From 8b2213bb045b74da3dbda8fae7c56fee48ebcc94 Mon Sep 17 00:00:00 2001
From: Akshith Madhur <akshithkatkuri14@gmail.com>
Date: Thu, 8 Feb 2024 14:26:39 +0530
Subject: [PATCH 1/2] feat: add token validation at organisation level

---
 server/action/organisation/token/route.go    |  1 +
 server/action/organisation/token/validate.go | 79 ++++++++++++++++++++
 2 files changed, 80 insertions(+)
 create mode 100644 server/action/organisation/token/validate.go

diff --git a/server/action/organisation/token/route.go b/server/action/organisation/token/route.go
index 4fb385d2..add72371 100644
--- a/server/action/organisation/token/route.go
+++ b/server/action/organisation/token/route.go
@@ -18,6 +18,7 @@ func Router() chi.Router {
 	r.Get("/", list)
 	r.Post("/", create)
 	r.Delete("/{token_id}", delete)
+	r.Post("/validate", validate)
 
 	return r
 }
diff --git a/server/action/organisation/token/validate.go b/server/action/organisation/token/validate.go
new file mode 100644
index 00000000..5b27d5d4
--- /dev/null
+++ b/server/action/organisation/token/validate.go
@@ -0,0 +1,79 @@
+package token
+
+import (
+	"encoding/json"
+	"errors"
+	"net/http"
+	"strconv"
+
+	"github.com/factly/kavach-server/model"
+	"github.com/factly/x/errorx"
+	"github.com/factly/x/loggerx"
+	"github.com/factly/x/renderx"
+	"github.com/factly/x/validationx"
+	"github.com/go-chi/chi"
+	"gorm.io/gorm"
+)
+
+// validationBody request body
+type validationBody struct {
+	Token string `json:"token" validate:"required"`
+}
+
+// Validate - validate organisation token
+// @Summary Show a organisation token
+// @Description validate organisation token
+// @Tags OrganisationorganisationsTokens
+// @ID validate-organisation-organisation-token
+// @Produce  json
+// @Param X-Organisation  header string true "Organisation ID"
+// @Param organisation_slug path string true "Application Slug"
+// @Param ValidationBody body ValidationBody true "Validation Body"
+// @Success 200 {object} model.organisation
+// @Router /organisations/{application_id}/tokens/validate [post]
+func validate(w http.ResponseWriter, r *http.Request) {
+	applicaion_id := chi.URLParam(r, "organisation_id")
+	// if applicaion_id == "" {
+	// 	errorx.Render(w, errorx.Parser(errorx.GetMessage("invalid id", http.StatusBadRequest)))
+	// 	return
+	// }
+	id, err := strconv.ParseUint(applicaion_id, 10, 64)
+	if err != nil {
+		errorx.Render(w, errorx.Parser(errorx.GetMessage("invalid id", http.StatusBadRequest)))
+		return
+	}
+	//parse applicaion_id
+
+	tokenBody := validationBody{}
+	err = json.NewDecoder(r.Body).Decode(&tokenBody)
+	if err != nil {
+		loggerx.Error(err)
+		errorx.Render(w, errorx.Parser(errorx.DecodeError()))
+		return
+	}
+
+	validationError := validationx.Check(tokenBody)
+	if validationError != nil {
+		loggerx.Error(errors.New("validation error"))
+		errorx.Render(w, validationError)
+		return
+	}
+
+	orgToken := model.OrganisationToken{}
+	// Fetch all tokens for a organisation
+	err = model.DB.Model(&model.OrganisationToken{}).Preload("Organisation").Where(&model.OrganisationToken{
+		Token: tokenBody.Token, OrganisationID: uint(id),
+	}).First(&orgToken).Error
+
+	if err != nil {
+		loggerx.Error(err)
+		if err == gorm.ErrRecordNotFound {
+			renderx.JSON(w, http.StatusUnauthorized, map[string]interface{}{"valid": false})
+			return
+		}
+		errorx.Render(w, errorx.Parser(errorx.InternalServerError()))
+		return
+	}
+
+	renderx.JSON(w, http.StatusOK, map[string]interface{}{"valid": true})
+}

From e35a9a4cbf51cf1b217fcab70de126fc5639d197 Mon Sep 17 00:00:00 2001
From: Akshith Madhur <akshithkatkuri14@gmail.com>
Date: Thu, 8 Feb 2024 14:34:14 +0530
Subject: [PATCH 2/2] typo

---
 server/action/organisation/token/validate.go | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/server/action/organisation/token/validate.go b/server/action/organisation/token/validate.go
index 5b27d5d4..cfa143f4 100644
--- a/server/action/organisation/token/validate.go
+++ b/server/action/organisation/token/validate.go
@@ -32,12 +32,12 @@ type validationBody struct {
 // @Success 200 {object} model.organisation
 // @Router /organisations/{application_id}/tokens/validate [post]
 func validate(w http.ResponseWriter, r *http.Request) {
-	applicaion_id := chi.URLParam(r, "organisation_id")
-	// if applicaion_id == "" {
-	// 	errorx.Render(w, errorx.Parser(errorx.GetMessage("invalid id", http.StatusBadRequest)))
-	// 	return
-	// }
-	id, err := strconv.ParseUint(applicaion_id, 10, 64)
+	organisation_id := chi.URLParam(r, "organisation_id")
+	if organisation_id == "" {
+		errorx.Render(w, errorx.Parser(errorx.GetMessage("invalid id", http.StatusBadRequest)))
+		return
+	}
+	id, err := strconv.ParseUint(organisation_id, 10, 64)
 	if err != nil {
 		errorx.Render(w, errorx.Parser(errorx.GetMessage("invalid id", http.StatusBadRequest)))
 		return