add http api endpoints

Signed-off-by: Arvindh <arvindh91@gmail.com>
absmach · Jul 12, 2024 · b6b762a · b6b762a
1 parent 9d4f0e3
commit b6b762a
Show file tree

Hide file tree

Showing 21 changed files with 732 additions and 324 deletions.
diff --git a/auth/api/http/keys/endpoint_test.go b/auth/api/http/keys/endpoint_test.go
@@ -71,11 +71,12 @@ func newService() (auth.Service, *mocks.KeyRepository) {
 	prepo := new(mocks.PolicyAgent)
 	drepo := new(mocks.DomainsRepository)
 	patsRepo := new(mocks.PATSRepository)
+	hasher := new(mocks.Hasher)
 	idProvider := uuid.NewMock()
 
 	t := jwt.New([]byte(secret))
 
-	return auth.New(krepo, drepo, patsRepo, idProvider, t, prepo, loginDuration, refreshDuration, invalidDuration), krepo
+	return auth.New(krepo, drepo, patsRepo, hasher, idProvider, t, prepo, loginDuration, refreshDuration, invalidDuration), krepo
 }
 
 func newServer(svc auth.Service) *httptest.Server {

diff --git a/auth/api/http/pats/endpoint.go b/auth/api/http/pats/endpoint.go
@@ -186,17 +186,17 @@ func clearPATAllScopeEntryEndpoint(svc auth.Service) endpoint.Endpoint {
 	}
 }
 
-func testCheckPATScopeEntryEndpoint(svc auth.Service) endpoint.Endpoint {
+func authorizePATEndpoint(svc auth.Service) endpoint.Endpoint {
 	return func(ctx context.Context, request interface{}) (interface{}, error) {
-		req := request.(testCheckPatScopeReq)
+		req := request.(authorizePATReq)
 		if err := req.validate(); err != nil {
 			return nil, err
 		}
 
-		if err := svc.TestCheckPATScopeEntry(ctx, req.token, req.PlatformEntityType, req.OptionalDomainID, req.OptionalDomainEntityType, req.Operation, req.EntityIDs...); err != nil {
+		if err := svc.AuthorizePAT(ctx, req.token, req.PlatformEntityType, req.OptionalDomainID, req.OptionalDomainEntityType, req.Operation, req.EntityIDs...); err != nil {
 			return nil, err
 		}
 
-		return testCheckPatScopeRes{}, nil
+		return authorizePATRes{}, nil
 	}
 }
diff --git a/auth/api/http/pats/requests.go b/auth/api/http/pats/requests.go
@@ -302,7 +302,7 @@ func (req clearAllScopeEntryReq) validate() (err error) {
 	return nil
 }
 
-type testCheckPatScopeReq struct {
+type authorizePATReq struct {
 	token                    string
 	PlatformEntityType       auth.PlatformEntityType `json:"platform_entity_type,omitempty"`
 	OptionalDomainID         string                  `json:"optional_domain_id,omitempty"`
@@ -311,7 +311,7 @@ type testCheckPatScopeReq struct {
 	EntityIDs                []string                `json:"entity_ids,omitempty"`
 }
 
-func (tcpsr *testCheckPatScopeReq) UnmarshalJSON(data []byte) error {
+func (tcpsr *authorizePATReq) UnmarshalJSON(data []byte) error {
 	var temp struct {
 		PlatformEntityType       string   `json:"platform_entity_type,omitempty"`
 		OptionalDomainID         string   `json:"optional_domain_id,omitempty"`
@@ -324,27 +324,35 @@ func (tcpsr *testCheckPatScopeReq) UnmarshalJSON(data []byte) error {
 		return err
 	}
 
