feat ACL management

febrihidayan · Jan 19, 2024 · f714c5f · f714c5f
1 parent fe0eae7
commit f714c5f
Show file tree

Hide file tree

Showing 31 changed files with 940 additions and 4 deletions.
diff --git a/krakend/krakend.json b/krakend/krakend.json
@@ -382,6 +382,114 @@
                 }
             }
         },
+        {
+            "endpoint": "/v1/auth/acl",
+            "method": "GET",
+            "input_headers": ["Authorization"],
+            "output_encoding": "no-op",
+            "backend": [
+                {
+                    "url_pattern": "/v1/auth/acl",
+                    "host": [
+                        "http://auth-go:8083"
+                    ],
+                    "extra_config": {
+                        "backend/http": {
+                            "return_error_code": true
+                        }
+                    }
+                }
+            ],
+            "extra_config": {
+                "auth/validator": {
+                    "alg": "HS256",
+                    "jwk_url": "http://fake_api:8080/jwk/symmetric.json",
+                    "roles": ["superadministrator", "administrator"],
+                    "disable_jwk_security": true
+                }
+            }
+        },
+        {
+            "endpoint": "/v1/auth/acl/access",
+            "method": "GET",
+            "input_headers": ["Authorization"],
+            "output_encoding": "no-op",
+            "backend": [
+                {
+                    "url_pattern": "/v1/auth/acl/access",
+                    "host": [
+                        "http://auth-go:8083"
+                    ],
+                    "extra_config": {
+                        "backend/http": {
+                            "return_error_code": true
+                        }
+                    }
+                }
+            ],
+            "extra_config": {
+                "auth/validator": {
+                    "alg": "HS256",
+                    "jwk_url": "http://fake_api:8080/jwk/symmetric.json",
+                    "roles": ["superadministrator", "administrator", "member"],
+                    "disable_jwk_security": true
+                }
+            }
+        },
+        {
+            "endpoint": "/v1/auth/acl/user/{id}",
+            "method": "GET",
+            "input_headers": ["Authorization"],
+            "output_encoding": "no-op",
+            "backend": [
+                {
+                    "url_pattern": "/v1/auth/acl/user/{id}",
+                    "host": [
+                        "http://auth-go:8083"
+                    ],
+                    "extra_config": {
+                        "backend/http": {
+                            "return_error_code": true
+                        }
+                    }
+                }
+            ],
+            "extra_config": {
+                "auth/validator": {
+                    "alg": "HS256",
+                    "jwk_url": "http://fake_api:8080/jwk/symmetric.json",
+                    "roles": ["superadministrator", "administrator"],
+                    "disable_jwk_security": true
+                }
+            }
+        },
+        {
+            "endpoint": "/v1/auth/acl/user/{id}",
+            "method": "PUT",
+            "input_headers": ["Authorization"],
+            "output_encoding": "no-op",
+            "backend": [
+                {
+                    "url_pattern": "/v1/auth/acl/user/{id}",
+                    "host": [
+                        "http://auth-go:8083"
+                    ],
+                    "extra_config": {
+                        "backend/http": {
+                            "return_error_code": true
+                        }
+                    }
+                }
+            ],
+            "extra_config": {
+                "auth/validator": {
+                    "alg": "HS256",
+                    "jwk_url": "http://fake_api:8080/jwk/symmetric.json",
+                    "roles": ["superadministrator", "administrator"],
+                    "disable_jwk_security": true
+                }
+            }
+        },
         {
             "endpoint": "/v1/users",
             "method": "GET",

