Skip to content

Commit

Permalink
Merge pull request #364 from factly/token-validation
Browse files Browse the repository at this point in the history
Application token validation
  • Loading branch information
vsumit89 authored May 4, 2023
2 parents 8c3b6c4 + 8519383 commit d3ebda4
Show file tree
Hide file tree
Showing 2 changed files with 25 additions and 21 deletions.
3 changes: 3 additions & 0 deletions server/action/organisation/application/token/route.go
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,9 @@ type createAppToken struct {
Name string `json:"name,omitempty" validate:"required"`
Description string `json:"description,omitempty"`
}

const namespace string = "applications"

type applicationToken struct {
model.Base
Name string `gorm:"column:name" json:"name"`
Expand All @@ -25,6 +27,7 @@ func Router() chi.Router {
r.Post("/", create)
r.Get("/", list)
r.Delete("/{token_id}", delete)
r.Post("/validate", validate)

return r
}
43 changes: 22 additions & 21 deletions server/action/organisation/application/token/validate.go
Original file line number Diff line number Diff line change
Expand Up @@ -12,10 +12,11 @@ import (
"github.com/factly/x/renderx"
"github.com/factly/x/validationx"
"github.com/go-chi/chi"
"gorm.io/gorm"
)

// ValidationBody request body
type ValidationBody struct {
// validationBody request body
type validationBody struct {
Token string `json:"token" validate:"required"`
}

Expand All @@ -29,21 +30,21 @@ type ValidationBody struct {
// @Param application_slug path string true "Application Slug"
// @Param ValidationBody body ValidationBody true "Validation Body"
// @Success 200 {object} model.Application
// @Router /applications/{application_slug}/validateToken [post]
func Validate(w http.ResponseWriter, r *http.Request) {
appSlug := chi.URLParam(r, "application_slug")
if appSlug == "" {
errorx.Render(w, errorx.Parser(errorx.GetMessage("invalid slug", http.StatusBadRequest)))
return
}

orgID, err := strconv.Atoi(r.Header.Get("X-Organisation"))
// @Router /applications/{application_id}/tokens/validate [post]
func validate(w http.ResponseWriter, r *http.Request) {
applicaion_id := chi.URLParam(r, "application_id")
// if applicaion_id == "" {
// errorx.Render(w, errorx.Parser(errorx.GetMessage("invalid id", http.StatusBadRequest)))
// return
// }
id, err := strconv.ParseUint(applicaion_id, 10, 64)
if err != nil {
errorx.Render(w, errorx.Parser(errorx.InvalidID()))
errorx.Render(w, errorx.Parser(errorx.GetMessage("invalid id", http.StatusBadRequest)))
return
}
//parse applicaion_id

tokenBody := ValidationBody{}
tokenBody := validationBody{}
err = json.NewDecoder(r.Body).Decode(&tokenBody)
if err != nil {
loggerx.Error(err)
Expand All @@ -61,18 +62,18 @@ func Validate(w http.ResponseWriter, r *http.Request) {
appToken := model.ApplicationToken{}
// Fetch all tokens for a application
err = model.DB.Model(&model.ApplicationToken{}).Preload("Application").Where(&model.ApplicationToken{
Token: tokenBody.Token,
Token: tokenBody.Token, ApplicationID: uint(id),
}).First(&appToken).Error

if err != nil || appToken.Application.Slug != appSlug || appToken.Application.OrganisationID != uint(orgID) {
if err != nil {
loggerx.Error(err)
errorx.Render(w, errorx.Parser(errorx.RecordNotFound()))
if err == gorm.ErrRecordNotFound {
renderx.JSON(w, http.StatusUnauthorized, map[string]interface{}{"valid": false})
return
}
errorx.Render(w, errorx.Parser(errorx.InternalServerError()))
return
}

if tokenBody.Token == appToken.Token {
renderx.JSON(w, http.StatusOK, map[string]interface{}{"valid": true})
} else {
renderx.JSON(w, http.StatusUnauthorized, map[string]interface{}{"valid": false})
}
renderx.JSON(w, http.StatusOK, map[string]interface{}{"valid": true})
}

0 comments on commit d3ebda4

Please sign in to comment.