Merge branch 'migration' into feat/prescription
This commit is contained in:
@@ -1,5 +1,4 @@
|
||||
h1:3V3a/T/te8iQqsolgRAJKr99GePHgSN9miJHUNngJ74=
|
||||
h1:IAvX8SEd9TnVqJ7EYac7IGQ2CGS+5RhltXZ10G5+w7s=
|
||||
h1:eTC10wvsOLnENRLwgViQvRs0NYu3w94Ah1fOaGCqFEg=
|
||||
20250904105930.sql h1:MEM6blCgke9DzWQSTnLzasbPIrcHssNNrJqZpSkEo6k=
|
||||
20250904141448.sql h1:J8cmYNk4ZrG9fhfbi2Z1IWz7YkfvhFqTzrLFo58BPY0=
|
||||
20250908062237.sql h1:Pu23yEW/aKkwozHoOuROvHS/GK4ngARJGdO7FB7HZuI=
|
||||
@@ -109,9 +108,10 @@ h1:IAvX8SEd9TnVqJ7EYac7IGQ2CGS+5RhltXZ10G5+w7s=
|
||||
20251110093522.sql h1:nsz8jCxGjEdr/bz9g+4ozfZzIP803xONjVmucad1GMc=
|
||||
20251110100258.sql h1:IBqt1VZj5WjQ+l9aAFGHOCCBtzb03KlLLihFLut7itg=
|
||||
20251110100545.sql h1:6/LV7751iyKxE2xI6vO1zly+aHUwxXD/IBwLcVpKxqM=
|
||||
20251111072601.sql h1:dEhwrkT0hJ06/YcvQd5alvdskimcHcYT27QKAzVY5+8=
|
||||
20251111073546.sql h1:JnJZ4SdOObSe6Jf8v/i/KiRxoCz5KMeXCYytQMZgkZM=
|
||||
20251111074148.sql h1:95Ui1eo1P68itOz5kZDNFi2ha0ZhUF4gMYiYVcip6fo=
|
||||
20251111074652.sql h1:vUZbN0qgktRQ2GAlCpdYrbld2grPiSbvcMePEQMfxPs=
|
||||
20251111082257.sql h1:Zr3Xg5n+p4C8F6Evqm5PVC0pqUvPTBcq692PiUEJlT8=
|
||||
20251111111017.sql h1:8Kr6FFtkSeaenB/n/aKlOaz/K33SqazxMuH26oI0JI4=
|
||||
20251110155448.sql h1:kFPobJB+cpflsXBAWUwy3lohuWvrb/VRlXnhJWl7i3Y=
|
||||
20251111072601.sql h1:ch8F+yVhsSM5xY+TwMLY3PxdLa4Wuhtj76oyw79R7Js=
|
||||
20251111073546.sql h1:cCv0NPscADAOBahRVqtDWFs6G2t7n+4a+RwlF8vk/c4=
|
||||
20251111074148.sql h1:70TsV83u1gQ5TktI13K7NQiyCCa35Td2aR6CNtKUa4U=
|
||||
20251111074652.sql h1:ddfQ/sRKMezPM75xBFTGytUQX5AwZ3znrJVpg73gKPA=
|
||||
20251111082257.sql h1:ZsdLY1ROouos0l3oS0lkeSiuKLEUGbVvBhpcM2AVhkw=
|
||||
20251111111017.sql h1:qrJ93dNtQwcuAvpsP/lAK/H63C4cinXrsVaPmWsTqkU=
|
||||
|
||||
@@ -11,7 +11,7 @@ type AuthInfo struct {
|
||||
Uuid string
|
||||
User_Id uint
|
||||
User_Name string
|
||||
User_ContractPosition_code string
|
||||
User_ContractPosition_Code string
|
||||
Employee_Position_Code *string
|
||||
Employee_Id *uint
|
||||
Doctor_Code *string
|
||||
|
||||
@@ -205,7 +205,7 @@ func ExtractToken(r *http.Request, tokenType TokenType) (data *pa.AuthInfo, err
|
||||
User_Name: fmt.Sprintf("%v", claims["user_name"]),
|
||||
}
|
||||
|
||||
data.User_ContractPosition_code = checkStrClaims(claims, "contractPosition_code")
|
||||
data.User_ContractPosition_Code = checkStrClaims(claims, "contractPosition_code")
|
||||
data.Employee_Position_Code = checkStrPtrClaims(claims, "employee_position_code")
|
||||
data.Doctor_Code = checkStrPtrClaims(claims, "doctor_code")
|
||||
data.Nurse_Code = checkStrPtrClaims(claims, "nurse_code")
|
||||
|
||||
@@ -0,0 +1,463 @@
|
||||
package authentication
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"net/http"
|
||||
"strconv"
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
"github.com/golang-jwt/jwt"
|
||||
"github.com/google/uuid"
|
||||
a "github.com/karincake/apem"
|
||||
dg "github.com/karincake/apem/db-gorm-pg"
|
||||
ms "github.com/karincake/apem/ms-redis"
|
||||
d "github.com/karincake/dodol"
|
||||
l "github.com/karincake/lepet"
|
||||
|
||||
pa "simrs-vx/internal/lib/auth"
