Merge branch 'dev' of github.com:dikstub-rssa/simrs-be into fix/anything-moko

2025-12-10 12:32:24 +07:00
parent bd2f073dfc ab41552c6f
commit 5aa94df652
137 changed files with 5214 additions and 1326 deletions
@@ -9,9 +9,12 @@ import (
 	sp "github.com/karincake/semprit"
 	sr "github.com/karincake/serabi"

+	is "simrs-vx/internal/infra/sync-consumer-cfg"
+	pa "simrs-vx/internal/lib/auth"
+
 	m "simrs-vx/internal/domain/main-entities/user"
 	mf "simrs-vx/internal/domain/main-entities/user-fes"
-	pa "simrs-vx/internal/lib/auth"
+	esga "simrs-vx/internal/domain/sync-entities/authentication"
 	s "simrs-vx/internal/use-case/main-use-case/authentication"
 )

@@ -66,12 +69,37 @@ func Logout(w http.ResponseWriter, r *http.Request) {
 }

 func GuardMW(next http.Handler) http.Handler {
+	var (
+		accessDetail *pa.AuthInfo
+		err          error
+	)
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		accessDetail, err := s.ExtractToken(r, s.AccessToken)
-		if err != nil {
-			rw.WriteJSON(w, http.StatusUnauthorized, err.(d.FieldError), nil)
-			return
+		// Check if it's from sync
+		credential := esga.CredentialDto{}
+		credential.Source = r.Header.Get("X-Sync-Source")
+		credential.SecretKey = r.Header.Get("X-Sync-SecretKey")
+		credential.UserName = r.Header.Get("X-Sync-UserName")
+		if credential.Source != "" || credential.SecretKey != "" || credential.UserName != "" {
+			// validate secretKey and source
+			if credential.SecretKey != is.O.SecretKey || credential.Source != is.O.Source {
+				rw.WriteJSON(w, http.StatusUnauthorized, d.IS{"message": "invalid consumer credential"}, nil)
+				return
+			}
+
+			accessDetail, err = s.GetAuthInfoByUserName(credential.UserName)
+			if err != nil {
+				rw.WriteJSON(w, http.StatusUnauthorized, err.(d.FieldError), nil)
+				return
+			}
+		} else {
+			// Normal flow goes here
+			accessDetail, err = s.ExtractToken(r, s.AccessToken)
+			if err != nil {
+				rw.WriteJSON(w, http.StatusUnauthorized, err.(d.FieldError), nil)
+				return
+			}
 		}
+
 		ctx := context.WithValue(r.Context(), pa.AuthKey{}, accessDetail)
 		next.ServeHTTP(w, r.WithContext(ctx))
 	})
@@ -69,7 +69,7 @@ import (
 	gs "simrs-vx/internal/infra/gorm-setting"
 	minio "simrs-vx/internal/infra/minio"
 	ssdb "simrs-vx/internal/infra/ss-db"
-	simgossync "simrs-vx/internal/infra/sync-cfg"
+	sync "simrs-vx/internal/infra/sync-consumer-cfg"

 	/******************** pkg ********************/
 	cmw "simrs-vx/pkg/cors-manager-mw"
@@ -154,7 +154,7 @@ func SetRoutes() http.Handler {
 	a.RegisterExtCall(mh.I.SetClient)
 	a.RegisterExtCall(ibpjs.SetConfig)
 	a.RegisterExtCall(validation.RegisterValidation)
-	a.RegisterExtCall(simgossync.SetConfig)
+	a.RegisterExtCall(sync.SetConfig)
 	a.RegisterExtCall(docscfg.ParseCfg)
 	a.RegisterExtCall(ibpjs.SetConfig)

@@ -68,6 +68,7 @@ func (obj myBase) Update(w http.ResponseWriter, r *http.Request) {
 	if res := rw.ValidateStructByIOR(w, r.Body, &dto); !res {
 		return
 	}
+
 	dto.Id = uint(id)
 	dto.AuthInfo = *authInfo
 	res, err := u.Update(dto)
@@ -81,7 +82,15 @@ func (obj myBase) Delete(w http.ResponseWriter, r *http.Request) {
 	}

 	dto := e.DeleteDto{}
+
+	authInfo, err := pa.GetAuthInfo(r)
+	if err != nil {
+		rw.WriteJSON(w, http.StatusUnauthorized, d.IS{"message": err.Error()}, nil)
+	}
+
 	dto.Id = uint(id)
+	dto.AuthInfo = *authInfo
+
 	res, err := u.Delete(dto)
 	rw.DataResponse(w, res, err)
 }
@@ -47,7 +47,7 @@ func (obj myBase) GetDetail(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 	dto := e.ReadDetailDto{}
-	dto.Id = uint16(id)
+	dto.Id = uint(id)
 	res, err := u.ReadDetail(dto)
 	rw.DataResponse(w, res, err)
 }
@@ -62,7 +62,7 @@ func (obj myBase) Update(w http.ResponseWriter, r *http.Request) {
 	if res := rw.ValidateStructByIOR(w, r.Body, &dto); !res {
 		return
 	}
-	dto.Id = uint16(id)
+	dto.Id = uint(id)
 	res, err := u.Update(dto)
 	rw.DataResponse(w, res, err)
 }
@@ -74,7 +74,7 @@ func (obj myBase) Delete(w http.ResponseWriter, r *http.Request) {
 	}

 	dto := e.DeleteDto{}
-	dto.Id = uint16(id)
+	dto.Id = uint(id)
 	res, err := u.Delete(dto)
 	rw.DataResponse(w, res, err)
 }