mirror of
https://gitlab.com/mbugroup/lti-api.git
synced 2026-05-20 05:21:57 +00:00
Merge branch 'feat/BE/US-304/permission-middleware-adjustment' into 'feat/BE/Sprint-7'
[FIX/BE][US#304]: add refresh token and adjustment permission See merge request mbugroup/lti-api!106
This commit is contained in:
Hafizh A. Y.
@@ -104,11 +104,12 @@ func AuthenticatedUser(c *fiber.Ctx) (*entity.User, bool) {
|
||||
}
|
||||
|
||||
func ActorIDFromContext(c *fiber.Ctx) (uint, error) {
|
||||
user, ok := AuthenticatedUser(c)
|
||||
if !ok || user == nil || user.Id == 0 {
|
||||
return 0, fiber.NewError(fiber.StatusUnauthorized, "Please authenticate")
|
||||
}
|
||||
return user.Id, nil
|
||||
// user, ok := AuthenticatedUser(c)
|
||||
// if !ok || user == nil || user.Id == 0 {
|
||||
// return 0, fiber.NewError(fiber.StatusUnauthorized, "Please authenticate")
|
||||
// }
|
||||
// return user.Id, nil
|
||||
return 1, nil
|
||||
}
|
||||
|
||||
// AuthDetails returns the full authentication context (token, claims, user).
|
||||
|
||||
@@ -2,9 +2,10 @@ package middleware
|
||||
|
||||
// project-flock
|
||||
const (
|
||||
P_ProjectFlockKandangsClosing = "lti.production.project_flock_kandangs.closing"
|
||||
P_ProjectFlockKandangsGetAll = "lti.production.project_flock_kandangs.list"
|
||||
P_ProjectFlockKandangsGetOne = "lti.production.project_flock_kandangs.detail"
|
||||
P_ProjectFlockKandangsClosing = "lti.production.project_flock_kandangs.closing"
|
||||
P_ProjectFlockKandangsCheckClosing = "lti.production.project_flock_kandangs.closing.detail"
|
||||
P_ProjectFlockKandangsGetAll = "lti.production.project_flock_kandangs.list"
|
||||
P_ProjectFlockKandangsGetOne = "lti.production.project_flock_kandangs.detail"
|
||||
|
||||
P_ProjectFlockGetAll = "lti.production.project_flocks.list"
|
||||
P_ProjectFlockCreate = "lti.production.project_flocks.create"
|
||||
@@ -52,18 +53,8 @@ const (
|
||||
P_ProductWarehouseGetOne = "lti.inventory.product_warehouses.detail"
|
||||
)
|
||||
const (
|
||||
P_ClosingGetAll = "lti.closing.list"
|
||||
P_ClosingPenjualan = "lti.closing.penjualan"
|
||||
P_ClosingGetSummary = "lti.closing.getsummary"
|
||||
P_ClosingGetOverhead = "lti.closing.getoverhead"
|
||||
P_ClosingCountSapronakKandang = "lti.closing.getsapronakcount.kandang"
|
||||
P_ClosingCountSapronak = "lti.closing.getsapronakcount"
|
||||
P_ClosingSapronak = "lti.closing.getsapronak"
|
||||
|
||||
P_ClosingExpeditionHpp = "lti.closing.expedition"
|
||||
P_ClosingExpeditionHppByKandang = "lti.closing.expedition.kandang"
|
||||
P_ClosingDataProduction = "lti.closing.production.data"
|
||||
P_ClosingKeuangan = "lti.closing.keuangan"
|
||||
P_ClosingGetAll = "lti.closing.list"
|
||||
P_ClosingDetail = "lti.closing.detail"
|
||||
)
|
||||
|
||||
const (
|
||||
@@ -73,13 +64,13 @@ const (
|
||||
)
|
||||
|
||||
const (
|
||||
P_TransferToLaying_GetAll = "lti.production.transfer_to_laying.list"
|
||||
P_TransferToLaying_GetOne = "lti.production.transfer_to_laying.detail"
|
||||
P_TransferToLaying_CreateOne = "lti.production.transfer_to_laying.create"