|
||||
pl "simrs-vx/pkg/logger"
|
||||
p "simrs-vx/pkg/password"
|
||||
|
||||
<<<<<<< HEAD
|
||||
ed "simrs-vx/internal/domain/main-entities/doctor"
|
||||
ee "simrs-vx/internal/domain/main-entities/employee"
|
||||
"simrs-vx/internal/domain/main-entities/intern"
|
||||
em "simrs-vx/internal/domain/main-entities/midwife"
|
||||
en "simrs-vx/internal/domain/main-entities/nurse"
|
||||
ep "simrs-vx/internal/domain/main-entities/pharmacist"
|
||||
eu "simrs-vx/internal/domain/main-entities/user"
|
||||
|
||||
=======
|
||||
eu "simrs-vx/internal/domain/main-entities/user"
|
||||
euf "simrs-vx/internal/domain/main-entities/user-fes"
|
||||
>>>>>>> fc7e74b (feat/sso-auth: wip)
|
||||
erc "simrs-vx/internal/domain/references/common"
|
||||
)
|
||||
|
||||
const source = "authentication"
|
||||
|
||||
var authCfg AuthCfg
|
||||
|
||||
func init() {
|
||||
a.RegisterExtCall(GetConfig)
|
||||
}
|
||||
|
||||
// Generates token and store in redis at one place
|
||||
// just return the error code
|
||||
func GenToken(input eu.LoginDto) (*d.Data, error) {
|
||||
event := pl.Event{
|
||||
Feature: "Create",
|
||||
Source: source,
|
||||
}
|
||||
|
||||
// Get User
|
||||
user := &eu.User{Name: input.Name}
|
||||
// if input.Position_Code != "" {
|
||||
// user.Position_Code = input.Position_Code
|
||||
// }
|
||||
if errCode := getAndCheck(user, user); errCode != "" {
|
||||
return nil, d.FieldErrors{"authentication": d.FieldError{Code: errCode, Message: pl.GenMessage(errCode)}}
|
||||
}
|
||||
|
||||
if user.LoginAttemptCount > 5 {
|
||||
if user.LastSuccessLogin != nil {
|
||||
now := time.Now()
|
||||
lastAllowdLogin := user.LastAllowdLogin
|
||||
if lastAllowdLogin.After(now.Add(-time.Hour * 1)) {
|
||||
return nil, d.FieldErrors{"authentication": d.FieldError{Code: "auth-login-tooMany", Message: pl.GenMessage("auth-login-tooMany")}}
|
||||
} else {
|
||||
tn := time.Now()
|
||||
user.LastAllowdLogin = &tn
|
||||
user.LoginAttemptCount = 0
|
||||
dg.I.Save(&user)
|
||||
}
|
||||
} else {
|
||||
tn := time.Now()
|
||||
user.LastAllowdLogin = &tn
|
||||
dg.I.Save(&user)
|
||||
return nil, d.FieldErrors{"authentication": d.FieldError{Code: "auth-login-tooMany", Message: pl.GenMessage("auth-login-tooMany")}}
|
||||
}
|
||||
}
|
||||
|
||||
if !p.Check(input.Password, user.Password) {
|
||||
user.LoginAttemptCount++
|
||||
dg.I.Save(&user)
|
||||
return nil, d.FieldErrors{"authentication": d.FieldError{Code: "auth-login-incorrect", Message: pl.GenMessage("auth-login-incorrect")}}
|
||||
} else if user.Status_Code == erc.USCBlocked {
|
||||
return nil, d.FieldErrors{"authentication": d.FieldError{Code: "auth-login-blocked", Message: pl.GenMessage("auth-login-blocked")}}
|
||||
} else if user.Status_Code == erc.USCNew {
|
||||
return nil, d.FieldErrors{"authentication": d.FieldError{Code: "auth-login-unverified", Message: pl.GenMessage("auth-login-unverified")}}
|
||||
}
|
||||
|
||||
// Access token prep
|
||||
id, err := uuid.NewRandom()
|
||||
if err != nil {
|
||||
panic(fmt.Sprintf(l.I.Msg("uuid-gen-fail"), err))
|
||||
}
|
||||
if input.Duration == 0 {
|
