97 lines
2.9 KiB
Go
97 lines
2.9 KiB
Go
package authz
|
|
|
|
import (
|
|
"context"
|
|
"git.itzana.me/StrafesNET/dev-service/pkg/datastore"
|
|
"git.itzana.me/StrafesNET/dev-service/pkg/model"
|
|
"git.itzana.me/strafesnet/go-grpc/auth"
|
|
"google.golang.org/protobuf/types/known/emptypb"
|
|
)
|
|
|
|
// ValidateSessionID validates a session ID and returns validation result
|
|
func (s *Service) ValidateSessionID(ctx context.Context, sessionID string) (bool, error) {
|
|
// Call the gRPC service at the boundary
|
|
resp, err := s.authClient.ValidateSession(ctx, &auth.IdMessage{SessionID: sessionID})
|
|
if err != nil {
|
|
return false, err
|
|
}
|
|
|
|
// Convert from gRPC to domain model
|
|
return resp.Valid, nil
|
|
}
|
|
|
|
// GetUserRoles retrieves roles for a user from a session
|
|
func (s *Service) GetUserRoles(ctx context.Context, sessionID string) ([]model.UserRole, error) {
|
|
// Call the gRPC service at the boundary
|
|
resp, err := s.authClient.GetGroupRole(ctx, &auth.IdMessage{SessionID: sessionID})
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
// Convert from gRPC to domain model
|
|
var roles []model.UserRole
|
|
for _, role := range resp.Roles {
|
|
roles = append(roles, model.UserRole{
|
|
ID: role.ID,
|
|
DisplayName: role.DisplayName,
|
|
Rank: role.Rank,
|
|
})
|
|
}
|
|
|
|
return roles, nil
|
|
}
|
|
|
|
// GetOrCreateUserFromSession retrieves user information from a session ID and ensures the user exists in the local datastore
|
|
func (s *Service) GetOrCreateUserFromSession(ctx context.Context, sessionID string) (*model.User, error) {
|
|
// Call the gRPC service at the boundary
|
|
resp, err := s.authClient.GetSessionUser(ctx, &auth.IdMessage{SessionID: sessionID})
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
// Find the user in our datastore
|
|
user, err := s.store.GetUser(ctx, resp.UserID)
|
|
if err != nil {
|
|
// User doesn't exist, create a new one
|
|
newUser := &model.User{
|
|
ID: resp.UserID,
|
|
Username: resp.Username,
|
|
Active: true,
|
|
RateLimitID: datastore.GetDefaultRateLimitID(),
|
|
}
|
|
|
|
err = s.store.CreateUser(ctx, newUser)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
return newUser, nil
|
|
}
|
|
|
|
return user, nil
|
|
}
|
|
|
|
// GetUserAuthProfile retrieves the raw user from the auth rpc
|
|
func (s *Service) GetUserAuthProfile(ctx context.Context, sessionID string) (*auth.SessionUserResponse, error) {
|
|
resp, err := s.authClient.GetSessionUser(ctx, &auth.IdMessage{SessionID: sessionID})
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
return resp, nil
|
|
}
|
|
|
|
// GetAuthMetadata retrieves auth url metadata
|
|
func (s *Service) GetAuthMetadata(ctx context.Context) (*auth.AuthMetadataResponse, error) {
|
|
return s.authClient.GetAuthMetadata(ctx, &emptypb.Empty{})
|
|
}
|
|
|
|
// GetLoginUrl Gets the full URL to login
|
|
func (s *Service) GetLoginUrl(ctx context.Context) (string, error) {
|
|
metadata, err := s.authClient.GetAuthMetadata(ctx, &emptypb.Empty{})
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
|
|
// Combine the login URL with the redirect parameter set to s.domain
|
|
return metadata.LoginURL + "?redirect=" + s.domain, nil
|
|
}
|