5a877ca1a1
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
Add auth-svc /validate endpoint for token checking Add chat-svc with auth client and Redis task queue Add worker-svc chat handler for task processing Co-Authored-By: Claude Code <claude@anthropic.com>
55 lines
1.5 KiB
Go
55 lines
1.5 KiB
Go
package handlers
|
|
|
|
import (
|
|
"net/http"
|
|
|
|
"git.threesix.ai/jordan/sp4-debug-1770477266/pkg/auth"
|
|
"git.threesix.ai/jordan/sp4-debug-1770477266/pkg/httperror"
|
|
"git.threesix.ai/jordan/sp4-debug-1770477266/pkg/httpresponse"
|
|
"git.threesix.ai/jordan/sp4-debug-1770477266/pkg/logging"
|
|
)
|
|
|
|
// Validate handles token validation requests from sibling services.
|
|
type Validate struct {
|
|
validator *auth.JWTValidator
|
|
logger *logging.Logger
|
|
}
|
|
|
|
// NewValidate creates a new Validate handler.
|
|
func NewValidate(validator *auth.JWTValidator, logger *logging.Logger) *Validate {
|
|
return &Validate{
|
|
validator: validator,
|
|
logger: logger.WithComponent("ValidateHandler"),
|
|
}
|
|
}
|
|
|
|
// ValidateResponse is returned on successful token validation.
|
|
type ValidateResponse struct {
|
|
UserID string `json:"user_id"`
|
|
Email string `json:"email,omitempty"`
|
|
Roles []string `json:"roles,omitempty"`
|
|
Scopes []string `json:"scopes,omitempty"`
|
|
}
|
|
|
|
// Check validates the Bearer token from the Authorization header.
|
|
func (h *Validate) Check(w http.ResponseWriter, r *http.Request) error {
|
|
token := auth.ExtractBearerToken(r)
|
|
if token == "" {
|
|
return httperror.Unauthorized("missing authorization token")
|
|
}
|
|
|
|
user, err := h.validator.Validate(r.Context(), token)
|
|
if err != nil {
|
|
h.logger.Debug("token validation failed", "error", err)
|
|
return httperror.Unauthorized("invalid token")
|
|
}
|
|
|
|
httpresponse.OK(w, r, ValidateResponse{
|
|
UserID: user.ID,
|
|
Email: user.Email,
|
|
Roles: user.Roles,
|
|
Scopes: user.Scopes,
|
|
})
|
|
return nil
|
|
}
|