||||
input.Duration = 24 * 60
|
||||
}
|
||||
duration := time.Minute * time.Duration(input.Duration)
|
||||
aUuid := id.String()
|
||||
atExpires := time.Now().Add(duration).Unix()
|
||||
atSecretKey := authCfg.AtSecretKey
|
||||
|
||||
// Create Claim
|
||||
atClaims := jwt.MapClaims{}
|
||||
atClaims["user_id"] = user.Id
|
||||
atClaims["user_name"] = user.Name
|
||||
atClaims["user_contractPosition_code"] = user.ContractPosition_Code
|
||||
atClaims["uuid"] = aUuid
|
||||
atClaims["exp"] = atExpires
|
||||
|
||||
// Create output
|
||||
outputData := d.II{
|
||||
"user_id": strconv.Itoa(int(user.Id)),
|
||||
"user_name": user.Name,
|
||||
"user_contractPosition_code": user.ContractPosition_Code,
|
||||
}
|
||||
|
||||
// extra
|
||||
// role := []string{}
|
||||
// switch user.ContractPosition_Code {
|
||||
// case erg.CSCEmp:
|
||||
// // employee
|
||||
// employee := ee.Employee{}
|
||||
// dg.I.Where("\"User_Id\" = ?", user.Id).First(&employee)
|
||||
// if employee.Id == 0 {
|
||||
// return nil, d.FieldErrors{"authentication": d.FieldError{Code: "auth-noEmployee", Message: pl.GenMessage("auth-noEmployee")}}
|
||||
// }
|
||||
// atClaims["employee_id"] = employee.Id
|
||||
// outputData["employee_id"] = employee.Id
|
||||
// role = append(role, "emp-"+string(*employee.Position_Code))
|
||||
|
||||
// //if employee.Division_Code != nil {
|
||||
// // atClaims["employee_division_code"] = employee.Division_Code
|
||||
// // outputData["employee_division_code"] = employee.Division_Code
|
||||
// //}
|
||||
|
||||
// // employee position
|
||||
// if employee.Id > 0 && employee.Position_Code != nil {
|
||||
// atClaims["employee_position_code"] = *employee.Position_Code
|
||||
// switch *employee.Position_Code {
|
||||
// case erg.EPCDoc:
|
||||
// doctor := ed.Doctor{}
|
||||
// dg.I.Where("\"Employee_Id\" = ?", employee.Id).First(&doctor)
|
||||
// if doctor.Id == 0 {
|
||||
// return nil, d.FieldErrors{"authentication": d.FieldError{Code: "auth-noDoctor", Message: pl.GenMessage("auth-noDoctor")}}
|
||||
// }
|
||||
// atClaims["doctor_code"] = doctor.Code
|
||||
// outputData["doctor_code"] = doctor.Code
|
||||
|
||||
<<<<<<< HEAD
|
||||
// specialist
|
||||
if doctor.Specialist_Code != nil {
|
||||
atClaims["specialist_code"] = doctor.Specialist_Code
|
||||
outputData["specialist_code"] = doctor.Specialist_Code
|
||||
}
|
||||
if doctor.Subspecialist_Code != nil {
|
||||
atClaims["subspecialist_code"] = doctor.Subspecialist_Code
|
||||
outputData["subspecialist_code"] = doctor.Subspecialist_Code
|
||||
}
|
||||
case erg.EPCNur:
|
||||
empData := en.Nurse{}
|
||||
dg.I.Where("\"Employee_Id\" = ?", employee.Id).First(&empData)
|
||||
if empData.Id == 0 {
|
||||
return nil, d.FieldErrors{"authentication": d.FieldError{Code: "auth-noNurse", Message: pl.GenMessage("auth-noNurse")}}
|
||||
}
|
||||
atClaims["nurse_code"] = empData.Code
|
||||
outputData["nurse_code"] = empData.Code
|
||||
case erg.EPCMwi:
|
||||
empData := em.Midwife{}
|
||||
dg.I.Where("\"Employee_Id\" = ?", employee.Id).First(&empData)
|
||||
if empData.Id == 0 {
|
||||