|
||||
P_TransferToLaying_UpdateOne = "lti.production.transfer_to_laying.update"
|
||||
P_TransferToLaying_DeleteOne = "lti.production.transfer_to_laying.delete"
|
||||
P_TransferToLaying_Approval = "lti.production.transfer_to_laying.approve"
|
||||
P_TransferToLaying_GetAvailableQty = "lti.production.transfer_to_laying.getavailableqty"
|
||||
P_TransferToLaying_GetAll = "lti.production.transfer_to_laying.list"
|
||||
P_TransferToLaying_GetOne = "lti.production.transfer_to_laying.detail"
|
||||
P_TransferToLaying_CreateOne = "lti.production.transfer_to_laying.create"
|
||||
P_TransferToLaying_UpdateOne = "lti.production.transfer_to_laying.update"
|
||||
P_TransferToLaying_DeleteOne = "lti.production.transfer_to_laying.delete"
|
||||
P_TransferToLaying_Approval = "lti.production.transfer_to_laying.approve"
|
||||
P_TransferToLaying_GetAvailableQty = "lti.production.transfer_to_laying.getavailableqty"
|
||||
)
|
||||
|
||||
const (
|
||||
|
||||
@@ -22,14 +22,14 @@ func ClosingRoutes(v1 fiber.Router, u user.UserService, s closing.ClosingService
|
||||
// route.Delete("/:id", m.Auth(u), ctrl.DeleteOne)
|
||||
|
||||
route.Get("/", m.RequirePermissions(m.P_ClosingGetAll), ctrl.GetAll)
|
||||
route.Get("/:project_flock_id/penjualan", m.RequirePermissions(m.P_ClosingPenjualan), ctrl.GetPenjualan)
|
||||
route.Get("/:projectFlockId", m.RequirePermissions(m.P_ClosingGetSummary), ctrl.GetClosingSummary)
|
||||
route.Get("/:project_flock_id/overhead", m.RequirePermissions(m.P_ClosingGetOverhead), ctrl.GetOverhead)
|
||||
route.Get("/:project_flock_id/:project_flock_kandang_id/perhitungan_sapronak", m.RequirePermissions(m.P_ClosingCountSapronakKandang), ctrl.GetSapronakByKandang)
|
||||
route.Get("/:project_flock_id/perhitungan_sapronak", m.RequirePermissions(m.P_ClosingCountSapronak), ctrl.GetSapronakByProject)
|
||||
route.Get("/:projectFlockId/sapronak", m.RequirePermissions(m.P_ClosingSapronak), ctrl.GetClosingSapronak)
|
||||
route.Get("/:project_flock_id/expedition-hpp", m.RequirePermissions(m.P_ClosingExpeditionHpp), ctrl.GetExpeditionHPP)
|
||||
route.Get("/:project_flock_id/:project_flock_kandang_id/expedition-hpp", m.RequirePermissions(m.P_ClosingExpeditionHppByKandang), ctrl.GetExpeditionHPPByKandang)
|
||||
route.Get("/:projectFlockId/production-data", m.RequirePermissions(m.P_ClosingDataProduction), ctrl.GetClosingDataProduksi)
|
||||
route.Get("/:projectFlockId/keuangan", m.RequirePermissions(m.P_ClosingKeuangan), ctrl.GetClosingKeuangan)
|
||||
route.Get("/:project_flock_id/penjualan", m.RequirePermissions(m.P_ClosingDetail), ctrl.GetPenjualan)
|
||||
route.Get("/:projectFlockId", m.RequirePermissions(m.P_ClosingDetail), ctrl.GetClosingSummary)
|
||||
route.Get("/:project_flock_id/overhead", m.RequirePermissions(m.P_ClosingDetail), ctrl.GetOverhead)
|
||||
route.Get("/:project_flock_id/:project_flock_kandang_id/perhitungan_sapronak", m.RequirePermissions(m.P_ClosingDetail), ctrl.GetSapronakByKandang)
|
||||
