Feat(BE-69,70,71,72,73): crud and integration sso with lti, revoke_token

internal/modules/sso/controllers/user_sync.controller.go

@@ -13,22 +13,21 @@ import (
 	"strings"
 	"sync"
 	"time"
-		"github.com/go-playground/validator/v10"
+	"github.com/go-playground/validator/v10"
 	"github.com/gofiber/fiber/v2"
 	"github.com/redis/go-redis/v9"
 	"github.com/sirupsen/logrus"
 	"gorm.io/gorm"
 
 	"gitlab.com/mbugroup/lti-api.git/internal/config"
-	"gitlab.com/mbugroup/lti-api.git/internal/modules/users/dto"
 	entity "gitlab.com/mbugroup/lti-api.git/internal/entities"
+	"gitlab.com/mbugroup/lti-api.git/internal/modules/users/dto"
 	userRepository "gitlab.com/mbugroup/lti-api.git/internal/modules/users/repositories"
 	"gitlab.com/mbugroup/lti-api.git/internal/response"
 	"gitlab.com/mbugroup/lti-api.git/internal/sso"
 	"gitlab.com/mbugroup/lti-api.git/internal/utils"
 )
 
-
 const (
 	headerClient    = "X-Sync-Client"
 	headerTimestamp = "X-Sync-Timestamp"
@@ -209,6 +208,18 @@ func (h *UserSyncController) authenticate(c *fiber.Ctx, body []byte) (string, co
 
 	expectedSignature := h.calculateSignature(secret, rawAlias, timestamp, nonce, body)
 	if !hmac.Equal(providedSig, expectedSignature) {
+		bodyHash := sha256.Sum256(body)
+		h.log.WithFields(logrus.Fields{
+			"alias":             rawAlias,
+			"alias_key":         aliasKey,
+			"timestamp":         timestamp,
+			"nonce":             nonce,
+			"body_len":          len(body),
+			"body_sha256":       hex.EncodeToString(bodyHash[:]),
+			"body_base64":       base64.StdEncoding.EncodeToString(body),
+			"provided_hex_full": hex.EncodeToString(providedSig),
+			"expected_hex_full": hex.EncodeToString(expectedSignature),
+		}).Warn("sso sync signature mismatch")
 		return "", config.SSOClientConfig{}, fiber.NewError(fiber.StatusUnauthorized, "invalid signature")
 	}