return nil, d.FieldErrors{"authentication": d.FieldError{Code: "auth-noMidwife", Message: pl.GenMessage("auth-noMidwife")}}
|
||||
}
|
||||
atClaims["midwife_code"] = empData.Code
|
||||
outputData["midwife_code"] = empData.Code
|
||||
case erg.EPCPha:
|
||||
empData := ep.Pharmacist{}
|
||||
dg.I.Where("\"Employee_Id\" = ?", employee.Id).First(&empData)
|
||||
if empData.Id == 0 {
|
||||
return nil, d.FieldErrors{"authentication": d.FieldError{Code: "auth-noPharmacist", Message: pl.GenMessage("auth-noPharmacist")}}
|
||||
}
|
||||
atClaims["pharmacist_code"] = empData.Code
|
||||
outputData["pharmacist_code"] = empData.Code
|
||||
}
|
||||
=======
|
||||
// // specialist
|
||||
// if doctor.Specialist_Code != nil {
|
||||
// atClaims["specialist_code"] = doctor.Specialist_Code
|
||||
// outputData["specialist_code"] = doctor.Specialist_Code
|
||||
// }
|
||||
// if doctor.Subspecialist_Code != nil {
|
||||
// atClaims["subspecialist_code"] = doctor.Subspecialist_Code
|
||||
// outputData["subspecialist_code"] = doctor.Subspecialist_Code
|
||||
// }
|
||||
// case erg.EPCNur:
|
||||
// empData := en.Nurse{}
|
||||
// dg.I.Where("\"Employee_Id\" = ?", employee.Id).First(&empData)
|
||||
// if empData.Id == 0 {
|
||||
// return nil, d.FieldErrors{"authentication": d.FieldError{Code: "auth-noNurse", Message: pl.GenMessage("auth-noNurse")}}
|
||||
// }
|
||||
// atClaims["nurse_code"] = empData.Code
|
||||
// outputData["nurse_code"] = empData.Code
|
||||
// case erg.EPCMwi:
|
||||
// empData := em.Midwife{}
|
||||
// dg.I.Where("\"Employee_Id\" = ?", employee.Id).First(&empData)
|
||||
// if empData.Id == 0 {
|
||||
// return nil, d.FieldErrors{"authentication": d.FieldError{Code: "auth-noMidwife", Message: pl.GenMessage("auth-noMidwife")}}
|
||||
// }
|
||||
// atClaims["midwife_code"] = empData.Code
|
||||
// outputData["midwife_code"] = empData.Code
|
||||
// }
|
||||
>>>>>>> fc7e74b (feat/sso-auth: wip)
|
||||
|
||||
// errorGetPosition := d.FieldErrors{"authentication": d.FieldError{Code: "auth-getData-failed", Message: pl.GenMessage("auth-getData-failed")}}
|
||||
|
||||
// // division position
|
||||
// divisionPositions, err := getDivisionPosition(employee.Id, &event)
|
||||
// if err != nil {
|
||||
// return nil, errorGetPosition
|
||||
// }
|
||||
|
||||
// // installation position
|
||||
// installationPositions, err := getInstallationPosition(employee.Id, &event)
|
||||
// if err != nil {
|
||||
// return nil, errorGetPosition
|
||||
// }
|
||||
|
||||
// // unit position
|
||||
// unitPositions, err := getUnitPosition(employee.Id, &event)
|
||||
// if err != nil {
|
||||
// return nil, errorGetPosition
|
||||
// }
|
||||
|
||||
// // specialist position
|
||||
// specialistPositions, err := getSpecialistPosition(employee.Id, &event)
|
||||
// if err != nil {
|
||||
// return nil, errorGetPosition
|
||||
// }
|
||||
|
||||
// // subspecialist position
|
||||
// subspecialistPositions, err := getSubspecialistPosition(employee.Id, &event)
|
||||
// if err != nil {
|
||||
// return nil, errorGetPosition
|
||||
// }
|
||||
|
||||
// role = append(role, divisionPositions...)
