added space validation for tokens

factly · Sep 6, 2022 · 797e06d · 797e06d
1 parent d11fa79
commit 797e06d
Show file tree

Hide file tree

Showing 2 changed files with 63 additions and 2 deletions.
diff --git a/server/action/organisation/application/space/token/validate.go b/server/action/organisation/application/space/token/validate.go
@@ -0,0 +1,61 @@
+package token
+
+import (
+	"encoding/json"
+	"errors"
+	"net/http"
+	"strconv"
+
+	"github.com/factly/kavach-server/model"
+	"github.com/factly/x/errorx"
+	"github.com/factly/x/loggerx"
+	"github.com/factly/x/renderx"
+	"github.com/factly/x/validationx"
+	"github.com/go-chi/chi"
+)
+
+type ValidationBody struct {
+	Token string `json:"token" validate:"required"`
+}
+
+func Validate(w http.ResponseWriter, r *http.Request) {
+	sID := chi.URLParam(r, "space_id")
+	spaceID, err := strconv.Atoi(sID)
+	if err != nil {
+		loggerx.Error(err)
+		errorx.Render(w, errorx.Parser(errorx.InvalidID()))
+		return
+	}
+
+	tokenBody := ValidationBody{}
+	err = json.NewDecoder(r.Body).Decode(&tokenBody)
+	if err != nil {
+		loggerx.Error(err)
+		errorx.Render(w, errorx.Parser(errorx.DecodeError()))
+		return
+	}
+
+	validationError := validationx.Check(tokenBody)
+	if validationError != nil {
+		loggerx.Error(errors.New("validation error"))
+		errorx.Render(w, validationError)
+		return
+	}
+
+	spaceToken := model.SpaceToken{}
+	err = model.DB.Model(&model.SpaceToken{}).Where(&model.SpaceToken{
+		Token: tokenBody.Token,
+	}).Find(&spaceToken).Error
+	if err != nil {
+		loggerx.Error(err)
+		errorx.Render(w, errorx.Parser(errorx.Unauthorized()))
+		return
+	}
+
+	if spaceToken.SpaceID != uint(spaceID) {
+		renderx.JSON(w, http.StatusUnauthorized, map[string]interface{}{"valid": false})
+		return
+	}
+
+	renderx.JSON(w, http.StatusOK, map[string]interface{}{"valid": true})
+}
diff --git a/server/action/routes.go b/server/action/routes.go
@@ -8,7 +8,7 @@ import (
 
 	"github.com/factly/kavach-server/action/medium"
 	"github.com/factly/kavach-server/action/organisation"
-	"github.com/factly/kavach-server/action/organisation/application/token"
+	"github.com/factly/kavach-server/action/organisation/application/space/token"
 	"github.com/factly/kavach-server/action/profile"
 	"github.com/factly/kavach-server/action/user"
 	"github.com/factly/kavach-server/action/util"
@@ -43,7 +43,7 @@ func RegisterRoutes() http.Handler {
 	r.Mount("/profile", profile.Router())
 	r.Mount("/media", medium.Router())
 	r.Mount("/util", util.Router())
-	r.Post("/applications/{application_slug}/validateToken", token.Validate)
+	r.Post("/spaces/{space_id}/validateToken", token.Validate)
 
 	sqlDB, _ := model.DB.DB()