wip: clean up api

cmd/api/cmd/root.go

@@ -8,8 +8,8 @@ import (
 	"github.com/zeiss/typhoon/internal/api/controllers"
 	"github.com/zeiss/typhoon/internal/api/services"
 	openapi "github.com/zeiss/typhoon/pkg/apis"
+	"github.com/zeiss/typhoon/pkg/fake"
 
-	"github.com/getkin/kin-openapi/openapi3filter"
 	"github.com/gofiber/fiber/v2"
 	logger "github.com/gofiber/fiber/v2/middleware/logger"
 	requestid "github.com/gofiber/fiber/v2/middleware/requestid"
@@ -81,9 +81,7 @@ func (s *WebSrv) Start(ctx context.Context, ready server.ReadyFunc, run server.R
 		app.Use(logger.New())
 
 		validatorOptions := &middleware.Options{}
-		validatorOptions.Options.AuthenticationFunc = func(ctx context.Context, filter *openapi3filter.AuthenticationInput) error {
-			return nil
-		}
+		validatorOptions.Options.AuthenticationFunc = fake.NewAuthenticator()
 
 		app.Use(middleware.OapiRequestValidatorWithOptions(swagger, validatorOptions))
 

internal/api/adapters/db/db.go

@@ -1,6 +1,8 @@
 package db
 
 import (
+	authz "github.com/zeiss/fiber-authz"
+	"github.com/zeiss/fiber-goth/adapters"
 	"github.com/zeiss/typhoon/internal/api/models"
 	"github.com/zeiss/typhoon/internal/api/ports"
 
@@ -27,6 +29,13 @@ func NewDB(conn *gorm.DB) *DB {
 // RunMigrations ...
 func (db *DB) RunMigrations() error {
 	return db.conn.AutoMigrate(
+		&models.Team{},
+		&authz.User{},
+		&authz.Role{},
+		&authz.Permission{},
+		&authz.UserRole{},
+		&adapters.Account{},
+		&adapters.Session{},
 		&models.User{},
 		&models.Account{},
 		&models.Operator{},

internal/api/controllers/teams.go

@@ -3,11 +3,13 @@ package controllers
 import "github.com/zeiss/typhoon/internal/api/ports"
 
 // TeamsController ...
-type TeamsController struct {
+type TeamsController interface{}
+
+type teamsController struct {
 	db ports.Teams
 }
 
 // NewTeamsController ...
-func NewTeamsController(db ports.Teams) *TeamsController {
-	return &TeamsController{db}
+func NewTeamsController(db ports.Teams) *teamsController {
+	return &teamsController{db}
 }

internal/api/models/account.go

@@ -9,8 +9,10 @@ import (
 
 // Account ...
 type Account struct {
-	ID   uuid.UUID `json:"id" gorm:"type:uuid;primary_key;default:gen_random_uuid()"`
-	Name string    `json:"name"`
+	// ID is the unique identifier for the account.
+	ID uuid.UUID `json:"id" gorm:"type:uuid;primary_key;default:gen_random_uuid()"`
+	// Name is the name of the account.
+	Name string `json:"name"`
 
 	// Operator is the operator that created the account.
 	Operator   Operator  `json:"operator"`
@@ -24,16 +26,19 @@ type Account struct {
 	Token   Token  `json:"token" gorm:"foreignKey:TokenID"`
 	TokenID string `json:"token_id"`
 
-	// Accounts is the list of accounts that the operator has.
+	// SigningKeys is the list of signing keys the account has.
 	SigningKeys []NKey `json:"signing_keys" gorm:"many2many:account_signing_keys;foreignKey:ID;joinForeignKey:AccountID;joinReferences:SigningKeyID"`
 
 	// Users is the list of users that the account has.
 	Users []User `json:"users" gorm:"foreignKey:AccountID"`
 
-	// Owner is the owner of the account.
-	Owner Ownership `json:"owner" gorm:"polymorphic:Ownable;polymorphicValue:account;"`
+	// OwnedBy is the owner of the account. This is usually a team.
+	OwnedBy Ownership `json:"owner" gorm:"polymorphic:Ownable;polymorphicValue:account;"`
 
-	CreatedAt time.Time      `json:"created_at"`
-	UpdatedAt time.Time      `json:"updated_at"`
+	// CreatedAt is the time the account was created.
+	CreatedAt time.Time `json:"created_at"`
+	// UpdatedAt is the time the account was updated.
+	UpdatedAt time.Time `json:"updated_at"`
+	// DeletedAt is the time the account was deleted.
 	DeletedAt gorm.DeletedAt `json:"deleted_at" gorm:"index"`
 }

internal/api/models/ownership.go

@@ -7,15 +7,19 @@ import (
 	"gorm.io/gorm"
 )
 