diff --git a/services/auth/cmd/main.go b/services/auth/cmd/main.go
@@ -13,6 +13,7 @@ import (
 	"github.com/febrihidayan/go-architecture-monorepo/services/auth/internal/config"
 	"github.com/febrihidayan/go-architecture-monorepo/services/auth/internal/delivery/grpc_client"
 	"github.com/febrihidayan/go-architecture-monorepo/services/auth/internal/delivery/grpc_server"
+	acl_handler "github.com/febrihidayan/go-architecture-monorepo/services/auth/internal/delivery/http/delivery/acl"
 	auth_handler "github.com/febrihidayan/go-architecture-monorepo/services/auth/internal/delivery/http/delivery/auth"
 	permision_handler "github.com/febrihidayan/go-architecture-monorepo/services/auth/internal/delivery/http/delivery/permission"
 	role_handler "github.com/febrihidayan/go-architecture-monorepo/services/auth/internal/delivery/http/delivery/role"
@@ -98,4 +99,5 @@ func initHandler(
 	auth_handler.AuthHttpHandler(router, cfg, mongoFactory, grpcClientFactory)
 	permision_handler.PermissionHttpHandler(router, cfg, mongoFactory)
 	role_handler.RoleHttpHandler(router, cfg, mongoFactory)
+	acl_handler.AclHttpHandler(router, cfg, mongoFactory)
 }
diff --git a/services/auth/domain/entities/acl.go b/services/auth/domain/entities/acl.go
@@ -0,0 +1,15 @@
+package entities
+
+type AclQueryParams struct {
+}
+
+type AclMeta struct {
+	Roles       []*Role
+	Permissions []*Permission
+}
+
+type AclUserDto struct {
+	UserId      string
+	Roles       []string
+	Permissions []string
+}
diff --git a/services/auth/domain/entities/permission_role.go b/services/auth/domain/entities/permission_role.go
@@ -1,25 +1,34 @@
 package entities
 
 import (
+	"github.com/febrihidayan/go-architecture-monorepo/pkg/common"
 	"github.com/febrihidayan/go-architecture-monorepo/pkg/lang"
 	"github.com/hashicorp/go-multierror"
 )
 
 type PermissionRole struct {
+	ID           common.ID
 	PermissionId string
 	RoleId       string
 }
 
 type PermissionRoleDto struct {
+	ID           *common.ID
 	PermissionId string
 	RoleId       string
 }
 
 func NewPermissionRole(x PermissionRoleDto) *PermissionRole {
-	return &PermissionRole{
+	permissionRole := PermissionRole{
 		PermissionId: x.PermissionId,
 		RoleId:       x.RoleId,
 	}
+
+	if x.ID != nil {
+		permissionRole.ID = *x.ID
+	}
+
+	return &permissionRole
 }
 
 func (x *PermissionRole) Validate() (err *multierror.Error) {

diff --git a/services/auth/domain/entities/permission_user.go b/services/auth/domain/entities/permission_user.go
@@ -1,25 +1,34 @@
 package entities
 
 import (
+	"github.com/febrihidayan/go-architecture-monorepo/pkg/common"
 	"github.com/febrihidayan/go-architecture-monorepo/pkg/lang"
 	"github.com/hashicorp/go-multierror"
 )
 
 type PermissionUser struct {
+	ID           common.ID
 	PermissionId string
 	UserId       string
 }
 
 type PermissionUserDto struct {
+	ID           *common.ID
 	PermissionId string
 	UserId       string
 }
 
 func NewPermissionUser(x PermissionUserDto) *PermissionUser {
-	return &PermissionUser{
+	permissionUser := PermissionUser{
 		PermissionId: x.PermissionId,
 		UserId:       x.UserId,
 	}
+
+	if x.ID != nil {
+		permissionUser.ID = *x.ID
+	}
+
+	return &permissionUser
 }
 
 func (x *PermissionUser) Validate() (err *multierror.Error) {

diff --git a/services/auth/domain/entities/role_user.go b/services/auth/domain/entities/role_user.go
@@ -1,25 +1,34 @@
 package entities
 
 import (
+	"github.com/febrihidayan/go-architecture-monorepo/pkg/common"
 	"github.com/febrihidayan/go-architecture-monorepo/pkg/lang"
 	"github.com/hashicorp/go-multierror"
 )
 