|
||||
// role = append(role, installationPositions...)
|
||||
// role = append(role, unitPositions...)
|
||||
// role = append(role, specialistPositions...)
|
||||
// role = append(role, subspecialistPositions...)
|
||||
// // atClaims["division_positions"] = divsionPositions
|
||||
// // outputData["division_positions"] = divsionPositions
|
||||
// }
|
||||
// case erg.CSCInt:
|
||||
// intern := intern.Intern{}
|
||||
// dg.I.Where("\"User_Id\" = ?", user.Id).First(&intern)
|
||||
// role = append(role, "int-"+string(*intern.Position_Code))
|
||||
// case erg.CSCSys:
|
||||
// role = append(role, "system")
|
||||
// }
|
||||
// atClaims["roles"] = role
|
||||
// outputData["roles"] = role
|
||||
if err := populateRoles(user, atClaims, outputData, event); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
// Generate jwt
|
||||
at := jwt.NewWithClaims(jwt.SigningMethodHS256, atClaims)
|
||||
ats, err := at.SignedString([]byte(atSecretKey))
|
||||
if err != nil {
|
||||
return nil, d.FieldErrors{"user": d.FieldError{Code: "token-sign-err", Message: pl.GenMessage("token-sign-err")}}
|
||||
}
|
||||
outputData["accessToken"] = ats
|
||||
|
||||
// Save to redis
|
||||
now := time.Now()
|
||||
atx := time.Unix(atExpires, 0) //converting Unix to UTC(to Time object)
|
||||
err = ms.I.Set(aUuid, strconv.Itoa(int(user.Id)), atx.Sub(now)).Err()
|
||||
if err != nil {
|
||||
panic(fmt.Sprintf(l.I.Msg("redis-store-fail"), err.Error()))
|
||||
}
|
||||
|
||||
tn := time.Now()
|
||||
user.LoginAttemptCount = 0
|
||||
user.LastSuccessLogin = &tn
|
||||
user.LastAllowdLogin = &tn
|
||||
dg.I.Save(&user)
|
||||
|
||||
// Current data
|
||||
return &d.Data{
|
||||
Meta: d.IS{
|
||||
"source": "authentication",
|
||||
"structure": "single-data",
|
||||
"status": "verified",
|
||||
},
|
||||
Data: outputData,
|
||||
}, nil
|
||||
}
|
||||
|
||||
func RevokeToken(uuid string) {
|
||||
ms.I.Del(uuid)
|
||||
}
|
||||
|
||||
func VerifyToken(r *http.Request, tokenType TokenType) (data *jwt.Token, errCode, errDetail string) {
|
||||
auth := r.Header.Get("Authorization")
|
||||
if auth == "" {
|
||||
return nil, "auth-missingHeader", ""
|
||||
}
|
||||
authArr := strings.Split(auth, " ")
|
||||
if len(authArr) == 2 {
|
||||
auth = authArr[1]
|
||||
}
|
||||
|
||||
token, err := jwt.Parse(auth, func(token *jwt.Token) (any, error) {
|
||||
//Make sure that the token method conform to "SigningMethodHMAC"
|
||||
if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
|
||||
return nil, fmt.Errorf(l.I.Msg("token-sign-unexcpeted"), token.Header["alg"])
|
||||
}
|
||||
if tokenType == AccessToken {
|
||||
return []byte(authCfg.AtSecretKey), nil
|
||||
} else {
|
||||
return []byte(authCfg.RtSecretKey), nil
|
||||
}
|
||||
})
|
||||
if err != nil {
|
||||
return nil, "token-parse-fail", err.Error()
