@rivascva/dt-idl 1.1.95 → 1.1.97

package/go/auth/utils.go

@@ -33,8 +33,8 @@ func CanActorAccessResourcesForUser(ctx context.Context, userId string) (bool, e
 	}
 }
 
-// CanActorAccessResourcesForAll checks if the actor is allowed to access resources for all users.
-func CanActorAccessResourcesForAll(ctx context.Context) (bool, error) {
+// CanActorAccessAllResources checks if the actor is allowed to access all resources.
+func CanActorAccessAllResources(ctx context.Context) (bool, error) {
 	// get the actor id from the context
 	actorId, err := utils.GetActorIdFromContext(ctx)
 	if err != nil {
@@ -47,7 +47,7 @@ func CanActorAccessResourcesForAll(ctx context.Context) (bool, error) {
 		return false, fmt.Errorf("failed to get the token type from the context: %w", err)
 	}
 
-	// check if the actor is allowed to access the user id
+	// check if the actor is a service
 	switch tokenType {
 	case "user":
 		return false, nil

package/go/request/auth_transport.go

@@ -0,0 +1,91 @@
+package request
+
+import (
+	"fmt"
+	"net/http"
+	"sync"
+	"time"
+
+	"github.com/RivasCVA/dt-idl/go/auth"
+	"github.com/golang-jwt/jwt/v5"
+)
+
+type AuthTransport struct {
+	mu        sync.RWMutex
+	transport http.RoundTripper
+	service   string
+	secret    string
+	token     *jwt.Token
+}
+
+func (t *AuthTransport) RoundTrip(req *http.Request) (*http.Response, error) {
+	// get the token
+	t.mu.RLock()
+	token := t.token
+	t.mu.RUnlock()
+
+	// get the token expiration time
+	expirationTime := time.Time{}
+	if token != nil {
+		e, err := token.Claims.GetExpirationTime()
+		if err != nil {
+			return nil, fmt.Errorf("failed to get the expiration time from the token: %w", err)
+		}
+		expirationTime = e.Time
+	}
+
+	// check if the token is expired or close to expiring
+	if expirationTime.Before(time.Now().Add(time.Minute)) {
+		err := t.setNewToken()
+		if err != nil {
+			return nil, fmt.Errorf("failed to set a new token: %w", err)
+		}
+	}
+
+	// perform the request
+	req.Header.Add("Authorization", fmt.Sprintf("Bearer %s", t.token.Raw))
+	resp, err := t.transport.RoundTrip(req)
+	if err != nil {
+		return nil, err
+	}
+
+	// check if the request failed due to an authorization error.
+	// this should ideally not happen since we are setting a new token if the current one is expired or close to expiring,
+	// but it is still possible for the token to be revoked.
+	if resp != nil && resp.StatusCode == http.StatusUnauthorized {
+		// set a new token
+		err := t.setNewToken()
+		if err != nil {
+			return nil, fmt.Errorf("failed to set a new token: %w", err)
+		}
+
+		// retry the request
+		req.Header.Add("Authorization", fmt.Sprintf("Bearer %s", t.token.Raw))
+		return t.transport.RoundTrip(req)
+	}
+
+	// return the original response
+	return resp, err
+}
+
+func (t *AuthTransport) setNewToken() error {
+	t.mu.Lock()
+	defer t.mu.Unlock()
+
+	// create a new service token
+	rawToken, err := auth.NewServiceToken(t.secret, t.service, t.service, auth.DefaultServiceTokenDuration)
+	if err != nil {
+		return fmt.Errorf("failed to create a new service token: %w", err)
+	}
+
+	// validate the token
+	token, err := auth.ValidateToken(rawToken, t.secret)
+	if err != nil {
+		return fmt.Errorf("failed to validate the new token: %w", err)
+	}
+
+	// set the new token
+	t.token = token
+
+	return nil
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@rivascva/dt-idl",
-  "version": "1.1.95",
+  "version": "1.1.97",
   "description": "Dream Trade - Interface Definition Language",
   "main": "dist/index.cjs.js",
   "module": "dist/index.esm.js",