You've already forked golang-saas-starter-kit
mirror of
https://github.com/raseels-repos/golang-saas-starter-kit.git
synced 2025-06-17 00:17:59 +02:00
authenticator storage engines
Created a storage interface used by authenticator to support multiple types of storage types for private keys. Added a new file storage engine which is now the default for web-api. Migrated aws secrets manager to be optional.
This commit is contained in:
Lee Brown
@ -3,6 +3,7 @@ package handlers
|
||||
import (
|
||||
"context"
|
||||
"net/http"
|
||||
"strconv"
|
||||
"time"
|
||||
|
||||
"geeks-accelerator/oss/saas-starter-kit/example-project/internal/platform/auth"
|
||||
@ -12,6 +13,9 @@ import (
|
||||
"github.com/pkg/errors"
|
||||
)
|
||||
|
||||
// sessionTtl defines the auth token expiration.
|
||||
var sessionTtl = time.Hour * 24
|
||||
|
||||
// User represents the User API method handler set.
|
||||
type User struct {
|
||||
MasterDB *sqlx.DB
|
||||
@ -21,7 +25,7 @@ type User struct {
|
||||
}
|
||||
|
||||
// List returns all the existing users in the system.
|
||||
func (u *User) List(ctx context.Context, w http.ResponseWriter, r *http.Request, params map[string]string) error {
|
||||
func (u *User) Find(ctx context.Context, w http.ResponseWriter, r *http.Request, params map[string]string) error {
|
||||
claims, ok := ctx.Value(auth.Key).(auth.Claims)
|
||||
if !ok {
|
||||
return errors.New("claims missing from context")
|
||||
@ -32,22 +36,160 @@ func (u *User) List(ctx context.Context, w http.ResponseWriter, r *http.Request,
|
||||
return errors.Wrap(err, "")
|
||||
}
|
||||
|
||||
usrs, err := user.Find(ctx, claims, u.MasterDB, req)
|
||||
res, err := user.Find(ctx, claims, u.MasterDB, req)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
return web.RespondJson(ctx, w, usrs, http.StatusOK)
|
||||
return web.RespondJson(ctx, w, res, http.StatusOK)
|
||||
}
|
||||
|
||||
// Retrieve returns the specified user from the system.
|
||||
func (u *User) Retrieve(ctx context.Context, w http.ResponseWriter, r *http.Request, params map[string]string) error {
|
||||
// Read returns the specified user from the system.
|
||||
func (u *User) Read(ctx context.Context, w http.ResponseWriter, r *http.Request, params map[string]string) error {
|
||||
claims, ok := ctx.Value(auth.Key).(auth.Claims)
|
||||
if !ok {
|
||||
return errors.New("claims missing from context")
|
||||
}
|
||||
|
||||
usr, err := user.FindById(ctx, claims, u.MasterDB, params["id"], false)
|
||||
var includeArchived bool
|
||||
if qv := r.URL.Query().Get("include-archived"); qv != "" {
|
||||
var err error
|
||||
includeArchived, err = strconv.ParseBool(qv)
|
||||
if err != nil {
|
||||
return errors.Wrapf(err, "Invalid value for include-archived : %s", qv)
|
||||
}
|
||||
}
|
||||
|
||||
res, err := user.Read(ctx, claims, u.MasterDB, params["id"], includeArchived)
|
||||
if err != nil {
|
||||
switch err {
|
||||
case user.ErrInvalidID:
|
||||
return web.NewRequestError(err, http.StatusBadRequest)
|
||||
case user.ErrNotFound:
|
||||
return web.NewRequestError(err, http.StatusNotFound)
|
||||
case user.ErrForbidden:
|
||||
return web.NewRequestError(err, http.StatusForbidden)
|
||||
default:
|
||||
return errors.Wrapf(err, "ID: %s", params["id"])
|
||||
}
|
||||
}
|
||||
|
||||
return web.RespondJson(ctx, w, res, http.StatusOK)
|
||||
}
|
||||
|
||||
// Create inserts a new user into the system.
|
||||
func (u *User) Create(ctx context.Context, w http.ResponseWriter, r *http.Request, params map[string]string) error {
|
||||
v, ok := ctx.Value(web.KeyValues).(*web.Values)
|
||||
if !ok {
|
||||
return web.NewShutdownError("web value missing from context")
|
||||
}
|
||||
|
||||
claims, ok := ctx.Value(auth.Key).(auth.Claims)
|
||||
if !ok {
|
||||
return errors.New("claims missing from context")
|
||||
}
|
||||
|
||||
var req user.UserCreateRequest
|
||||
if err := web.Decode(r, &req); err != nil {
|
||||
return errors.Wrap(err, "")
|
||||
}
|
||||
|
||||
res, err := user.Create(ctx, claims, u.MasterDB, req, v.Now)
|
||||
if err != nil {
|
||||
switch err {
|
||||
case user.ErrForbidden:
|
||||
return web.NewRequestError(err, http.StatusForbidden)
|
||||
default:
|
||||
return errors.Wrapf(err, "User: %+v", &req)
|
||||
}
|
||||
}
|
||||
|
||||
return web.RespondJson(ctx, w, res, http.StatusCreated)
|
||||
}
|
||||
|
||||
// Update updates the specified user in the system.
