-
Notifications
You must be signed in to change notification settings - Fork 12
/
admin_api_handler.go
91 lines (83 loc) · 2.88 KB
/
admin_api_handler.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
package handler
import (
"context"
"fmt"
"github.com/gin-gonic/gin"
"github.com/openline-ai/openline-customer-os/packages/server/customer-os-api/config"
"github.com/openline-ai/openline-customer-os/packages/server/customer-os-api/graph/model"
commonService "github.com/openline-ai/openline-customer-os/packages/server/customer-os-common-module/service"
"github.com/openline-ai/openline-customer-os/packages/server/customer-os-common-module/service/security"
"log"
"net/http"
)
type AdminApiHandler struct {
cfg *config.Config
commonServices *commonService.Services
}
func NewAdminApiHandler(config *config.Config, commonServices *commonService.Services) *AdminApiHandler {
return &AdminApiHandler{
cfg: config,
commonServices: commonServices,
}
}
func (aah *AdminApiHandler) GetAdminApiHandlerEnhancer() func(c *gin.Context) {
return func(c *gin.Context) {
apiKey := c.GetHeader(security.ApiKeyHeader)
if apiKey != aah.cfg.Admin.Key {
log.Println("Invalid api key")
c.JSON(http.StatusUnauthorized, gin.H{
"errors": []gin.H{{"message": "Invalid api key"}},
})
c.Abort()
return
}
ctx := context.Background()
tenant := c.GetHeader(security.TenantHeader)
if tenant != "" {
exists, err := aah.commonServices.Neo4jRepositories.TenantReadRepository.TenantExists(ctx, tenant)
if err != nil {
log.Printf("Error checking tenant existence: %s", err.Error())
c.JSON(http.StatusUnauthorized, gin.H{
"errors": []gin.H{{"message": fmt.Sprintf("Error checking tenant existence: %s", err.Error())}},
})
c.Abort()
return
}
if !exists {
log.Printf("Tenant %s does not exist", tenant)
c.JSON(http.StatusUnauthorized, gin.H{
"errors": []gin.H{{"message": fmt.Sprintf("Tenant %s does not exist", tenant)}},
})
c.Abort()
return
}
}
c.Set(security.KEY_TENANT_NAME, tenant)
//TODO DROP THIS. WE NEED TO USE THE TenantUserContextEnhancer + a check on the ADMIN ROLE
usernameHeader := c.GetHeader(security.UsernameHeader)
if usernameHeader != "" {
userId, tenantName, roles, err := aah.commonServices.Neo4jRepositories.UserReadRepository.FindUserByEmail(ctx, usernameHeader)
if err != nil {
log.Printf("Error checking user existence: %s", err.Error())
c.JSON(http.StatusUnauthorized, gin.H{
"errors": []gin.H{{"message": fmt.Sprintf("Error checking user existence: %s", err.Error())}},
})
c.Abort()
return
}
if tenant != tenantName {
log.Printf("User %s does not belong to tenant %s", usernameHeader, tenant)
c.JSON(http.StatusUnauthorized, gin.H{
"errors": []gin.H{{"message": fmt.Sprintf("User %s does not belong to tenant %s", usernameHeader, tenant)}},
})
c.Abort()
return
}
c.Set(security.KEY_USER_ID, userId)
c.Set(security.KEY_USER_ROLES, roles)
} else {
c.Set(security.KEY_USER_ROLES, []string{model.RoleAdmin.String()})
}
c.Next()
}
}