From cc6ee43d64bd3742ba4734d42f6ce49cf41605b8 Mon Sep 17 00:00:00 2001 From: elliot14A Date: Thu, 4 May 2023 11:58:58 +0530 Subject: [PATCH 1/2] feat: added application token validation --- .../organisation/application/token/route.go | 3 +++ .../application/token/validate.go | 19 ++++++++++++------- 2 files changed, 15 insertions(+), 7 deletions(-) diff --git a/server/action/organisation/application/token/route.go b/server/action/organisation/application/token/route.go index 052e0174..c2efb4a2 100644 --- a/server/action/organisation/application/token/route.go +++ b/server/action/organisation/application/token/route.go @@ -9,7 +9,9 @@ type createAppToken struct { Name string `json:"name,omitempty" validate:"required"` Description string `json:"description,omitempty"` } + const namespace string = "applications" + type applicationToken struct { model.Base Name string `gorm:"column:name" json:"name"` @@ -25,6 +27,7 @@ func Router() chi.Router { r.Post("/", create) r.Get("/", list) r.Delete("/{token_id}", delete) + r.Post("/validate", validate) return r } diff --git a/server/action/organisation/application/token/validate.go b/server/action/organisation/application/token/validate.go index 08038a1b..5ac43b63 100644 --- a/server/action/organisation/application/token/validate.go +++ b/server/action/organisation/application/token/validate.go @@ -29,14 +29,19 @@ type ValidationBody struct { // @Param application_slug path string true "Application Slug" // @Param ValidationBody body ValidationBody true "Validation Body" // @Success 200 {object} model.Application -// @Router /applications/{application_slug}/validateToken [post] -func Validate(w http.ResponseWriter, r *http.Request) { - appSlug := chi.URLParam(r, "application_slug") - if appSlug == "" { - errorx.Render(w, errorx.Parser(errorx.GetMessage("invalid slug", http.StatusBadRequest))) +// @Router /applications/{application_id}/tokens/validate [post] +func validate(w http.ResponseWriter, r *http.Request) { + applicaion_id := chi.URLParam(r, "application_id") + // if applicaion_id == "" { + // errorx.Render(w, errorx.Parser(errorx.GetMessage("invalid id", http.StatusBadRequest))) + // return + // } + id, err := strconv.ParseUint(applicaion_id, 10, 64) + if err != nil { + errorx.Render(w, errorx.Parser(errorx.GetMessage("invalid id", http.StatusBadRequest))) return } - + //parse applicaion_id orgID, err := strconv.Atoi(r.Header.Get("X-Organisation")) if err != nil { errorx.Render(w, errorx.Parser(errorx.InvalidID())) @@ -64,7 +69,7 @@ func Validate(w http.ResponseWriter, r *http.Request) { Token: tokenBody.Token, }).First(&appToken).Error - if err != nil || appToken.Application.Slug != appSlug || appToken.Application.OrganisationID != uint(orgID) { + if err != nil || appToken.ApplicationID != uint(id) || appToken.Application.OrganisationID != uint(orgID) { loggerx.Error(err) errorx.Render(w, errorx.Parser(errorx.RecordNotFound())) return From 851938340611e6eac748e039213491300c33aca3 Mon Sep 17 00:00:00 2001 From: elliot14A Date: Thu, 4 May 2023 12:17:29 +0530 Subject: [PATCH 2/2] feat: updated status codes for token validation function --- .../application/token/validate.go | 28 ++++++++----------- 1 file changed, 12 insertions(+), 16 deletions(-) diff --git a/server/action/organisation/application/token/validate.go b/server/action/organisation/application/token/validate.go index 5ac43b63..ebb9d1cc 100644 --- a/server/action/organisation/application/token/validate.go +++ b/server/action/organisation/application/token/validate.go @@ -12,10 +12,11 @@ import ( "github.com/factly/x/renderx" "github.com/factly/x/validationx" "github.com/go-chi/chi" + "gorm.io/gorm" ) -// ValidationBody request body -type ValidationBody struct { +// validationBody request body +type validationBody struct { Token string `json:"token" validate:"required"` } @@ -42,13 +43,8 @@ func validate(w http.ResponseWriter, r *http.Request) { return } //parse applicaion_id - orgID, err := strconv.Atoi(r.Header.Get("X-Organisation")) - if err != nil { - errorx.Render(w, errorx.Parser(errorx.InvalidID())) - return - } - tokenBody := ValidationBody{} + tokenBody := validationBody{} err = json.NewDecoder(r.Body).Decode(&tokenBody) if err != nil { loggerx.Error(err) @@ -66,18 +62,18 @@ func validate(w http.ResponseWriter, r *http.Request) { appToken := model.ApplicationToken{} // Fetch all tokens for a application err = model.DB.Model(&model.ApplicationToken{}).Preload("Application").Where(&model.ApplicationToken{ - Token: tokenBody.Token, + Token: tokenBody.Token, ApplicationID: uint(id), }).First(&appToken).Error - if err != nil || appToken.ApplicationID != uint(id) || appToken.Application.OrganisationID != uint(orgID) { + if err != nil { loggerx.Error(err) - errorx.Render(w, errorx.Parser(errorx.RecordNotFound())) + if err == gorm.ErrRecordNotFound { + renderx.JSON(w, http.StatusUnauthorized, map[string]interface{}{"valid": false}) + return + } + errorx.Render(w, errorx.Parser(errorx.InternalServerError())) return } - if tokenBody.Token == appToken.Token { - renderx.JSON(w, http.StatusOK, map[string]interface{}{"valid": true}) - } else { - renderx.JSON(w, http.StatusUnauthorized, map[string]interface{}{"valid": false}) - } + renderx.JSON(w, http.StatusOK, map[string]interface{}{"valid": true}) }