diff --git a/api/handlers/v1/auth.go b/api/handlers/v1/auth.go index 4d7475e..86ae1c1 100644 --- a/api/handlers/v1/auth.go +++ b/api/handlers/v1/auth.go @@ -30,8 +30,9 @@ func (h *Handler) AuthRegister(c echo.Context) error { // if the user is not found, we can use that name if err.Error() != repositories.ErrUserNotFound { return c.JSON(http.StatusInternalServerError, domain.ErrorResponse{ - HttpCode: http.StatusInternalServerError, - Message: err.Error(), + + Message: err.Error(), + Success: true, }) } } @@ -43,16 +44,16 @@ func (h *Handler) AuthRegister(c echo.Context) error { err = h.UserService.CheckPasswordForRequirements(password) if err != nil { return c.JSON(http.StatusInternalServerError, domain.ErrorResponse{ - HttpCode: http.StatusInternalServerError, - Message: err.Error(), + Success: false, + Message: err.Error(), }) } _, err = h.userRepo.Create(username, password, domain.ScopeRecipeRead) if err != nil { return c.JSON(http.StatusInternalServerError, domain.ErrorResponse{ - HttpCode: http.StatusInternalServerError, - Message: err.Error(), + Success: false, + Message: err.Error(), }) } @@ -101,9 +102,42 @@ func (h *Handler) validateAdminToken(c echo.Context, password string) error { return c.JSON(http.StatusOK, token) } -//func (h *Handler) AddScope(c echo.Context) error { -// -//} +func (h *Handler) AddScope(c echo.Context) error { + token, err := h.getJwtToken(c) + if err != nil { + return h.ReturnUnauthorizedResponse(c, err.Error()) + } + + err = token.IsValid(domain.ScopeAll) + if err != nil { + return h.ReturnUnauthorizedResponse(c, err.Error()) + } + + request := domain.AddScopeRequest{} + err = (&echo.DefaultBinder{}).BindBody(c, &request) + if err != nil { + return c.JSON(http.StatusBadRequest, domain.ErrorResponse{ + Success: false, + Message: err.Error(), + }) + } + + err = h.UserService.AddScopes(request.Username, request.Scopes) + if err != nil { + return h.InternalServerErrorResponse(c, err.Error()) + } + + return c.JSON(http.StatusOK, domain.ErrorResponse{ + Success: true, + }) +} + +func (h *Handler) RemoveScope(c echo.Context) error { + return c.JSON(http.StatusOK, domain.ErrorResponse{ + Success: false, + Message: "Not Implemented", + }) +} func (h *Handler) RefreshJwtToken(c echo.Context) error { return nil diff --git a/api/handlers/v1/handler.go b/api/handlers/v1/handler.go index 5268b45..6db17fe 100644 --- a/api/handlers/v1/handler.go +++ b/api/handlers/v1/handler.go @@ -37,10 +37,14 @@ func (h *Handler) Register(v1 *echo.Group) { SigningKey: []byte(h.Config.JwtSecret), } - v1.POST("/login", h.AuthLogin) - v1.POST("/register", h.AuthRegister) - demo := v1.Group("/demo") + auth := v1.Group("/auth") + auth.POST("/login", h.AuthLogin) + auth.POST("/register", h.AuthRegister) + auth.Use(echojwt.WithConfig(jwtConfig)) + auth.POST("/scopes/add", h.AddScope) + //auth.POST("/refresh", h.RefreshJwtToken) + demo := v1.Group("/demo") demo.GET("/hello", h.DemoHello) demo.GET("/hello/:who", h.HelloWho) @@ -61,14 +65,14 @@ func (h *Handler) Register(v1 *echo.Group) { func (h *Handler) ReturnUnauthorizedResponse(c echo.Context, message string) error { return c.JSON(http.StatusUnauthorized, domain.ErrorResponse{ - HttpCode: http.StatusUnauthorized, - Message: message, + Success: false, + Message: message, }) } func (h *Handler) InternalServerErrorResponse(c echo.Context, message string) error { return c.JSON(http.StatusServiceUnavailable, domain.ErrorResponse{ - HttpCode: http.StatusInternalServerError, + Success: false, Message: message, }) }