+	tcpsr.OptionalDomainID = temp.OptionalDomainID
+	tcpsr.EntityIDs = temp.EntityIDs
+
 	pet, err := auth.ParsePlatformEntityType(temp.PlatformEntityType)
 	if err != nil {
 		return err
 	}
-	odt, err := auth.ParseDomainEntityType(temp.OptionalDomainEntityType)
-	if err != nil {
-		return err
+	tcpsr.PlatformEntityType = pet
+
+	if temp.OptionalDomainEntityType != "" {
+		odt, err := auth.ParseDomainEntityType(temp.OptionalDomainEntityType)
+		if err != nil {
+			return err
+		}
+		tcpsr.OptionalDomainEntityType = odt
 	}
-	op, err := auth.ParseOperationType(temp.Operation)
-	if err != nil {
-		return err
+
+	if temp.OptionalDomainID != "" {
+		op, err := auth.ParseOperationType(temp.Operation)
+		if err != nil {
+			return err
+		}
+		tcpsr.Operation = op
 	}
-	tcpsr.PlatformEntityType = pet
-	tcpsr.OptionalDomainID = temp.OptionalDomainID
-	tcpsr.OptionalDomainEntityType = odt
-	tcpsr.Operation = op
-	tcpsr.EntityIDs = temp.EntityIDs
+
 	return nil
 }
 
-func (req testCheckPatScopeReq) validate() (err error) {
+func (req authorizePATReq) validate() (err error) {
 	if req.token == "" {
 		return apiutil.ErrBearerToken
 	}

diff --git a/auth/api/http/pats/responses.go b/auth/api/http/pats/responses.go
@@ -193,16 +193,16 @@ func (res clearAllScopeEntryRes) Empty() bool {
 	return true
 }
 
-type testCheckPatScopeRes struct{}
+type authorizePATRes struct{}
 
-func (res testCheckPatScopeRes) Code() int {
-	return http.StatusOK
+func (res authorizePATRes) Code() int {
+	return http.StatusNoContent
 }
 
-func (res testCheckPatScopeRes) Headers() map[string]string {
+func (res authorizePATRes) Headers() map[string]string {
 	return map[string]string{}
 }
 
-func (res testCheckPatScopeRes) Empty() bool {
+func (res authorizePATRes) Empty() bool {
 	return true
 }
diff --git a/auth/api/http/pats/transport.go b/auth/api/http/pats/transport.go
@@ -106,9 +106,9 @@ func MakeHandler(svc auth.Service, mux *chi.Mux, logger *slog.Logger) *chi.Mux {
 			opts...,
 		).ServeHTTP)
 
-		r.Get("/check", kithttp.NewServer(
-			(testCheckPATScopeEntryEndpoint(svc)),
-			decodeTestCheckPATScopeEntryRequest,
+		r.Post("/authorize", kithttp.NewServer(
+			(authorizePATEndpoint(svc)),
+			decodeAuthorizePATRequest,
 			api.EncodeResponse,
 			opts...,
 		).ServeHTTP)
@@ -184,10 +184,6 @@ func decodeListPATSRequest(_ context.Context, r *http.Request) (interface{}, err
 }
 
 func decodeDeletePATRequest(_ context.Context, r *http.Request) (interface{}, error) {
-	if !strings.Contains(r.Header.Get("Content-Type"), contentType) {
-		return nil, apiutil.ErrUnsupportedContentType
-	}
-
 	return deletePatReq{
 		token: apiutil.ExtractBearerToken(r),
 		id:    chi.URLParam(r, "id"),
@@ -210,10 +206,6 @@ func decodeResetPATSecretRequest(_ context.Context, r *http.Request) (interface{
 }
 
 func decodeRevokePATSecretRequest(_ context.Context, r *http.Request) (interface{}, error) {
-	if !strings.Contains(r.Header.Get("Content-Type"), contentType) {
-		return nil, apiutil.ErrUnsupportedContentType
-	}
-
 	return revokePatSecretReq{
 		token: apiutil.ExtractBearerToken(r),
 		id:    chi.URLParam(r, "id"),
@@ -261,12 +253,12 @@ func decodeClearPATAllScopeEntryRequest(_ context.Context, r *http.Request) (int
 	}, nil
 }
 
-func decodeTestCheckPATScopeEntryRequest(_ context.Context, r *http.Request) (interface{}, error) {
+func decodeAuthorizePATRequest(_ context.Context, r *http.Request) (interface{}, error) {
 	if !strings.Contains(r.Header.Get("Content-Type"), contentType) {
 		return nil, apiutil.ErrUnsupportedContentType
 	}
 
