.logger.Warn("Token not found or invalid", zap.String("app_id", req.AppID))
|
s.logger.Warn("Token not found or invalid", zap.String("app_id", req.AppID))
|
||||||
return &domain.VerifyResponse{
|
return &domain.VerifyResponse{
|
||||||
Valid: false,
|
Valid: false,
|
||||||
|
Permitted: false,
|
||||||
Error: "Invalid token",
|
Error: "Invalid token",
|
||||||
}, nil
|
}, nil
|
||||||
}
|
}
|
||||||
@ -284,30 +290,44 @@ func (s *tokenService) verifyStaticToken(ctx context.Context, req *domain.Verify
|
|||||||
s.logger.Error("Failed to get token permissions", zap.Error(err), zap.String("token_id", matchedToken.ID.String()))
|
s.logger.Error("Failed to get token permissions", zap.Error(err), zap.String("token_id", matchedToken.ID.String()))
|
||||||
return &domain.VerifyResponse{
|
return &domain.VerifyResponse{
|
||||||
Valid: false,
|
Valid: false,
|
||||||
|
Permitted: false,
|
||||||
Error: "Failed to retrieve permissions",
|
Error: "Failed to retrieve permissions",
|
||||||
}, nil
|
}, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// Check specific permissions if requested
|
// Check specific permissions if requested
|
||||||
var permissionResults map[string]bool
|
var permissionResults map[string]bool
|
||||||
|
var permitted bool = true // Default to true if no specific permissions requested
|
||||||
|
|
||||||
if len(req.Permissions) > 0 {
|
if len(req.Permissions) > 0 {
|
||||||
permissionResults, err = s.grantRepo.HasAnyPermission(ctx, domain.TokenTypeStatic, matchedToken.ID, req.Permissions)
|
permissionResults, err = s.grantRepo.HasAnyPermission(ctx, domain.TokenTypeStatic, matchedToken.ID, req.Permissions)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
s.logger.Error("Failed to check specific permissions", zap.Error(err))
|
s.logger.Error("Failed to check specific permissions", zap.Error(err))
|
||||||
return &domain.VerifyResponse{
|
return &domain.VerifyResponse{
|
||||||
Valid: false,
|
Valid: false,
|
||||||
|
Permitted: false,
|
||||||
Error: "Failed to check permissions",
|
Error: "Failed to check permissions",
|
||||||
}, nil
|
}, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Check if all requested permissions are granted
|
||||||
|
for _, requestedPerm := range req.Permissions {
|
||||||
|
if hasPermission, exists := permissionResults[requestedPerm]; !exists || !hasPermission {
|
||||||
|
permitted = false
|
||||||
|
break
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
s.logger.Info("Static token verified successfully",
|
s.logger.Info("Static token verified successfully",
|
||||||
zap.String("token_id", matchedToken.ID.String()),
|
zap.String("token_id", matchedToken.ID.String()),
|
||||||
zap.String("app_id", req.AppID),
|
zap.String("app_id", req.AppID),
|
||||||
zap.Strings("permissions", permissions))
|
zap.Strings("permissions", permissions),
|
||||||
|
zap.Bool("permitted", permitted))
|
||||||
|
|
||||||
return &domain.VerifyResponse{
|
return &domain.VerifyResponse{
|
||||||
Valid: true,
|
Valid: true,
|
||||||
|
Permitted: permitted,
|
||||||
Permissions: permissions,
|
Permissions: permissions,
|
||||||
PermissionResults: permissionResults,
|
PermissionResults: permissionResults,
|
||||||
TokenType: domain.TokenTypeStatic,
|
TokenType: domain.TokenTypeStatic,
|
||||||
@ -322,6 +342,7 @@ func (s *tokenService) verifyUserToken(ctx context.Context, req *domain.VerifyRe
|
|||||||
// For now, return an error since user tokens are not fully implemented
|
// For now, return an error since user tokens are not fully implemented
|
||||||
return &domain.VerifyResponse{
|
return &domain.VerifyResponse{
|
||||||
Valid: false,
|
Valid: false,
|
||||||
|
Permitted: false,
|
||||||
Error: "User token verification not yet implemented",
|
Error: "User token verification not yet implemented",
|
||||||
}, nil
|
}, nil
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user