/
auth.go
122 lines (102 loc) · 2.79 KB
/
auth.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
package commands
import (
"fmt"
"github.com/Goldwin/ies-pik-cms/pkg/auth/dto"
"github.com/Goldwin/ies-pik-cms/pkg/auth/entities"
. "github.com/Goldwin/ies-pik-cms/pkg/common/commands"
"github.com/golang-jwt/jwt"
)
const (
AuthErrorInvalidToken CommandErrorCode = 20301
AuthErrorFailedToRetrieveAccount CommandErrorCode = 20302
AuthErrorAccountDoesNotExist CommandErrorCode = 20303
AuthErrorOtpExists CommandErrorCode = 20304
)
type AuthCommand struct {
Token string
SecretKey []byte
}
func (cmd AuthCommand) Execute(ctx CommandContext) CommandExecutionResult[dto.AuthData] {
claims, err := cmd.extractClaims()
if err != nil {
return CommandExecutionResult[dto.AuthData]{
Status: ExecutionStatusFailed,
Error: CommandErrorDetail{
Code: AuthErrorInvalidToken,
Message: fmt.Sprintf("Invalid Token: %s", err.Error()),
},
}
}
emailStr, ok := claims["email"].(string)
if !ok {
return CommandExecutionResult[dto.AuthData]{
Status: ExecutionStatusFailed,
Error: CommandErrorDetail{
Code: AuthErrorInvalidToken,
Message: fmt.Sprintf("Invalid Token: Malformed Token"),
},
}
}
email := entities.EmailAddress(emailStr)
if !email.IsValid() {
return CommandExecutionResult[dto.AuthData]{
Status: ExecutionStatusFailed,
Error: CommandErrorDetail{
Code: AuthErrorInvalidToken,
Message: "Invalid Token: Invalid Email",
},
}
}
account, err := ctx.AccountRepository().GetAccount(email)
if err != nil {
return CommandExecutionResult[dto.AuthData]{
Status: ExecutionStatusFailed,
Error: CommandErrorDetail{
Code: AuthErrorFailedToRetrieveAccount,
Message: fmt.Sprintf("Invalid Token: %s", err.Error()),
},
}
}
if account == nil {
return CommandExecutionResult[dto.AuthData]{
Status: ExecutionStatusFailed,
Error: CommandErrorDetail{
Code: AuthErrorAccountDoesNotExist,
Message: "Account Does not exists",
},
}
}
scopeMap := make(map[entities.Scope]bool, 0)
scopes := make([]string, 0)
for _, role := range account.Roles {
for _, scope := range role.Scopes {
scopeMap[scope] = true
}
}
for scope := range scopeMap {
scopes = append(scopes, string(scope))
}
return CommandExecutionResult[dto.AuthData]{
Status: ExecutionStatusSuccess,
Error: CommandErrorDetail{},
Result: dto.AuthData{
Email: string(email),
Scopes: scopes,
},
}
}
func (cmd AuthCommand) extractClaims() (jwt.MapClaims, error) {
token, err := jwt.Parse(cmd.Token, func(token *jwt.Token) (interface{}, error) {
return cmd.SecretKey, nil
})
if err != nil {
return nil, err
}
if !token.Valid {
return nil, fmt.Errorf("invalid token")
}
if claims, ok := token.Claims.(jwt.MapClaims); ok && token.Valid {
return claims, nil
}
return nil, fmt.Errorf("invalid token")
}