-	req := testCheckPatScopeReq{token: apiutil.ExtractBearerToken(r)}
+	req := authorizePATReq{token: apiutil.ExtractBearerToken(r)}
 	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
 		return nil, errors.Wrap(errors.ErrMalformedEntity, err)
 	}

diff --git a/auth/api/logging.go b/auth/api/logging.go
@@ -701,52 +701,59 @@ func (lm *loggingMiddleware) ClearPATAllScopeEntry(ctx context.Context, token, p
 	return lm.svc.ClearPATAllScopeEntry(ctx, token, patID)
 }
 
-func (lm *loggingMiddleware) TestCheckPATScopeEntry(ctx context.Context, paToken string, platformEntityType auth.PlatformEntityType, optionalDomainID string, optionalDomainEntityType auth.DomainEntityType, operation auth.OperationType, entityIDs ...string) (err error) {
+func (lm *loggingMiddleware) IdentifyPAT(ctx context.Context, paToken string) (pa auth.PAT, err error) {
 	defer func(begin time.Time) {
 		args := []any{
 			slog.String("duration", time.Since(begin).String()),
-			slog.String("platform_entity_type", platformEntityType.String()),
-			slog.String("optional_domain_id", optionalDomainID),
-			slog.String("optional_domain_entity_type", optionalDomainEntityType.String()),
-			slog.String("operation", operation.String()),
-			slog.Any("entities", entityIDs),
 		}
 		if err != nil {
 			args = append(args, slog.Any("error", err))
-			lm.logger.Warn("Test Check entry in PAT scope failed complete successfully", args...)
+			lm.logger.Warn("Identify PAT failed to complete successfully", args...)
 			return
 		}
-		lm.logger.Info("Test Check entry in PAT scope completed successfully", args...)
+		lm.logger.Info("Identify PAT completed successfully", args...)
 	}(time.Now())
-	return lm.svc.TestCheckPATScopeEntry(ctx, paToken, platformEntityType, optionalDomainID, optionalDomainEntityType, operation, entityIDs...)
+	return lm.svc.IdentifyPAT(ctx, paToken)
 }
 
-func (lm *loggingMiddleware) IdentifyPAT(ctx context.Context, paToken string) (pa auth.PAT, err error) {
+func (lm *loggingMiddleware) AuthorizePAT(ctx context.Context, paToken string, platformEntityType auth.PlatformEntityType, optionalDomainID string, optionalDomainEntityType auth.DomainEntityType, operation auth.OperationType, entityIDs ...string) (err error) {
 	defer func(begin time.Time) {
 		args := []any{
 			slog.String("duration", time.Since(begin).String()),
+			slog.String("platform_entity_type", platformEntityType.String()),
+			slog.String("optional_domain_id", optionalDomainID),
+			slog.String("optional_domain_entity_type", optionalDomainEntityType.String()),
+			slog.String("operation", operation.String()),
+			slog.Any("entities", entityIDs),
 		}
 		if err != nil {
 			args = append(args, slog.Any("error", err))
-			lm.logger.Warn("Identify PAT failed to complete successfully", args...)
+			lm.logger.Warn("Authorize PAT failed complete successfully", args...)
 			return
 		}
-		lm.logger.Info("Identify PAT completed successfully", args...)
+		lm.logger.Info("Authorize PAT completed successfully", args...)
 	}(time.Now())
-	return lm.svc.IdentifyPAT(ctx, paToken)
+	return lm.svc.AuthorizePAT(ctx, paToken, platformEntityType, optionalDomainID, optionalDomainEntityType, operation, entityIDs...)
 }
 