|
||||
func (u *User) Update(ctx context.Context, w http.ResponseWriter, r *http.Request, params map[string]string) error {
|
||||
v, ok := ctx.Value(web.KeyValues).(*web.Values)
|
||||
if !ok {
|
||||
return web.NewShutdownError("web value missing from context")
|
||||
}
|
||||
|
||||
claims, ok := ctx.Value(auth.Key).(auth.Claims)
|
||||
if !ok {
|
||||
return errors.New("claims missing from context")
|
||||
}
|
||||
|
||||
var req user.UserUpdateRequest
|
||||
if err := web.Decode(r, &req); err != nil {
|
||||
return errors.Wrap(err, "")
|
||||
}
|
||||
req.ID = params["id"]
|
||||
|
||||
err := user.Update(ctx, claims, u.MasterDB, req, v.Now)
|
||||
if err != nil {
|
||||
switch err {
|
||||
case user.ErrInvalidID:
|
||||
return web.NewRequestError(err, http.StatusBadRequest)
|
||||
case user.ErrNotFound:
|
||||
return web.NewRequestError(err, http.StatusNotFound)
|
||||
case user.ErrForbidden:
|
||||
return web.NewRequestError(err, http.StatusForbidden)
|
||||
default:
|
||||
return errors.Wrapf(err, "Id: %s User: %+v", params["id"], &req)
|
||||
}
|
||||
}
|
||||
|
||||
return web.RespondJson(ctx, w, nil, http.StatusNoContent)
|
||||
}
|
||||
|
||||
// Update updates the password for a specified user in the system.
|
||||
func (u *User) UpdatePassword(ctx context.Context, w http.ResponseWriter, r *http.Request, params map[string]string) error {
|
||||
v, ok := ctx.Value(web.KeyValues).(*web.Values)
|
||||
if !ok {
|
||||
return web.NewShutdownError("web value missing from context")
|
||||
}
|
||||
|
||||
claims, ok := ctx.Value(auth.Key).(auth.Claims)
|
||||
if !ok {
|
||||
return errors.New("claims missing from context")
|
||||
}
|
||||
|
||||
var req user.UserUpdatePasswordRequest
|
||||
if err := web.Decode(r, &req); err != nil {
|
||||
return errors.Wrap(err, "")
|
||||
}
|
||||
req.ID = params["id"]
|
||||
|
||||
err := user.UpdatePassword(ctx, claims, u.MasterDB, req, v.Now)
|
||||
if err != nil {
|
||||
switch err {
|
||||
case user.ErrInvalidID:
|
||||
return web.NewRequestError(err, http.StatusBadRequest)
|
||||
case user.ErrNotFound:
|
||||
return web.NewRequestError(err, http.StatusNotFound)
|
||||
case user.ErrForbidden:
|
||||
return web.NewRequestError(err, http.StatusForbidden)
|
||||
default:
|
||||
return errors.Wrapf(err, "Id: %s User: %+v", params["id"], &req)
|
||||
}
|
||||
}
|
||||
|
||||
return web.RespondJson(ctx, w, nil, http.StatusNoContent)
|
||||
}
|
||||
|
||||
// Archive soft-deletes the specified user from the system.
|
||||
func (u *User) Archive(ctx context.Context, w http.ResponseWriter, r *http.Request, params map[string]string) error {
|
||||
v, ok := ctx.Value(web.KeyValues).(*web.Values)
|
||||
if !ok {
|
||||
return web.NewShutdownError("web value missing from context")
|
||||
}
|
||||
|
||||
claims, ok := ctx.Value(auth.Key).(auth.Claims)
|
||||
if !ok {
|
||||
return errors.New("claims missing from context")
|
||||
}
|
||||
|
||||
err := user.Archive(ctx, claims, u.MasterDB, params["id"], v.Now)
|
||||
if err != nil {
|
||||
switch err {
|
||||
case user.ErrInvalidID:
|
||||
@ -61,66 +203,6 @@ func (u *User) Retrieve(ctx context.Context, w http.ResponseWriter, r *http.Requ
|
||||
}
|
||||
}
|
||||
|
||||
return web.RespondJson(ctx, w, usr, http.StatusOK)
|
||||
}
|
||||
|
||||
// Create inserts a new user into the system.