|
||||
}
|
||||
return token, "", ""
|
||||
}
|
||||
|
||||
func ExtractToken(r *http.Request, tokenType TokenType) (data *pa.AuthInfo, err error) {
|
||||
token, errCode, errDetail := VerifyToken(r, tokenType)
|
||||
if errCode != "" {
|
||||
return nil, d.FieldError{Code: errCode, Message: pl.GenMessage(errCode, errDetail)}
|
||||
}
|
||||
claims, ok := token.Claims.(jwt.MapClaims)
|
||||
if ok && token.Valid {
|
||||
accessUuid, ok := claims["uuid"].(string)
|
||||
if !ok {
|
||||
return nil, d.FieldError{Code: "token-invalid", Message: pl.GenMessage("token-invalid", "uuid not available")}
|
||||
}
|
||||
user_id, myErr := strconv.ParseInt(fmt.Sprintf("%.f", claims["user_id"]), 10, 64)
|
||||
if myErr != nil {
|
||||
return nil, d.FieldError{Code: "token-invalid", Message: pl.GenMessage("token-invalid", "uuid is not available")}
|
||||
}
|
||||
accessUuidRedis := ms.I.Get(accessUuid)
|
||||
if accessUuidRedis.String() == "" {
|
||||
return nil, d.FieldError{Code: "token-unidentified", Message: pl.GenMessage("token-unidentified")}
|
||||
}
|
||||
|
||||
data = &pa.AuthInfo{
|
||||
Uuid: accessUuid,
|
||||
User_Id: uint(user_id),
|
||||
User_Name: fmt.Sprintf("%v", claims["user_name"]),
|
||||
}
|
||||
|
||||
data.User_ContractPosition_code = checkStrClaims(claims, "contractPosition_code")
|
||||
data.Employee_Position_Code = checkStrPtrClaims(claims, "employee_position_code")
|
||||
data.Doctor_Code = checkStrPtrClaims(claims, "doctor_code")
|
||||
data.Nurse_Code = checkStrPtrClaims(claims, "nurse_code")
|
||||
data.Midwife_Code = checkStrPtrClaims(claims, "midwife_code")
|
||||
data.Nutritionist_Code = checkStrPtrClaims(claims, "nutritionist_code")
|
||||
data.Laborant_Code = checkStrPtrClaims(claims, "laborant_code")
|
||||
data.Pharmachist_Code = checkStrPtrClaims(claims, "pharmachist_code")
|
||||
data.Intern_Position_Code = checkStrPtrClaims(claims, "intern_position_code")
|
||||
data.Employee_Id = checkUntPtrClaims(claims, "employee_id")
|
||||
return
|
||||
}
|
||||
return nil, d.FieldError{Code: "token", Message: "token-invalid"}
|
||||
}
|
||||
|
||||
func GetConfig() {
|
||||
a.ParseCfg(&authCfg)
|
||||
}
|
||||
|
||||
func GenTokenFes(input euf.LoginDto) (*d.Data, error) {
|
||||
event := pl.Event{
|
||||
Feature: "Create",
|
||||
Source: source,
|
||||
}
|
||||
|
||||
// Get User Fes
|
||||
userFes := &euf.UserFes{Name: input.Name, AuthPartner_Code: input.AuthPartner_Code}
|
||||
if errCode := getAndCheck(userFes, userFes); errCode != "" {
|
||||
return nil, d.FieldErrors{"authentication": d.FieldError{Code: errCode, Message: pl.GenMessage(errCode)}}
|
||||
}
|
||||
if userFes.AuthPartner.SecretKey != input.AuthPartner_SecretKey {
|
||||
return nil, d.FieldErrors{"authentication": d.FieldError{Code: "auth-secretKey-invalid", Message: pl.GenMessage("auth-secretKey-invalid")}}