-func (lm *loggingMiddleware) AuthorizePAT(ctx context.Context, paToken string) (pa auth.PAT, err error) {
+func (lm *loggingMiddleware) CheckPAT(ctx context.Context, userID, patID string, platformEntityType auth.PlatformEntityType, optionalDomainID string, optionalDomainEntityType auth.DomainEntityType, operation auth.OperationType, entityIDs ...string) (err error) {
 	defer func(begin time.Time) {
 		args := []any{
 			slog.String("duration", time.Since(begin).String()),
+			slog.String("user_id", userID),
+			slog.String("pat_id", patID),
+			slog.String("platform_entity_type", platformEntityType.String()),
+			slog.String("optional_domain_id", optionalDomainID),
+			slog.String("optional_domain_entity_type", optionalDomainEntityType.String()),
+			slog.String("operation", operation.String()),
+			slog.Any("entities", entityIDs),
 		}
 		if err != nil {
 			args = append(args, slog.Any("error", err))
-			lm.logger.Warn("Authorize PAT failed to complete successfully", args...)
+			lm.logger.Warn("Check PAT failed complete successfully", args...)
 			return
 		}
-		lm.logger.Info("Authorize PAT completed successfully", args...)
+		lm.logger.Info("Check PAT completed successfully", args...)
 	}(time.Now())
-	return lm.svc.AuthorizePAT(ctx, paToken)
+	return lm.svc.CheckPAT(ctx, userID, patID, platformEntityType, optionalDomainID, optionalDomainEntityType, operation, entityIDs...)
 }
diff --git a/auth/api/metrics.go b/auth/api/metrics.go
@@ -336,14 +336,6 @@ func (ms *metricsMiddleware) ClearPATAllScopeEntry(ctx context.Context, token, p
 	return ms.svc.ClearPATAllScopeEntry(ctx, token, patID)
 }
 
-func (ms *metricsMiddleware) TestCheckPATScopeEntry(ctx context.Context, paToken string, platformEntityType auth.PlatformEntityType, optionalDomainID string, optionalDomainEntityType auth.DomainEntityType, operation auth.OperationType, entityIDs ...string) error {
-	defer func(begin time.Time) {
-		ms.counter.With("method", "test_check_pat_scope_entry").Add(1)
-		ms.latency.With("method", "test_check_pat_scope_entry").Observe(time.Since(begin).Seconds())
-	}(time.Now())
-	return ms.svc.TestCheckPATScopeEntry(ctx, paToken, platformEntityType, optionalDomainID, optionalDomainEntityType, operation, entityIDs...)
-}
-
 func (ms *metricsMiddleware) IdentifyPAT(ctx context.Context, paToken string) (auth.PAT, error) {
 	defer func(begin time.Time) {
 		ms.counter.With("method", "identify_pat").Add(1)
@@ -352,10 +344,18 @@ func (ms *metricsMiddleware) IdentifyPAT(ctx context.Context, paToken string) (a
 	return ms.svc.IdentifyPAT(ctx, paToken)
 }
 
-func (ms *metricsMiddleware) AuthorizePAT(ctx context.Context, paToken string) (auth.PAT, error) {
+func (ms *metricsMiddleware) AuthorizePAT(ctx context.Context, paToken string, platformEntityType auth.PlatformEntityType, optionalDomainID string, optionalDomainEntityType auth.DomainEntityType, operation auth.OperationType, entityIDs ...string) error {
 	defer func(begin time.Time) {
 		ms.counter.With("method", "authorize_pat").Add(1)
 		ms.latency.With("method", "authorize_pat").Observe(time.Since(begin).Seconds())
 	}(time.Now())
-	return ms.svc.AuthorizePAT(ctx, paToken)
+	return ms.svc.AuthorizePAT(ctx, paToken, platformEntityType, optionalDomainID, optionalDomainEntityType, operation, entityIDs...)
+}
+
+func (ms *metricsMiddleware) CheckPAT(ctx context.Context, userID, patID string, platformEntityType auth.PlatformEntityType, optionalDomainID string, optionalDomainEntityType auth.DomainEntityType, operation auth.OperationType, entityIDs ...string) error {
+	defer func(begin time.Time) {
+		ms.counter.With("method", "check_pat").Add(1)
+		ms.latency.With("method", "check_pat").Observe(time.Since(begin).Seconds())
+	}(time.Now())
+	return ms.svc.CheckPAT(ctx, userID, patID, platformEntityType, optionalDomainID, optionalDomainEntityType, operation, entityIDs...)
 }