|
||||
func (u *User) Create(ctx context.Context, w http.ResponseWriter, r *http.Request, params map[string]string) error {
|
||||
claims, ok := ctx.Value(auth.Key).(auth.Claims)
|
||||
if !ok {
|
||||
return errors.New("claims missing from context")
|
||||
}
|
||||
|
||||
v, ok := ctx.Value(web.KeyValues).(*web.Values)
|
||||
if !ok {
|
||||
return web.NewShutdownError("web value missing from context")
|
||||
}
|
||||
|
||||
var newU user.CreateUserRequest
|
||||
if err := web.Decode(r, &newU); err != nil {
|
||||
return errors.Wrap(err, "")
|
||||
}
|
||||
|
||||
usr, err := user.Create(ctx, claims, u.MasterDB, newU, v.Now)
|
||||
if err != nil {
|
||||
return errors.Wrapf(err, "User: %+v", &usr)
|
||||
}
|
||||
|
||||
return web.RespondJson(ctx, w, usr, http.StatusCreated)
|
||||
}
|
||||
|
||||
// Update updates the specified user in the system.
|
||||
func (u *User) Update(ctx context.Context, w http.ResponseWriter, r *http.Request, params map[string]string) error {
|
||||
claims, ok := ctx.Value(auth.Key).(auth.Claims)
|
||||
if !ok {
|
||||
return errors.New("claims missing from context")
|
||||
}
|
||||
|
||||
|
||||
v, ok := ctx.Value(web.KeyValues).(*web.Values)
|
||||
if !ok {
|
||||
return web.NewShutdownError("web value missing from context")
|
||||
}
|
||||
|
||||
var upd user.UpdateUserRequest
|
||||
if err := web.Decode(r, &upd); err != nil {
|
||||
return errors.Wrap(err, "")
|
||||
}
|
||||
|
||||
err := user.Update(ctx, claims, u.MasterDB, upd, v.Now)
|
||||
if err != nil {
|
||||
switch err {
|
||||
case user.ErrInvalidID:
|
||||
return web.NewRequestError(err, http.StatusBadRequest)
|
||||
case user.ErrNotFound:
|
||||
return web.NewRequestError(err, http.StatusNotFound)
|
||||
case user.ErrForbidden:
|
||||
return web.NewRequestError(err, http.StatusForbidden)
|
||||
default:
|
||||
return errors.Wrapf(err, "Id: %s User: %+v", params["id"], &upd)
|
||||
}
|
||||
}
|
||||
|
||||
return web.RespondJson(ctx, w, nil, http.StatusNoContent)
|
||||
}
|
||||
|
||||
@ -148,6 +230,31 @@ func (u *User) Delete(ctx context.Context, w http.ResponseWriter, r *http.Reques
|
||||
return web.RespondJson(ctx, w, nil, http.StatusNoContent)
|
||||
}
|
||||
|
||||
// SwitchAccount updates the claims.
|
||||
func (u *User) SwitchAccount(ctx context.Context, w http.ResponseWriter, r *http.Request, params map[string]string) error {
|
||||
v, ok := ctx.Value(web.KeyValues).(*web.Values)
|
||||
if !ok {
|
||||
return web.NewShutdownError("web value missing from context")
|
||||
}
|
||||
|
||||
claims, ok := ctx.Value(auth.Key).(auth.Claims)
|
||||
if !ok {
|
||||
return errors.New("claims missing from context")
|
||||
}
|
||||
|
||||
tkn, err := user.SwitchAccount(ctx, u.MasterDB, u.TokenGenerator, claims, params["accountId"], sessionTtl, v.Now)
|
||||
if err != nil {
|
||||
switch err {
|
||||
case user.ErrAuthenticationFailure:
|
||||
return web.NewRequestError(err, http.StatusUnauthorized)
|
||||
default:
|
||||
return errors.Wrap(err, "switch account")
|
||||
}
|
||||
}
|
||||
|
||||
return web.RespondJson(ctx, w, tkn, http.StatusNoContent)
|
||||
}
|
||||
|
||||
// Token handles a request to authenticate a user. It expects a request using
|
||||
// Basic Auth with a user's email and password. It responds with a JWT.
|
||||
func (u *User) Token(ctx context.Context, w http.ResponseWriter, r *http.Request, params map[string]string) error {
|
||||
@ -162,8 +269,7 @@ func (u *User) Token(ctx context.Context, w http.ResponseWriter, r *http.Request
|
||||
return web.NewRequestError(err, http.StatusUnauthorized)
|
||||
}
|
||||
|
||||
// TODO Constant for token lifespan?
|
||||
tkn, err := user.Authenticate(ctx, u.MasterDB, u.TokenGenerator, email, pass, time.Hour * 24, v.Now)
|
||||
tkn, err := user.Authenticate(ctx, u.MasterDB, u.TokenGenerator, email, pass, sessionTtl, v.Now)
|
||||
if err != nil {
|
||||
switch err {
|
||||
case user.ErrAuthenticationFailure:
|
||||
|
||||
Reference in New Issue
Block a user