 type RoleUser struct {
+	ID     common.ID
 	UserId string
 	RoleId string
 }
 
 type RoleUserDto struct {
+	ID     *common.ID
 	UserId string
 	RoleId string
 }
 
 func NewRoleUser(x RoleUserDto) *RoleUser {
-	return &RoleUser{
+	roleUser := RoleUser{
 		UserId: x.UserId,
 		RoleId: x.RoleId,
 	}
+
+	if x.ID != nil {
+		roleUser.ID = *x.ID
+	}
+
+	return &roleUser
 }
 
 func (x *RoleUser) Validate() (err *multierror.Error) {

diff --git a/services/auth/domain/repositories/permission.go b/services/auth/domain/repositories/permission.go
@@ -10,6 +10,8 @@ type PermissionRepository interface {
 	Create(ctx context.Context, payload *entities.Permission) error
 	Find(ctx context.Context, id string) (*entities.Permission, error)
 	FindByName(ctx context.Context, name string) (*entities.Permission, error)
+	All(ctx context.Context) ([]*entities.Permission, error)
 	GetAll(ctx context.Context, params *entities.PermissionQueryParams) ([]*entities.Permission, int, error)
+	AllByUserId(ctx context.Context, userId string) ([]*entities.Permission, error)
 	Update(ctx context.Context, payload *entities.Permission) error
 }
diff --git a/services/auth/domain/repositories/permission_user.go b/services/auth/domain/repositories/permission_user.go
@@ -10,4 +10,6 @@ type PermissionUserRepository interface {
 	CreateMany(ctx context.Context, payloads []*entities.PermissionUser) error
 	AllByUserId(ctx context.Context, userId string) ([]*entities.PermissionUser, error)
 	Delete(ctx context.Context, payload *entities.PermissionUser) error
+	DeleteByUserId(ctx context.Context, userId string) error
+	DeleteByPermissionIds(ctx context.Context, ids []string) error
 }
diff --git a/services/auth/domain/repositories/role.go b/services/auth/domain/repositories/role.go
@@ -10,6 +10,8 @@ type RoleRepository interface {
 	Create(ctx context.Context, payload *entities.Role) error
 	Find(ctx context.Context, id string) (*entities.Role, error)
 	FindByName(ctx context.Context, name string) (*entities.Role, error)
+	All(ctx context.Context) ([]*entities.Role, error)
 	GetAll(ctx context.Context, params *entities.RoleQueryParams) ([]*entities.Role, int, error)
+	AllByUserId(ctx context.Context, userId string) ([]*entities.Role, error)
 	Update(ctx context.Context, payload *entities.Role) error
 }
diff --git a/services/auth/domain/repositories/role_user.go b/services/auth/domain/repositories/role_user.go
@@ -10,4 +10,6 @@ type RoleUserRepository interface {
 	CreateMany(ctx context.Context, payloads []*entities.RoleUser) error
 	AllByUserId(ctx context.Context, userId string) ([]*entities.RoleUser, error)
 	Delete(ctx context.Context, payload *entities.RoleUser) error
+	DeleteByUserId(ctx context.Context, userId string) error
+	DeleteByRoleIds(ctx context.Context, ids []string) error
 }
diff --git a/services/auth/domain/usecases/acl.go b/services/auth/domain/usecases/acl.go
@@ -0,0 +1,14 @@
+package usecases
+
+import (
+	"context"
+
+	"github.com/febrihidayan/go-architecture-monorepo/pkg/exceptions"
+	"github.com/febrihidayan/go-architecture-monorepo/services/auth/domain/entities"
+)
+
+type AclUsecase interface {
+	GetAll(ctx context.Context) (*entities.AclMeta, *exceptions.CustomError)
