github.com/voedger/voedger@v0.0.0-20240520144910-273e84102129/pkg/registry/impl_issueprincipaltoken.go

github.com/voedger/voedger@v0.0.0-20240520144910-273e84102129/pkg/registry/impl_issueprincipaltoken.go (about)

     1  /*
     2   * Copyright (c) 2022-present unTill Pro, Ltd.
     3   */
     4  
     5  package registry
     6  
     7  import (
     8  	"context"
     9  	"fmt"
    10  
    11  	"github.com/voedger/voedger/pkg/istructs"
    12  	"github.com/voedger/voedger/pkg/istructsmem"
    13  	"github.com/voedger/voedger/pkg/itokens"
    14  	payloads "github.com/voedger/voedger/pkg/itokens-payloads"
    15  	"github.com/voedger/voedger/pkg/sys/authnz"
    16  )
    17  
    18  // q.registry.IssuePrincipalToken
    19  type iptRR struct {
    20  	istructs.NullObject
    21  	principalToken       string
    22  	profileWSID          int64
    23  	profileCreationError string // like wsError
    24  }
    25  
    26  func (q *iptRR) AsInt64(string) int64 { return q.profileWSID }
    27  func (q *iptRR) AsString(name string) string {
    28  	if name == authnz.Field_WSError {
    29  		return q.profileCreationError
    30  	}
    31  	return q.principalToken
    32  }
    33  
    34  func provideIssuePrincipalTokenExec(itokens itokens.ITokens) istructsmem.ExecQueryClosure {
    35  	return func(ctx context.Context, args istructs.ExecQueryArgs, callback istructs.ExecQueryCallback) (err error) {
    36  		login := args.ArgumentObject.AsString(authnz.Field_Login)
    37  		appName := args.ArgumentObject.AsString(authnz.Field_AppName)
    38  
    39  		appQName, err := istructs.ParseAppQName(appName)
    40  		if err != nil {
    41  			// notest
    42  			// validated already on c.registry.CreateLogin
    43  			return err
    44  		}
    45  
    46  		// TODO: check we're called at our AppWSID?
    47  
    48  		cdocLogin, doesLoginExist, err := GetCDocLogin(login, args.State, args.WSID, appName)
    49  		if err != nil {
    50  			return err
    51  		}
    52  
    53  		if !doesLoginExist {
    54  			return errLoginOrPasswordIsIncorrect
    55  		}
    56  
    57  		isPasswordOK, err := CheckPassword(cdocLogin, args.ArgumentObject.AsString(field_Passwrd))
    58  		if err != nil {
    59  			return err
    60  		}
    61  
    62  		if !isPasswordOK {
    63  			return errLoginOrPasswordIsIncorrect
    64  		}
    65  
    66  		result := &iptRR{
    67  			profileWSID:          cdocLogin.AsInt64(authnz.Field_WSID),
    68  			profileCreationError: cdocLogin.AsString(authnz.Field_WSError),
    69  		}
    70  		if result.profileWSID == 0 || len(result.profileCreationError) > 0 {
    71  			return callback(result)
    72  		}
    73  
    74  		// issue principal token
    75  		principalPayload := payloads.PrincipalPayload{
    76  			Login:       args.ArgumentObject.AsString(authnz.Field_Login),
    77  			SubjectKind: istructs.SubjectKindType(cdocLogin.AsInt32(authnz.Field_SubjectKind)),
    78  			ProfileWSID: istructs.WSID(result.profileWSID),
    79  		}
    80  		if result.principalToken, err = itokens.IssueToken(appQName, authnz.DefaultPrincipalTokenExpiration, &principalPayload); err != nil {
    81  			return fmt.Errorf("principal token issue failed: %w", err)
    82  		}
    83  
    84  		return callback(result)
    85  	}
    86  }