-// OwnableType ...
+// OwnableType is a polymorphic type for ownership.
 type OwnableType string
 
 // OwnableType are the different types of ownable resources.
 const (
-	SystemOwnable   OwnableType = "system"
-	AccountOwnable  OwnableType = "account"
+	// SystemOwnable is a system.
+	SystemOwnable OwnableType = "system"
+	// AccountOwnable is an account.
+	AccountOwnable OwnableType = "account"
+	// OperatorOwnable is an operator.
 	OperatorOwnable OwnableType = "operator"
-	UserOwnable     OwnableType = "user"
+	// UserOwnable is a user.
+	UserOwnable OwnableType = "user"
 )
 
 // Ownership ...

internal/api/models/system.go

@@ -27,11 +27,12 @@ type System struct {
 
 	// Tags is the tags that are associated with the system.
 	Tags []*Tag `json:"tags" gorm:"polymorphic:Taggable;polymorphicValue:system;"`
-	// Owners is the owners that are associated with the system.
-	Owners []*Ownership `json:"owners" gorm:"polymorphic:Ownable;polymorphicValue:system;"`
 	// Teams is the teams that are associated with the system.
 	Teams []*Team `json:"teams" gorm:"many2many:team_systems;"`
 
+	// OwnedBy is the owner of the account. This is usually a team.
+	OwnedBy Ownership `json:"owner" gorm:"polymorphic:Ownable;polymorphicValue:account;"`
+
 	// CreatedAt is the time the system was created.
 	CreatedAt time.Time `json:"created_at"`
 	// UpdatedAt is the time the system was updated.

internal/api/models/tokens.go

@@ -8,10 +8,16 @@ import (
 
 // Token ...
 type Token struct {
-	ID    string `json:"token_id" gorm:"primaryKey"`
+	// ID is the unique identifier for the token.
+	// This is the public key portion of the NKey.
+	ID string `json:"token_id" gorm:"primaryKey"`
+	// Token is the JWT token used to authenticate the account.
 	Token string `json:"token"`
 
-	CreatedAt time.Time      `json:"created_at"`
-	UpdatedAt time.Time      `json:"updated_at"`
+	// CreatedAt is the time the token was created.
+	CreatedAt time.Time `json:"created_at"`
+	// UpdatedAt is the time the token was updated.
+	UpdatedAt time.Time `json:"updated_at"`
+	// DeletedAt is the time the token was deleted.
 	DeletedAt gorm.DeletedAt `json:"deleted_at" gorm:"index"`
 }

internal/api/models/user.go

@@ -9,8 +9,12 @@ import (
 
 // User ...
 type User struct {
-	ID   uuid.UUID `json:"id" gorm:"type:uuid;primary_key;default:gen_random_uuid()"`
-	Name string    `json:"name"`
+	// ID is the unique identifier for the user.
+	ID uuid.UUID `json:"id" gorm:"type:uuid;primary_key;default:gen_random_uuid()"`
+	// Name is the name of the user.
+	Name string `json:"name" validate:"required,min=3,max=128"`
+	// Description is the description of the user.
+	Description string `json:"description" validate:"max=1024"`
 
 	// Account is the account that created the user.
 	Account   Account   `json:"account"`
@@ -24,10 +28,13 @@ type User struct {
 	Token   Token  `json:"token" gorm:"foreignKey:TokenID"`
 	TokenID string `json:"token_id"`
 
-	// Owner is the owner of the user.
-	Owner Ownership `json:"owner" gorm:"polymorphic:Ownable;polymorphicValue:user;"`
+	// OwnedBy is the owner of the account. This is usually a team.
+	OwnedBy Ownership `json:"owner" gorm:"polymorphic:Ownable;polymorphicValue:user;"`
 
-	CreatedAt time.Time      `json:"created_at"`
-	UpdatedAt time.Time      `json:"updated_at"`
+	// CreatedAt is the time the user was created.
+	CreatedAt time.Time `json:"created_at"`
+	// UpdatedAt is the time the user was updated.
+	UpdatedAt time.Time `json:"updated_at"`
+	// DeletedAt is the time the user was deleted.
 	DeletedAt gorm.DeletedAt `json:"deleted_at" gorm:"index"`
 }

internal/api/services/api.go

@@ -14,8 +14,8 @@ var _ openapi.StrictServerInterface = (*ApiHandlers)(nil)
 
