@rivascva/dt-idl 1.1.83 → 1.1.85

package/go/{jwt → auth}/jwt.go

@@ -1,4 +1,4 @@
-package jwt
+package auth
 
 import (
 	"fmt"

package/go/auth/models.go

@@ -0,0 +1,9 @@
+package auth
+
+import "time"
+
+// DefaultServiceTokenDuration is the default duration for service tokens.
+const DefaultServiceTokenDuration = 30 * time.Minute
+
+// approvedServices is a list of services that are allowed to access sensitive data.
+var approvedServices = []string{"dt-trade-service", "dt-portfolio-service", "dt-asset-service", "dt-user-service"}

package/go/auth/utils.go

@@ -0,0 +1,34 @@
+package auth
+
+import (
+	"context"
+	"fmt"
+	"slices"
+
+	"github.com/RivasCVA/dt-idl/go/utils"
+)
+
+// CanActorAccessUserId checks if the actor is allowed to access data for the user id.
+func CanActorAccessUserId(ctx context.Context, userId string) (bool, error) {
+	// get the actor id from the context
+	actorId, err := utils.GetActorIdFromContext(ctx)
+	if err != nil {
+		return false, fmt.Errorf("failed to get the actor id from the context: %w", err)
+	}
+
+	// get the token type from the context
+	tokenType, err := utils.GetTokenTypeFromContext(ctx)
+	if err != nil {
+		return false, fmt.Errorf("failed to get the token type from the context: %w", err)
+	}
+
+	// check if the actor is allowed to access the user id
+	switch tokenType {
+	case "user":
+		return actorId == userId, nil
+	case "service":
+		return slices.Contains(approvedServices, actorId), nil
+	default:
+		return false, fmt.Errorf("invalid token type %s", tokenType)
+	}
+}

package/go/middlewares/middlewares.go

@@ -6,7 +6,7 @@ import (
 	"slices"
 	"strings"
 
-	"github.com/RivasCVA/dt-idl/go/jwt"
+	"github.com/RivasCVA/dt-idl/go/auth"
 	"github.com/RivasCVA/dt-idl/go/log"
 	"github.com/RivasCVA/dt-idl/go/models"
 	"github.com/RivasCVA/dt-idl/go/write"
@@ -35,7 +35,7 @@ func GetAuthMiddleware(secret string) func(http.Handler) http.Handler {
 			}
 
 			// validate the token
-			token, err := jwt.ValidateToken(arr[1], secret)
+			token, err := auth.ValidateToken(arr[1], secret)
 			if err != nil {
 				write.ResponseWithError(r.Context(), w, http.StatusUnauthorized, "invalid token")
 				return

package/go/utils/context.go

@@ -39,6 +39,24 @@ func GetActorIdFromContext(ctx context.Context) (string, error) {
 	return subject, nil
 }
 
+// GetTokenTypeFromContext retrieves the token type from the JWT token in the given context.
+// The token type is a custom claim in the JWT token, and it represents the type of the token (e.g. user or service).
+func GetTokenTypeFromContext(ctx context.Context) (string, error) {
+	// get the token from the context
+	token := GetTokenFromContext(ctx)
+	if token == nil {
+		return "", errors.New("token not found in the context")
+	}
+
+	// get the token type from the token
+	tokenType, ok := token.Claims.(jwt.MapClaims)["type"].(string)
+	if !ok {
+		return "", errors.New("token type not found in the token")
+	}
+
+	return tokenType, nil
+}
+
 // GetRequestPathFromContext retrieves the request path from the given context.
 func GetRequestPathFromContext(ctx context.Context) (string, error) {
 	requestPath, ok := ctx.Value(models.RequestPathKey).(string)

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@rivascva/dt-idl",
-  "version": "1.1.83",
+  "version": "1.1.85",
   "description": "Dream Trade - Interface Definition Language",
   "main": "dist/index.cjs.js",
   "module": "dist/index.esm.js",

package/go/jwt/constants.go

@@ -1,6 +0,0 @@
-package jwt
-
-import "time"
-
-// DefaultServiceTokenDuration is the default duration for service tokens.
-const DefaultServiceTokenDuration = 30 * time.Minute