wip: delete token

ZEISS · Apr 30, 2024 · 8ab9cea · 8ab9cea
1 parent 4e78e74
commit 8ab9cea
Show file tree

Hide file tree

Showing 4 changed files with 59 additions and 0 deletions.
diff --git a/internal/api/adapters/db/accounts.go b/internal/api/adapters/db/accounts.go
@@ -18,6 +18,7 @@ func (db *DB) GetAccount(ctx context.Context, id uuid.UUID) (*models.Account, er
 		Preload("Operator.Token").
 		Preload("Operator.SigningKeys").
 		Preload("SigningKeys").
+		Preload("Users").
 		First(account).Error
 	if err != nil {
 		return nil, err

diff --git a/internal/api/controllers/accounts.go b/internal/api/controllers/accounts.go
@@ -3,6 +3,7 @@ package controllers
 import (
 	"context"
 	"fmt"
+	"time"
 
 	"github.com/google/uuid"
 	"github.com/nats-io/jwt/v2"
@@ -165,3 +166,47 @@ func (c *AccountsController) UpdateAccount(ctx context.Context, req UpdateOperat
 
 	return account, nil
 }
+
+// DeleteToken ...
+func (c *AccountsController) DeleteToken(ctx context.Context, accountID uuid.UUID) error {
+	account, err := c.db.GetAccount(ctx, accountID)
+	if err != nil {
+		return err
+	}
+
+	operator, err := c.db.GetOperator(ctx, account.OperatorID)
+	if err != nil {
+		return err
+	}
+
+	osk, err := nkeys.FromSeed(operator.SigningKeys[0].Seed)
+	if err != nil {
+		return err
+	}
+
+	ac, err := jwt.DecodeAccountClaims(account.Token.Token)
+	if err != nil {
+		return err
+	}
+
+	ac.Expires = time.Now().Add(time.Minute).Unix()
+
+	for _, user := range account.Users {
+		if ac.Revocations[user.KeyID] == 0 {
+			ac.Revoke(user.KeyID)
+		}
+	}
+
+	token, err := ac.Encode(osk)
+	if err != nil {
+		return err
+	}
+	account.Token.Token = token
+
+	err = c.db.UpdateAccount(ctx, account)
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
diff --git a/internal/api/models/account.go b/internal/api/models/account.go
@@ -27,6 +27,9 @@ type Account struct {
 	// Accounts is the list of accounts that the operator has.
 	SigningKeys []NKey `json:"signing_keys" gorm:"many2many:account_signing_keys;foreignKey:ID;joinForeignKey:AccountID;joinReferences:SigningKeyID"`
 
+	// Users is the list of users that the account has.
+	Users []User `json:"users" gorm:"foreignKey:AccountID"`
+
 	CreatedAt time.Time      `json:"created_at"`
 	UpdatedAt time.Time      `json:"updated_at"`
 	DeletedAt gorm.DeletedAt `json:"deleted_at" gorm:"index"`

diff --git a/internal/api/services/api.go b/internal/api/services/api.go
@@ -69,6 +69,16 @@ func (a *ApiHandlers) DeleteSystem(ctx context.Context, req openapi.DeleteSystem
 	return openapi.DeleteSystem204Response(openapi.DeleteSystem204Response{}), nil
 }
 
+// DeleteOperatorAccountToken ...
+func (a *ApiHandlers) DeleteOperatorAccountToken(ctx context.Context, req openapi.DeleteOperatorAccountTokenRequestObject) (openapi.DeleteOperatorAccountTokenResponseObject, error) {
+	err := a.accounts.DeleteToken(ctx, req.AccountId)
+	if err != nil {
+		return nil, err
+	}
+
+	return openapi.DeleteOperatorAccountToken204Response(openapi.DeleteOperatorAccountToken204Response{}), nil
+}
+
 // ListSystems ...
 func (a *ApiHandlers) ListSystems(ctx context.Context, req openapi.ListSystemsRequestObject) (openapi.ListSystemsResponseObject, error) {
 	pagination := models.Pagination[models.System]{}