startup-starter/skybridge
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

_

Browse Source
This commit is contained in:
Ryan Copley
2025-08-22 19:59:28 -04:00
parent 738499037f
commit 483ea399dc
3 changed files with 41 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
internal/domain/models.go
View File

@ -113,6 +113,7 @@ type VerifyRequest struct {
// VerifyResponse represents a token verification response // VerifyResponse represents a token verification response
type VerifyResponse struct { type VerifyResponse struct {
Valid bool `json:"valid"` Valid bool `json:"valid"`
Permitted bool `json:"permitted"`
UserID string `json:"user_id,omitempty"` UserID string `json:"user_id,omitempty"`
Permissions []string `json:"permissions"` Permissions []string `json:"permissions"`
PermissionResults map[string]bool `json:"permission_results,omitempty"` PermissionResults map[string]bool `json:"permission_results,omitempty"`

59
internal/services/token_service.go
View File

@ -211,8 +211,9 @@ func (s *tokenService) VerifyToken(ctx context.Context, req *domain.VerifyReques
// Validate request // Validate request
if req.Token == "" { if req.Token == "" {
return &domain.VerifyResponse{ return &domain.VerifyResponse{
Valid: false, Valid: false,
Error: "Token is required", Permitted: false,
Error: "Token is required",
}, nil }, nil
} }
@ -221,8 +222,9 @@ func (s *tokenService) VerifyToken(ctx context.Context, req *domain.VerifyReques
if err != nil { if err != nil {
s.logger.Error("Failed to get application", zap.Error(err), zap.String("app_id", req.AppID)) s.logger.Error("Failed to get application", zap.Error(err), zap.String("app_id", req.AppID))
return &domain.VerifyResponse{ return &domain.VerifyResponse{
Valid: false, Valid: false,
Error: "Invalid application", Permitted: false,
Error: "Invalid application",
}, nil }, nil
} }
@ -233,8 +235,9 @@ func (s *tokenService) VerifyToken(ctx context.Context, req *domain.VerifyReques
return s.verifyUserToken(ctx, req, app) return s.verifyUserToken(ctx, req, app)
default: default:
return &domain.VerifyResponse{ return &domain.VerifyResponse{
Valid: false, Valid: false,
Error: "Invalid token type", Permitted: false,
Error: "Invalid token type",
}, nil }, nil
} }
} }
@ -247,8 +250,9 @@ func (s *tokenService) verifyStaticToken(ctx context.Context, req *domain.Verify
if !crypto.IsValidTokenFormat(req.Token) { if !crypto.IsValidTokenFormat(req.Token) {
s.logger.Warn("Invalid token format", zap.String("app_id", req.AppID)) s.logger.Warn("Invalid token format", zap.String("app_id", req.AppID))
return &domain.VerifyResponse{ return &domain.VerifyResponse{
Valid: false, Valid: false,
Error: "Invalid token format", Permitted: false,
Error: "Invalid token format",
}, nil }, nil
} }
@ -257,8 +261,9 @@ func (s *tokenService) verifyStaticToken(ctx context.Context, req *domain.Verify
if err != nil { if err != nil {
s.logger.Error("Failed to get tokens for app", zap.Error(err), zap.String("app_id", req.AppID)) s.logger.Error("Failed to get tokens for app", zap.Error(err), zap.String("app_id", req.AppID))
return &domain.VerifyResponse{ return &domain.VerifyResponse{
Valid: false, Valid: false,
Error: "Token verification failed", Permitted: false,
Error: "Token verification failed",
}, nil }, nil
} }
@ -273,8 +278,9 @@ func (s *tokenService) verifyStaticToken(ctx context.Context, req *domain.Verify
if matchedToken == nil { if matchedToken == nil {
s.logger.Warn("Token not found or invalid", zap.String("app_id", req.AppID)) s.logger.Warn("Token not found or invalid", zap.String("app_id", req.AppID))
return &domain.VerifyResponse{ return &domain.VerifyResponse{
Valid: false, Valid: false,
Error: "Invalid token", Permitted: false,
Error: "Invalid token",
}, nil }, nil
} }
@ -283,31 +289,45 @@ func (s *tokenService) verifyStaticToken(ctx context.Context, req *domain.Verify
if err != nil { if err != nil {
s.logger.Error("Failed to get token permissions", zap.Error(err), zap.String("token_id", matchedToken.ID.String())) s.logger.Error("Failed to get token permissions", zap.Error(err), zap.String("token_id", matchedToken.ID.String()))
return &domain.VerifyResponse{ return &domain.VerifyResponse{
Valid: false, Valid: false,
Error: "Failed to retrieve permissions", Permitted: false,
Error: "Failed to retrieve permissions",
}, nil }, nil
} }
// Check specific permissions if requested // Check specific permissions if requested
var permissionResults map[string]bool var permissionResults map[string]bool
var permitted bool = true // Default to true if no specific permissions requested
if len(req.Permissions) > 0 { if len(req.Permissions) > 0 {
permissionResults, err = s.grantRepo.HasAnyPermission(ctx, domain.TokenTypeStatic, matchedToken.ID, req.Permissions) permissionResults, err = s.grantRepo.HasAnyPermission(ctx, domain.TokenTypeStatic, matchedToken.ID, req.Permissions)
if err != nil { if err != nil {
s.logger.Error("Failed to check specific permissions", zap.Error(err)) s.logger.Error("Failed to check specific permissions", zap.Error(err))
return &domain.VerifyResponse{ return &domain.VerifyResponse{
Valid: false, Valid: false,
Error: "Failed to check permissions", Permitted: false,
Error: "Failed to check permissions",
}, nil }, nil
} }
// Check if all requested permissions are granted
for _, requestedPerm := range req.Permissions {
if hasPermission, exists := permissionResults[requestedPerm]; !exists || !hasPermission {
permitted = false
break
}
}
} }
s.logger.Info("Static token verified successfully", s.logger.Info("Static token verified successfully",
zap.String("token_id", matchedToken.ID.String()), zap.String("token_id", matchedToken.ID.String()),
zap.String("app_id", req.AppID), zap.String("app_id", req.AppID),
zap.Strings("permissions", permissions)) zap.Strings("permissions", permissions),
zap.Bool("permitted", permitted))
return &domain.VerifyResponse{ return &domain.VerifyResponse{
Valid: true, Valid: true,
Permitted: permitted,
Permissions: permissions, Permissions: permissions,
PermissionResults: permissionResults, PermissionResults: permissionResults,
TokenType: domain.TokenTypeStatic, TokenType: domain.TokenTypeStatic,
@ -321,8 +341,9 @@ func (s *tokenService) verifyUserToken(ctx context.Context, req *domain.VerifyRe
// TODO: Implement JWT token verification // TODO: Implement JWT token verification
// For now, return an error since user tokens are not fully implemented // For now, return an error since user tokens are not fully implemented
return &domain.VerifyResponse{ return &domain.VerifyResponse{
Valid: false, Valid: false,
Error: "User token verification not yet implemented", Permitted: false,
Error: "User token verification not yet implemented",
}, nil }, nil
} }

BIN
server
View File

Binary file not shown.