route.Get("/:project_flock_id/perhitungan_sapronak", m.RequirePermissions(m.P_ClosingDetail), ctrl.GetSapronakByProject)
|
||||
route.Get("/:projectFlockId/sapronak", m.RequirePermissions(m.P_ClosingDetail), ctrl.GetClosingSapronak)
|
||||
route.Get("/:project_flock_id/expedition-hpp", m.RequirePermissions(m.P_ClosingDetail), ctrl.GetExpeditionHPP)
|
||||
route.Get("/:project_flock_id/:project_flock_kandang_id/expedition-hpp", m.RequirePermissions(m.P_ClosingDetail), ctrl.GetExpeditionHPPByKandang)
|
||||
route.Get("/:projectFlockId/data-produksi", m.RequirePermissions(m.P_ClosingDetail), ctrl.GetClosingDataProduksi)
|
||||
route.Get("/:projectFlockId/keuangan", m.RequirePermissions(m.P_ClosingDetail), ctrl.GetClosingKeuangan)
|
||||
}
|
||||
|
||||
@@ -18,6 +18,6 @@ func ProjectFlockKandangRoutes(v1 fiber.Router, u user.UserService, s projectFlo
|
||||
route.Get("/:id",m.RequirePermissions(m.P_ProjectFlockKandangsGetOne), ctrl.GetOne)
|
||||
// route.Post("/:id/closing", m.RequirePermissions(m.PermissionProjectFlockClosing), ctrl.Closing)
|
||||
// route.Get("/:id/closing/check", m.RequirePermissions(m.PermissionProjectFlockClosing), ctrl.CheckClosing)
|
||||
route.Post("/:id/closing", ctrl.Closing)
|
||||
route.Get("/:id/closing/check", ctrl.CheckClosing)
|
||||
route.Post("/:id/closing",m.RequirePermissions(m.P_ProjectFlockKandangsClosing), ctrl.Closing)
|
||||
route.Get("/:id/closing/check", m.RequirePermissions(m.P_ProjectFlockKandangsCheckClosing), ctrl.CheckClosing)
|
||||
}
|
||||
|
||||
@@ -17,10 +17,10 @@ func Routes(router fiber.Router, purchaseService service.PurchaseService, userSe
|
||||
|
||||
route.Get("/",m.RequirePermissions(m.P_PurchaseGetAll), ctrl.GetAll)
|
||||
route.Get("/:id",m.RequirePermissions(m.P_PurchaseGetOne), ctrl.GetOne)
|
||||
route.Post("/",m.RequirePermissions(m.P_PurchaseCreateOne), ctrl.CreateOne)
|
||||
route.Post("/:id/approvals/staff",m.RequirePermissions(m.P_PurchaseApprovalStaff), ctrl.ApproveStaffPurchase)
|
||||
route.Post("/:id/approvals/manager",m.RequirePermissions(m.P_PurchaseApprovalManager), ctrl.ApproveManagerPurchase)
|
||||
route.Post("/:id/receipts",m.RequirePermissions(m.P_PurchaseReceive), ctrl.ReceiveProducts)
|
||||
route.Delete("/:id",m.RequirePermissions(m.P_RecordingDeleteOne), ctrl.DeletePurchase)
|
||||
route.Delete("/:id/items",m.RequirePermissions(m.P_PurchaseItemDeleteOne), ctrl.DeleteItems)
|
||||
route.Post("/", ctrl.CreateOne)
|
||||
route.Post("/:id/approvals/staff", ctrl.ApproveStaffPurchase)
|
||||
route.Post("/:id/approvals/manager", ctrl.ApproveManagerPurchase)
|
||||
route.Post("/:id/receipts",ctrl.ReceiveProducts)
|
||||
route.Delete("/:id", ctrl.DeletePurchase)
|
||||
route.Delete("/:id/items", ctrl.DeleteItems)
|
||||
}
|
||||
|
||||
@@ -247,7 +247,7 @@ func (s *purchaseService) CreateOne(c *fiber.Ctx, req *validation.CreatePurchase
|
||||
return nil, nil, utils.Internal("Failed to get warehouse")
|
||||
}
|
||||
if warehouse.KandangId == nil || *warehouse.KandangId == 0 {
|
||||
return nil, nil, utils.BadRequest(fmt.Sprintf("Warehouse %d is not linked to a kandang", id))
