Brijesh's Git Server — identity @ 8c36e39b8c6eda064ffa45901a976c3ebf028d97

authentication service

core/internal/server/handlers_application.go (view raw)

 1
 2
 3
 4
 5
 6
 7
 8
 9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
 100
 101
 102
 103
 104
 105
 106
 107
 108
 109
 110
 111
 112
 113
 114
 115
 116
 117
 118
 119
 120
 121
 122
 123
 124
 125
 126
 127
 128
 129
 130
 131
 132
 133
 134
 135
 136
 137
 138
 139
 140
 141
 142
 143
 144
 145
 146
 147
 148
 149
 150
 151
 152
 153
 154
 155
 156
 157
 158
 159
 160
 161
 162
 163
 164
 165
 166
 167
 168
 169
 170
 171
 172
 173
 
package server

import (
	"encoding/json"
	"net/http"
	"strconv"

	"github.com/go-chi/chi/v5"
	"github.com/wbrijesh/identity/internal/auth"
	"github.com/wbrijesh/identity/internal/models"
	"github.com/wbrijesh/identity/utils"
)

func (s *Server) CreateApplicationHandler(w http.ResponseWriter, r *http.Request) {
	adminID, ok := r.Context().Value("adminID").(string)
	if !ok {
		http.Error(w, "Unauthorized", http.StatusInternalServerError)
		return
	}

	var app models.Application
	if err := json.NewDecoder(r.Body).Decode(&app); err != nil {
		http.Error(w, "Invalid request body", http.StatusBadRequest)
		return
	}

	app.AdminID = adminID

	if err := utils.CheckNeceassaryFieldsExist(app, []string{"Name", "Description"}); err != nil {
		http.Error(w, err.Error(), http.StatusBadRequest)
		return
	}

	createdApp, err := s.db.CreateApplication(r.Context(), &app)
	if err != nil {
		http.Error(w, err.Error(), http.StatusInternalServerError)
		return
	}

	json.NewEncoder(w).Encode(createdApp)
}

func (s *Server) ListApplicationsHandler(w http.ResponseWriter, r *http.Request) {
	adminID, ok := r.Context().Value("adminID").(string)
	if !ok {
		http.Error(w, "Unauthorized", http.StatusInternalServerError)
		return
	}
	offset, _ := strconv.Atoi(r.URL.Query().Get("offset"))
	limit, _ := strconv.Atoi(r.URL.Query().Get("limit"))

	apps, total, err := s.db.ListApplications(r.Context(), offset, limit, adminID)
	if err != nil {
		http.Error(w, err.Error(), http.StatusInternalServerError)
		return
	}

	json.NewEncoder(w).Encode(map[string]interface{}{
		"applications": apps,
		"total":        total,
	})
}

func (s *Server) GenerateRefreshTokenForApplicationHandler(w http.ResponseWriter, r *http.Request) {
	applicationID := chi.URLParam(r, "applicationID")
	if applicationID == "" {
		http.Error(w, "Application ID is required", http.StatusBadRequest)
		return
	}

	// Check if request is coming from the application owner
	adminID, ok := r.Context().Value("adminID").(string)
	if !ok {
		http.Error(w, "Unauthorized", http.StatusInternalServerError)
		return
	}
	application, err := s.db.GetApplicationByID(r.Context(), applicationID)
	if err != nil {
		http.Error(w, "Application not found", http.StatusNotFound)
		return
	}
	if application.AdminID != adminID {
		http.Error(w, "Unauthorized", http.StatusUnauthorized)
		return
	}

	// Generate refresh token
	refreshToken, err := s.db.GenerateRefreshToken(r.Context(), applicationID)
	if err != nil {
		http.Error(w, err.Error(), http.StatusInternalServerError)
		return
	}

	// DELETE TemporaryAccessToken before pushing first stable version
	accessToken, err := auth.GenerateAccessTokenFromRefreshToken(refreshToken)
	if err != nil {
		http.Error(w, err.Error(), http.StatusInternalServerError)
		return
	}

	// Prepare response
	response := struct {
		RefreshToken         string `json:"refresh_token"`
		TemporaryAccessToken string `json:"temporary_access_token"`
	}{
		RefreshToken:         refreshToken,
		TemporaryAccessToken: accessToken,
	}

	// Send response
	w.Header().Set("Content-Type", "application/json")
	w.WriteHeader(http.StatusOK)
	json.NewEncoder(w).Encode(response)
}

func (s *Server) UpdateRefreshTokenForApplicationHandler(w http.ResponseWriter, r *http.Request) {
	applicationID := chi.URLParam(r, "applicationID")
	if applicationID == "" {
		http.Error(w, "Application ID is required", http.StatusBadRequest)
		return
	}

	// Check if request is coming from the application owner
	adminID, ok := r.Context().Value("adminID").(string)
	if !ok {
		http.Error(w, "Unauthorized", http.StatusInternalServerError)
		return
	}
	application, err := s.db.GetApplicationByID(r.Context(), applicationID)
	if err != nil {
		http.Error(w, "Application not found", http.StatusNotFound)
		return
	}
	if application.AdminID != adminID {
		http.Error(w, "Unauthorized", http.StatusUnauthorized)
		return
	}

	// Delete existing refresh token
	err = s.db.DeleteRefreshToken(r.Context(), applicationID)
	if err != nil {
		http.Error(w, "Failed to delete existing refresh token: "+err.Error(), http.StatusInternalServerError)
		return
	}

	// Generate new refresh token
	newRefreshToken, err := s.db.GenerateRefreshToken(r.Context(), applicationID)
	if err != nil {
		http.Error(w, "Failed to generate new refresh token: "+err.Error(), http.StatusInternalServerError)
		return
	}

	// DELETE TemporaryAccessToken before pushing first stable version
	accessToken, err := auth.GenerateAccessTokenFromRefreshToken(newRefreshToken)
	if err != nil {
		http.Error(w, err.Error(), http.StatusInternalServerError)
		return
	}

	// Prepare response
	response := struct {
		RefreshToken         string `json:"refresh_token"`
		TemporaryAccessToken string `json:"temporary_access_token"`
	}{
		RefreshToken:         newRefreshToken,
		TemporaryAccessToken: accessToken,
	}

	// Send response
	w.Header().Set("Content-Type", "application/json")
	w.WriteHeader(http.StatusOK)
	json.NewEncoder(w).Encode(response)
}