+	GetAllUser(ctx context.Context, userId string) (*entities.AclMeta, *exceptions.CustomError)
+	UpdateUser(ctx context.Context, payload entities.AclUserDto) *exceptions.CustomError
+}
diff --git a/services/auth/internal/delivery/http/delivery/acl/access.go b/services/auth/internal/delivery/http/delivery/acl/access.go
@@ -0,0 +1,30 @@
+package acl_handler
+
+import (
+	"context"
+	"net/http"
+
+	"github.com/febrihidayan/go-architecture-monorepo/pkg/exceptions"
+	"github.com/febrihidayan/go-architecture-monorepo/pkg/utils"
+	"github.com/febrihidayan/go-architecture-monorepo/services/auth/internal/delivery/http/response"
+)
+
+func (x *aclHttpHandler) Access(w http.ResponseWriter, r *http.Request) {
+	var (
+		ctx = context.Background()
+	)
+
+	jwtToken, errJwt := utils.DecodeJwtToken(r.Header.Get("Authorization"))
+	if errJwt != nil {
+		utils.RespondWithError(w, http.StatusBadRequest, []error{errJwt})
+		return
+	}
+
+	results, err := x.aclUsecase.GetAllUser(ctx, jwtToken.Subject)
+	if err != nil {
+		utils.RespondWithError(w, exceptions.MapToHttpStatusCode(err.Status), err.Errors.Errors)
+		return
+	}
+
+	utils.RespondWithJSON(w, http.StatusOK, response.MapAclAccessListResponse(results))
+}
diff --git a/services/auth/internal/delivery/http/delivery/acl/get_all.go b/services/auth/internal/delivery/http/delivery/acl/get_all.go
@@ -0,0 +1,24 @@
+package acl_handler
+
+import (
+	"context"
+	"net/http"
+
+	"github.com/febrihidayan/go-architecture-monorepo/pkg/exceptions"
+	"github.com/febrihidayan/go-architecture-monorepo/pkg/utils"
+	"github.com/febrihidayan/go-architecture-monorepo/services/auth/internal/delivery/http/response"
+)
+
+func (x *aclHttpHandler) GetAll(w http.ResponseWriter, r *http.Request) {
+	var (
+		ctx = context.Background()
+	)
+
+	results, err := x.aclUsecase.GetAll(ctx)
+	if err != nil {
+		utils.RespondWithError(w, exceptions.MapToHttpStatusCode(err.Status), err.Errors.Errors)
+		return
+	}
+
+	utils.RespondWithJSON(w, http.StatusOK, response.MapAclListResponse(results))
+}
diff --git a/services/auth/internal/delivery/http/delivery/acl/get_all_user.go b/services/auth/internal/delivery/http/delivery/acl/get_all_user.go
@@ -0,0 +1,39 @@
+package acl_handler
+
+import (
+	"context"
+	"errors"
+	"net/http"
+
+	"github.com/febrihidayan/go-architecture-monorepo/pkg/exceptions"
+	"github.com/febrihidayan/go-architecture-monorepo/pkg/utils"
+	"github.com/febrihidayan/go-architecture-monorepo/services/auth/internal/delivery/http/response"
+	"github.com/gorilla/mux"
+)
+
+func (x *aclHttpHandler) GetAllUser(w http.ResponseWriter, r *http.Request) {
+	var (
+		ctx  = context.Background()
+		vars = mux.Vars(r)
+		id   = vars["id"]
+	)
+
+	if id == "" {
+		utils.RespondWithError(w, http.StatusBadRequest, []error{errors.New("param id required")})
+		return
+	}
+
+	_, errJwt := utils.DecodeJwtToken(r.Header.Get("Authorization"))
+	if errJwt != nil {
+		utils.RespondWithError(w, http.StatusBadRequest, []error{errJwt})
+		return
+	}
+
+	results, err := x.aclUsecase.GetAllUser(ctx, id)
+	if err != nil {
+		utils.RespondWithError(w, exceptions.MapToHttpStatusCode(err.Status), err.Errors.Errors)
+		return
+	}
+
+	utils.RespondWithJSON(w, http.StatusOK, response.MapAclListResponse(results))
+}