go-duck-cli 1.1.24 → 1.1.26
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/generators/multitenancy.js +29 -7
- package/generators/security.js +15 -1
- package/package.json +1 -1
|
@@ -173,9 +173,9 @@ func TenantMiddleware(db *gorm.DB, cfg *config.Config) gin.HandlerFunc {
|
|
|
173
173
|
}
|
|
174
174
|
|
|
175
175
|
if len(requestedTenants) > 0 {
|
|
176
|
-
db.Raw("SELECT role_name, db_name, is_primary FROM tenant_roles WHERE role_name IN ? AND tenant_id IN ?", lowerRoles, requestedTenants).Scan(&mappings)
|
|
176
|
+
db.Raw("SELECT role_name, db_name, is_primary FROM tenant_roles WHERE LOWER(role_name) IN ? AND tenant_id IN ?", lowerRoles, requestedTenants).Scan(&mappings)
|
|
177
177
|
} else {
|
|
178
|
-
db.Raw("SELECT role_name, db_name, is_primary FROM tenant_roles WHERE role_name IN ?", lowerRoles).Scan(&mappings)
|
|
178
|
+
db.Raw("SELECT role_name, db_name, is_primary FROM tenant_roles WHERE LOWER(role_name) IN ?", lowerRoles).Scan(&mappings)
|
|
179
179
|
}
|
|
180
180
|
|
|
181
181
|
if len(mappings) == 0 {
|
|
@@ -202,9 +202,22 @@ func TenantMiddleware(db *gorm.DB, cfg *config.Config) gin.HandlerFunc {
|
|
|
202
202
|
|
|
203
203
|
c.Set("primaryRole", "fallback")
|
|
204
204
|
} else {
|
|
205
|
-
|
|
205
|
+
isGenericRole := func(role string) bool {
|
|
206
|
+
r := strings.ToLower(role)
|
|
207
|
+
return r == "offline_access" || r == "uma_authorization" || strings.HasPrefix(r, "default-roles-")
|
|
208
|
+
}
|
|
209
|
+
|
|
210
|
+
// Sort by is_primary to ensure primary silo is selected, prioritizing dedicated roles over generic ones
|
|
206
211
|
sort.Slice(mappings, func(i, j int) bool {
|
|
207
|
-
|
|
212
|
+
if mappings[i].IsPrimary != mappings[j].IsPrimary {
|
|
213
|
+
return mappings[i].IsPrimary
|
|
214
|
+
}
|
|
215
|
+
gI := isGenericRole(mappings[i].RoleName)
|
|
216
|
+
gJ := isGenericRole(mappings[j].RoleName)
|
|
217
|
+
if gI != gJ {
|
|
218
|
+
return !gI
|
|
219
|
+
}
|
|
220
|
+
return false
|
|
208
221
|
})
|
|
209
222
|
|
|
210
223
|
for _, m := range mappings {
|
|
@@ -339,15 +352,24 @@ func CreateDatabaseAndMigrate(masterDB *gorm.DB) gin.HandlerFunc {
|
|
|
339
352
|
|
|
340
353
|
// 3. Upsert mapping
|
|
341
354
|
var existing models.TenantRole
|
|
355
|
+
isPrimary := req.IsPrimary
|
|
356
|
+
var count int64
|
|
357
|
+
masterDB.Model(&models.TenantRole{}).Where("role_name = ?", req.RoleName).Count(&count)
|
|
358
|
+
if count == 0 {
|
|
359
|
+
isPrimary = true
|
|
360
|
+
}
|
|
342
361
|
if err := masterDB.Where("role_name = ? AND db_name = ?", req.RoleName, req.DBName).First(&existing).Error; err == nil {
|
|
343
|
-
|
|
362
|
+
if count <= 1 {
|
|
363
|
+
isPrimary = true
|
|
364
|
+
}
|
|
365
|
+
existing.IsPrimary = isPrimary
|
|
344
366
|
masterDB.Save(&existing)
|
|
345
367
|
} else {
|
|
346
368
|
masterDB.Create(&models.TenantRole{
|
|
347
369
|
TenantID: uuid.New().String(),
|
|
348
370
|
RoleName: req.RoleName,
|
|
349
371
|
DBName: req.DBName,
|
|
350
|
-
IsPrimary:
|
|
372
|
+
IsPrimary: isPrimary,
|
|
351
373
|
})
|
|
352
374
|
}
|
|
353
375
|
|
|
@@ -360,7 +382,7 @@ func CreateDatabaseAndMigrate(masterDB *gorm.DB) gin.HandlerFunc {
|
|
|
360
382
|
migrations.RunGoNativeMigrationsForTenant(tenantDB)
|
|
361
383
|
}
|
|
362
384
|
|
|
363
|
-
c.JSON(http.StatusOK, gin.H{"message": "Role silo assigned successfully", "role": req.RoleName, "primary":
|
|
385
|
+
c.JSON(http.StatusOK, gin.H{"message": "Role silo assigned successfully", "role": req.RoleName, "primary": isPrimary})
|
|
364
386
|
}
|
|
365
387
|
}
|
|
366
388
|
|
package/generators/security.js
CHANGED
|
@@ -174,9 +174,23 @@ func JWTMiddleware() gin.HandlerFunc {
|
|
|
174
174
|
if claims, ok := token.Claims.(jwt.MapClaims); ok {
|
|
175
175
|
c.Set("KeycloakID", claims["sub"])
|
|
176
176
|
c.Set("UserEmail", claims["email"])
|
|
177
|
+
|
|
178
|
+
var allRoles []interface{}
|
|
177
179
|
if ra, ok := claims["realm_access"].(map[string]interface{}); ok {
|
|
178
|
-
|
|
180
|
+
if rList, ok := ra["roles"].([]interface{}); ok {
|
|
181
|
+
allRoles = append(allRoles, rList...)
|
|
182
|
+
}
|
|
183
|
+
}
|
|
184
|
+
if resAcc, ok := claims["resource_access"].(map[string]interface{}); ok {
|
|
185
|
+
for _, clientObj := range resAcc {
|
|
186
|
+
if clientMap, ok := clientObj.(map[string]interface{}); ok {
|
|
187
|
+
if rList, ok := clientMap["roles"].([]interface{}); ok {
|
|
188
|
+
allRoles = append(allRoles, rList...)
|
|
189
|
+
}
|
|
190
|
+
}
|
|
191
|
+
}
|
|
179
192
|
}
|
|
193
|
+
c.Set("UserRoles", allRoles)
|
|
180
194
|
}
|
|
181
195
|
|
|
182
196
|
c.Next()
|