feat: record audit events for api token creation and revocation
This commit is contained in:
@@ -6,6 +6,7 @@ import (
|
|||||||
"crypto/sha256"
|
"crypto/sha256"
|
||||||
"encoding/base64"
|
"encoding/base64"
|
||||||
"encoding/hex"
|
"encoding/hex"
|
||||||
|
"encoding/json"
|
||||||
"errors"
|
"errors"
|
||||||
"fmt"
|
"fmt"
|
||||||
"mal/internal/domain"
|
"mal/internal/domain"
|
||||||
@@ -17,11 +18,12 @@ import (
|
|||||||
)
|
)
|
||||||
|
|
||||||
type authService struct {
|
type authService struct {
|
||||||
repo domain.AuthRepository
|
repo domain.AuthRepository
|
||||||
|
auditSvc domain.AuditService
|
||||||
}
|
}
|
||||||
|
|
||||||
func NewAuthService(repo domain.AuthRepository) domain.AuthService {
|
func NewAuthService(repo domain.AuthRepository, auditSvc domain.AuditService) domain.AuthService {
|
||||||
return &authService{repo: repo}
|
return &authService{repo: repo, auditSvc: auditSvc}
|
||||||
}
|
}
|
||||||
|
|
||||||
func (s *authService) Login(ctx context.Context, username, password string) (*domain.Session, error) {
|
func (s *authService) Login(ctx context.Context, username, password string) (*domain.Session, error) {
|
||||||
@@ -67,6 +69,24 @@ func (s *authService) LoginForAPIToken(ctx context.Context, username, password,
|
|||||||
return "", nil, err
|
return "", nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
metadataBytes, err := json.Marshal(struct {
|
||||||
|
Name string `json:"name"`
|
||||||
|
}{Name: trimmedName})
|
||||||
|
if err == nil {
|
||||||
|
_ = s.auditSvc.Record(ctx, domain.AuditEvent{
|
||||||
|
UserID: user.ID,
|
||||||
|
Action: "api_token_created",
|
||||||
|
ResourceType: "api_token",
|
||||||
|
MetadataJSON: metadataBytes,
|
||||||
|
})
|
||||||
|
} else {
|
||||||
|
_ = s.auditSvc.Record(ctx, domain.AuditEvent{
|
||||||
|
UserID: user.ID,
|
||||||
|
Action: "api_token_created",
|
||||||
|
ResourceType: "api_token",
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
||||||
return rawToken, user, nil
|
return rawToken, user, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -124,7 +144,15 @@ func (s *authService) RevokeAllAPITokensForUser(ctx context.Context, userID stri
|
|||||||
if strings.TrimSpace(userID) == "" {
|
if strings.TrimSpace(userID) == "" {
|
||||||
return errors.New("user id missing")
|
return errors.New("user id missing")
|
||||||
}
|
}
|
||||||
return s.repo.RevokeAllAPITokensForUser(ctx, userID)
|
if err := s.repo.RevokeAllAPITokensForUser(ctx, userID); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
_ = s.auditSvc.Record(ctx, domain.AuditEvent{
|
||||||
|
UserID: userID,
|
||||||
|
Action: "api_token_revoked_all",
|
||||||
|
ResourceType: "api_token",
|
||||||
|
})
|
||||||
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func newOpaqueToken() (token string, tokenHash string, err error) {
|
func newOpaqueToken() (token string, tokenHash string, err error) {
|
||||||
|
|||||||
Reference in New Issue
Block a user