|
||||
return nil, nil, utils.BadRequest(fmt.Sprintf("%s is not linked to a kandang", warehouse.Name))
|
||||
}
|
||||
var pfkID *uint
|
||||
if s.ProjectFlockKandangRepo != nil {
|
||||
@@ -258,7 +258,7 @@ func (s *purchaseService) CreateOne(c *fiber.Ctx, req *validation.CreatePurchase
|
||||
idCopy := uint(pfk.Id)
|
||||
pfkID = &idCopy
|
||||
} else if errors.Is(err, gorm.ErrRecordNotFound) {
|
||||
return nil, nil, utils.BadRequest(fmt.Sprintf("Warehouse %d has no active project flock", id))
|
||||
return nil, nil, utils.BadRequest(fmt.Sprintf("%s has no active project flock", warehouse.Name))
|
||||
} else if err != nil {
|
||||
s.Log.Errorf("Failed to validate project flock for warehouse %d: %+v", id, err)
|
||||
return nil, nil, utils.Internal("Failed to validate project flock")
|
||||
@@ -794,6 +794,7 @@ func (s *purchaseService) ReceiveProducts(c *fiber.Ctx, id uint, req *validation
|
||||
deltas := make(map[uint]float64)
|
||||
affected := make(map[uint]struct{})
|
||||
updates := make([]rPurchase.PurchaseReceivingUpdate, 0, len(prepared))
|
||||
priceUpdates := make([]rPurchase.PurchasePricingUpdate, 0, len(prepared))
|
||||
fifoAdds := make([]struct {
|
||||
itemID uint
|
||||
pwID uint
|
||||
@@ -862,6 +863,14 @@ func (s *purchaseService) ReceiveProducts(c *fiber.Ctx, id uint, req *validation
|
||||
}
|
||||
|
||||
updates = append(updates, update)
|
||||
|
||||
if item.Price > 0 && prep.receivedQty >= 0 {
|
||||
priceUpdates = append(priceUpdates, rPurchase.PurchasePricingUpdate{
|
||||
ItemID: item.Id,
|
||||
Price: item.Price,
|
||||
TotalPrice: item.Price * prep.receivedQty,
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
if err := repoTx.UpdateReceivingDetails(c.Context(), purchase.Id, updates); err != nil {
|
||||
@@ -876,6 +885,12 @@ func (s *purchaseService) ReceiveProducts(c *fiber.Ctx, id uint, req *validation
|
||||
return err
|
||||
}
|
||||
|
||||
if len(priceUpdates) > 0 {
|
||||
if err := repoTx.UpdatePricing(c.Context(), purchase.Id, priceUpdates); err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
|
||||
// Update due_date based on earliest received date when receiving approved.
|
||||
if earliestReceived != nil {
|
||||
due := earliestReceived.AddDate(0, 0, purchase.CreditTerm)
|
||||
|
||||
@@ -0,0 +1,13 @@
|
||||
package controllers
|
||||
|
||||
type refreshTokenResponse struct {
|
||||
AccessToken string `json:"access_token"`
|
||||
RefreshToken string `json:"refresh_token"`
|
||||
TokenType string `json:"token_type"`
|
||||
ExpiresIn int `json:"expires_in"`
|
||||
Scope string `json:"scope"`
|
||||
IDToken string `json:"id_token"`
|
||||
Error string `json:"error"`
|
||||
Description string `json:"error_description"`
|
||||
}
|
||||
|
||||
@@ -138,6 +138,86 @@ func (h *Controller) Start(c *fiber.Ctx) error {
|
||||
return c.Redirect(authorizeURL.String(), fiber.StatusFound)
|
||||
}
|
||||
|
||||
// Refresh exchanges the current SSO refresh token for a new access/refresh pair
|
||||
// without redirecting the browser to the SSO login page.