 // ApiHandlers ...
 type ApiHandlers struct {
+	teams     controllers.TeamsController
 	systems   *controllers.SystemsController
-	teams     *controllers.TeamsController
 	version   *controllers.VersionController
 	operators *controllers.OperatorsController
 	accounts  *controllers.AccountsController
@@ -25,7 +25,7 @@ type ApiHandlers struct {
 }
 
 // NewApiHandlers ...
-func NewApiHandlers(systems *controllers.SystemsController, teams *controllers.TeamsController, version *controllers.VersionController, operators *controllers.OperatorsController, accounts *controllers.AccountsController, users *controllers.UsersController) *ApiHandlers {
+func NewApiHandlers(systems *controllers.SystemsController, teams controllers.TeamsController, version *controllers.VersionController, operators *controllers.OperatorsController, accounts *controllers.AccountsController, users *controllers.UsersController) *ApiHandlers {
 	return &ApiHandlers{systems: systems, teams: teams, version: version, operators: operators, accounts: accounts, users: users}
 }
 

internal/utils/iam.go

@@ -0,0 +1,31 @@
+package utils
+
+import authz "github.com/zeiss/fiber-authz"
+
+const (
+	// PermissionAdmin grants all permissions on a team
+	PermissionAdmin = authz.AuthzAction("admin")
+	// PermissionSuperAdmin grants all permissions
+	PermissionSuperAdmin = authz.AuthzAction("superadmin")
+	// PermissionCreate grants the ability to create
+	PermissionCreate = authz.AuthzAction("create")
+	// PermissionDelete grants the ability to delete
+	PermissionDelete = authz.AuthzAction("delete")
+	// PermissionEdit grants the ability to edit
+	PermissionEdit = authz.AuthzAction("edit")
+	// PermissionView grants the ability to read
+	PermissionView = authz.AuthzAction("view")
+)
+
+const (
+	// RoleAdmin grants all permissions on a team
+	RoleAdmin = authz.AuthzAction("Admin")
+	// RoleSuperAdmin grants all permissions
+	RoleSuperAdmin = authz.AuthzAction("Super Admin")
+	// RoleOwner grants all permissions
+	RoleOwner = authz.AuthzAction("Owner")
+	// Editor grants the ability to edit
+	RoleEditor = authz.AuthzAction("Editor")
+	// RoleViewer grants the ability to read
+	RoleViewer = authz.AuthzAction("Viewer")
+)

pkg/apis/api.go

@@ -5,9 +5,6 @@ import (
 	"errors"
 )
 
-// Unimplemented ...
-type Unimplemented struct{}
-
 var _ StrictServerInterface = (*Unimplemented)(nil)
 
 // CreateOperator ...
@@ -85,6 +82,11 @@ func (u *Unimplemented) ListOperatorAccountSigningKeys(ctx context.Context, requ
 	return nil, errors.New("not implemented")
 }
 
+// DeleteSigningKeyGroup ...
+func (u *Unimplemented) DeleteSigningKeyGroup(ctx context.Context, request DeleteSigningKeyGroupRequestObject) (DeleteSigningKeyGroupResponseObject, error) {
+	return nil, errors.New("not implemented")
+}
+
 // ListOperatorAccountUsers ...
 func (u *Unimplemented) ListOperatorAccountUsers(ctx context.Context, request ListOperatorAccountUsersRequestObject) (ListOperatorAccountUsersResponseObject, error) {
 	return nil, errors.New("not implemented")
@@ -105,6 +107,11 @@ func (u *Unimplemented) CreateOperatorAccountUser(ctx context.Context, request C
 	return nil, errors.New("not implemented")
 }
 
+// DeleteTeamAccountUser ...
+func (u *Unimplemented) DeleteTeamAccountUser(ctx context.Context, request DeleteTeamAccountUserRequestObject) (DeleteTeamAccountUserResponseObject, error) {
+	return nil, errors.New("not implemented")
+}
+
 // GetOperatorAccountUserToken ...
 func (u *Unimplemented) GetOperatorAccountUserToken(ctx context.Context, request GetOperatorAccountUserTokenRequestObject) (GetOperatorAccountUserTokenResponseObject, error) {
 	return nil, errors.New("not implemented")
@@ -137,7 +144,7 @@ func (u *Unimplemented) CreateSystem(ctx context.Context, request CreateSystemRe
 
 // GetSystem ...
 func (u *Unimplemented) GetSystem(ctx context.Context, request GetSystemRequestObject) (GetSystemResponseObject, error) {
-	return nil, errors.New("not implemented")
+	return GetSystem501JSONResponse(GetOperator501JSONResponse{UnimplementedJSONResponse(NotImplemented("Not implemented"))}), nil
 }
 
 // UpdateSystem ...