Brijesh's Git Server — argus-core @ 501bb0a8ed0ed7d9ff9adc1ba1930ba3001a5433

Logging service

internal/apikeys/twirp_server.go (view raw)

 1
 2
 3
 4
 5
 6
 7
 8
 9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
 100
 101
 102
 103
 104
 105
 106
 107
 108
 109
 110
 111
 112
 113
 114
 115
 116
 117
 118
 119
 120
 121
 122
 123
 124
 125
 126
 127
 128
 129
 130
 131
 132
 133
 134
 135
 136
 137
 138
 139
 140
 141
 142
 143
 144
 145
 146
 147
 148
 149
 150
 151
 152
 153
 154
 155
 156
 157
 158
 159
 160
 161
 162
 163
 164
 165
 166
 167
 168
 169
 170
 171
 172
 
package apikeys

import (
	"context"
	"time"

	"argus-core/internal/auth"
	"argus-core/internal/database"
	pb "argus-core/rpc/apikeys"

	"github.com/gocql/gocql"
	"github.com/twitchtv/twirp"
)

// TwirpServer implements the APIKeysService for managing API keys
type TwirpServer struct {
	authService auth.Service
	db          database.Service
}

// NewTwirpServer creates a new Twirp server wrapper around the existing services
func NewTwirpServer(authService auth.Service, db database.Service) pb.APIKeysService {
	return &TwirpServer{authService: authService, db: db}
}

// formatAPIKeyResponse converts a database API key to a protobuf API key
func formatAPIKeyResponse(apiKey *database.APIKey) *pb.APIKey {
	response := &pb.APIKey{
		Id:        apiKey.ID.String(),
		UserId:    apiKey.UserID.String(),
		Name:      apiKey.Name,
		CreatedAt: apiKey.CreatedAt.Format(time.RFC3339),
		IsActive:  apiKey.IsActive,
	}

	if apiKey.LastUsedAt != nil {
		response.LastUsedAt = apiKey.LastUsedAt.Format(time.RFC3339)
	}

	if apiKey.ExpiresAt != nil {
		response.ExpiresAt = apiKey.ExpiresAt.Format(time.RFC3339)
	}

	return response
}

// CreateAPIKey implements the Twirp APIKeysService CreateAPIKey method
func (s *TwirpServer) CreateAPIKey(ctx context.Context, req *pb.CreateAPIKeyRequest) (*pb.CreateAPIKeyResponse, error) {
	if req.Token == "" {
		return nil, twirp.NewError(twirp.Unauthenticated, "token is required")
	}
	if req.Name == "" {
		return nil, twirp.NewError(twirp.InvalidArgument, "name is required")
	}

	// Validate token and get user
	user, err := s.authService.ValidateToken(req.Token)
	if err != nil {
		return nil, twirp.NewError(twirp.Unauthenticated, "invalid token")
	}

	// Parse expiration date if provided
	var expiresAt *time.Time
	if req.ExpiresAt != "" {
		t, err := time.Parse(time.RFC3339, req.ExpiresAt)
		if err != nil {
			return nil, twirp.NewError(twirp.InvalidArgument, "expires_at must be in RFC3339 format")
		}
		if t.Before(time.Now()) {
			return nil, twirp.NewError(twirp.InvalidArgument, "expiration date cannot be in the past")
		}
		expiresAt = &t
	}

	// Create API key
	apiKey, keyString, err := s.authService.CreateAPIKey(user.ID, req.Name, expiresAt)
	if err != nil {
		return nil, twirp.InternalErrorWith(err)
	}

	return &pb.CreateAPIKeyResponse{
		ApiKey: formatAPIKeyResponse(apiKey),
		Key:    keyString,
	}, nil
}

// ListAPIKeys implements the Twirp APIKeysService ListAPIKeys method
func (s *TwirpServer) ListAPIKeys(ctx context.Context, req *pb.ListAPIKeysRequest) (*pb.ListAPIKeysResponse, error) {
	if req.Token == "" {
		return nil, twirp.NewError(twirp.Unauthenticated, "token is required")
	}

	// Validate token and get user
	user, err := s.authService.ValidateToken(req.Token)
	if err != nil {
		return nil, twirp.NewError(twirp.Unauthenticated, "invalid token")
	}

	apiKeys, err := s.authService.ListAPIKeys(user.ID)
	if err != nil {
		return nil, twirp.InternalErrorWith(err)
	}

	var pbAPIKeys []*pb.APIKey
	for _, apiKey := range apiKeys {
		pbAPIKeys = append(pbAPIKeys, formatAPIKeyResponse(&apiKey))
	}

	return &pb.ListAPIKeysResponse{ApiKeys: pbAPIKeys}, nil
}

// RevokeAPIKey implements the Twirp APIKeysService RevokeAPIKey method
func (s *TwirpServer) RevokeAPIKey(ctx context.Context, req *pb.RevokeAPIKeyRequest) (*pb.RevokeAPIKeyResponse, error) {
	if req.Token == "" {
		return nil, twirp.NewError(twirp.Unauthenticated, "token is required")
	}
	if req.KeyId == "" {
		return nil, twirp.NewError(twirp.InvalidArgument, "key_id is required")
	}

	// Validate token and get user
	user, err := s.authService.ValidateToken(req.Token)
	if err != nil {
		return nil, twirp.NewError(twirp.Unauthenticated, "invalid token")
	}

	keyID, err := gocql.ParseUUID(req.KeyId)
	if err != nil {
		return nil, twirp.NewError(twirp.InvalidArgument, "invalid key ID format")
	}

	err = s.authService.RevokeAPIKey(user.ID, keyID)
	if err != nil {
		if err == ErrAPIKeyInvalid {
			return nil, twirp.NewError(twirp.NotFound, "API key not found")
		}
		return nil, twirp.InternalErrorWith(err)
	}

	return &pb.RevokeAPIKeyResponse{}, nil
}

// DeleteAPIKey implements the Twirp APIKeysService DeleteAPIKey method
func (s *TwirpServer) DeleteAPIKey(ctx context.Context, req *pb.DeleteAPIKeyRequest) (*pb.DeleteAPIKeyResponse, error) {
	if req.Token == "" {
		return nil, twirp.NewError(twirp.Unauthenticated, "token is required")
	}
	if req.KeyId == "" {
		return nil, twirp.NewError(twirp.InvalidArgument, "key_id is required")
	}

	// Validate token and get user
	user, err := s.authService.ValidateToken(req.Token)
	if err != nil {
		return nil, twirp.NewError(twirp.Unauthenticated, "invalid token")
	}

	keyID, err := gocql.ParseUUID(req.KeyId)
	if err != nil {
		return nil, twirp.NewError(twirp.InvalidArgument, "invalid key ID format")
	}

	err = s.authService.DeleteAPIKey(user.ID, keyID)
	if err != nil {
		if err == ErrAPIKeyInvalid {
			return nil, twirp.NewError(twirp.NotFound, "API key not found")
		}
		return nil, twirp.InternalErrorWith(err)
	}

	return &pb.DeleteAPIKeyResponse{}, nil
}