|
||||
func (h *Controller) Refresh(c *fiber.Ctx) error {
|
||||
refreshName := resolveSSOCookieName(config.SSORefreshCookieName, "refresh")
|
||||
refreshToken := strings.TrimSpace(c.Cookies(refreshName))
|
||||
if refreshToken == "" {
|
||||
return fiber.NewError(fiber.StatusUnauthorized, "unauthenticated")
|
||||
}
|
||||
|
||||
tokenEndpoint := strings.TrimSpace(config.SSOTokenURL)
|
||||
if tokenEndpoint == "" {
|
||||
return fiber.NewError(fiber.StatusInternalServerError, "token endpoint not configured")
|
||||
}
|
||||
|
||||
form := url.Values{}
|
||||
form.Set("grant_type", "refresh_token")
|
||||
form.Set("refresh_token", refreshToken)
|
||||
|
||||
req, err := http.NewRequestWithContext(c.Context(), http.MethodPost, tokenEndpoint, strings.NewReader(form.Encode()))
|
||||
if err != nil {
|
||||
return fiber.NewError(fiber.StatusInternalServerError, "failed to create refresh request")
|
||||
}
|
||||
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
|
||||
|
||||
resp, err := h.httpClient.Do(req)
|
||||
if err != nil {
|
||||
utils.Log.Errorf("token refresh request failed: %v", err)
|
||||
return fiber.NewError(fiber.StatusBadGateway, "failed to refresh access token")
|
||||
}
|
||||
defer resp.Body.Close()
|
||||
|
||||
if resp.StatusCode >= 400 {
|
||||
utils.Log.Warnf("token refresh response status %d", resp.StatusCode)
|
||||
return fiber.NewError(fiber.StatusUnauthorized, "unauthenticated")
|
||||
}
|
||||
|
||||
var tokenResp refreshTokenResponse
|
||||
if err := json.NewDecoder(resp.Body).Decode(&tokenResp); err != nil {
|
||||
return fiber.NewError(fiber.StatusBadGateway, "invalid token response")
|
||||
}
|
||||
if tokenResp.Error != "" {
|
||||
return fiber.NewError(fiber.StatusBadGateway, tokenResp.Description)
|
||||
}
|
||||
if tokenResp.AccessToken == "" {
|
||||
return fiber.NewError(fiber.StatusBadGateway, "missing access token")
|
||||
}
|
||||
|
||||
verification, err := sso.VerifyAccessToken(tokenResp.AccessToken)
|
||||
if err != nil {
|
||||
utils.Log.Errorf("access token verification failed: %v", err)
|
||||
return fiber.NewError(fiber.StatusUnauthorized, "invalid access token")
|
||||
}
|
||||
|
||||
issueCookies(c, struct {
|
||||
AccessToken string `json:"access_token"`
|
||||
RefreshToken string `json:"refresh_token"`
|
||||
TokenType string `json:"token_type"`
|
||||
ExpiresIn int `json:"expires_in"`
|
||||
Scope string `json:"scope"`
|
||||
IDToken string `json:"id_token"`
|
||||
Error string `json:"error"`
|
||||
Description string `json:"error_description"`
|
||||
}{
|
||||
AccessToken: tokenResp.AccessToken,
|
||||
RefreshToken: tokenResp.RefreshToken,
|
||||
TokenType: tokenResp.TokenType,
|
||||
ExpiresIn: tokenResp.ExpiresIn,
|
||||
Scope: tokenResp.Scope,
|
||||
IDToken: tokenResp.IDToken,
|
||||
Error: tokenResp.Error,
|
||||
Description: tokenResp.Description,
|
||||
}, verification)
|
||||
|
||||
utils.Log.WithFields(logrus.Fields{
|
||||
"user_id": verification.UserID,
|
||||
}).Info("sso refresh successful")
|
||||
|
||||
return c.Status(fiber.StatusOK).JSON(fiber.Map{"status": "ok"})
|
||||
}
|
||||
|
||||
// Callback handles the redirect from SSO containing the authorization code.
|
||||
func (h *Controller) Callback(c *fiber.Ctx) error {
|
||||
state := strings.TrimSpace(c.Query("state"))
|
||||
|
||||
@@ -31,6 +31,7 @@ func Routes(router fiber.Router, db *gorm.DB, validate *validator.Validate) {
|
||||
group.Get("/start", middleware.NewLimiter(30, time.Minute), ctrl.Start)
|
||||
group.Get("/callback", ctrl.Callback)
|
||||
group.Get("/userinfo", middleware.NewLimiter(60, time.Minute), ctrl.UserInfo)
|
||||
group.Post("/refresh", middleware.NewLimiter(60, time.Minute), ctrl.Refresh)
|
||||
group.Post("/logout", middleware.NewLimiter(60, time.Minute), ctrl.Logout)
|
||||
group.Post("/users/sync", middleware.NewLimiter(30, time.Minute), syncCtrl.Sync)
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user