|
||||
}
|
||||
|
||||
user := &eu.User{Name: userFes.User_Name}
|
||||
if errCode := getAndCheck(user, user); errCode != "" {
|
||||
return nil, d.FieldErrors{"authentication": d.FieldError{Code: errCode, Message: pl.GenMessage(errCode)}}
|
||||
}
|
||||
|
||||
// Access token prep
|
||||
id, err := uuid.NewRandom()
|
||||
if err != nil {
|
||||
panic(fmt.Sprintf(l.I.Msg("uuid-gen-fail"), err))
|
||||
}
|
||||
if input.Duration == 0 {
|
||||
input.Duration = 24 * 60
|
||||
}
|
||||
duration := time.Minute * time.Duration(input.Duration)
|
||||
aUuid := id.String()
|
||||
atExpires := time.Now().Add(duration).Unix()
|
||||
atSecretKey := authCfg.AtSecretKey
|
||||
|
||||
// Create Claim
|
||||
atClaims := jwt.MapClaims{}
|
||||
atClaims["user_id"] = user.Id
|
||||
atClaims["user_name"] = user.Name
|
||||
atClaims["user_contractPosition_code"] = user.ContractPosition_Code
|
||||
atClaims["uuid"] = aUuid
|
||||
atClaims["exp"] = atExpires
|
||||
|
||||
// Create output
|
||||
outputData := d.II{
|
||||
"user_id": strconv.Itoa(int(user.Id)),
|
||||
"user_name": user.Name,
|
||||
"user_contractPosition_code": user.ContractPosition_Code,
|
||||
}
|
||||
|
||||
// extra
|
||||
if err := populateRoles(user, atClaims, outputData, event); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
// Generate jwt
|
||||
at := jwt.NewWithClaims(jwt.SigningMethodHS256, atClaims)
|
||||
ats, err := at.SignedString([]byte(atSecretKey))
|
||||
if err != nil {
|
||||
return nil, d.FieldErrors{"user": d.FieldError{Code: "token-sign-err", Message: pl.GenMessage("token-sign-err")}}
|
||||
}
|
||||
outputData["accessToken"] = ats
|
||||
|
||||
// Save to redis
|
||||
now := time.Now()
|
||||
atx := time.Unix(atExpires, 0) //converting Unix to UTC(to Time object)
|
||||
err = ms.I.Set(aUuid, strconv.Itoa(int(user.Id)), atx.Sub(now)).Err()
|
||||
if err != nil {
|
||||
panic(fmt.Sprintf(l.I.Msg("redis-store-fail"), err.Error()))
|
||||
}
|
||||
|
||||
tn := time.Now()
|
||||
user.LoginAttemptCount = 0
|
||||
user.LastSuccessLogin = &tn
|
||||
user.LastAllowdLogin = &tn
|
||||
dg.I.Save(&user)
|
||||
|
||||
// Current data
|
||||
return &d.Data{
|
||||
Meta: d.IS{
|
||||
"source": "authentication",
|
||||
"structure": "single-data",
|
||||
"status": "verified",
|
||||
},
|
||||
Data: outputData,
|
||||
}, nil
|
||||
}
|
||||
@@ -0,0 +1,323 @@
|
||||
package authentication
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"strconv"
|
||||
"time"
|
||||
|
||||
"github.com/golang-jwt/jwt"
|
||||
"github.com/google/uuid"
|
||||
dg "github.com/karincake/apem/db-gorm-pg"
|
||||
ms "github.com/karincake/apem/ms-redis"
|
||||
d "github.com/karincake/dodol"
|
||||
l "github.com/karincake/lepet"
|
||||
|
||||
pl "simrs-vx/pkg/logger"
|
||||
|
||||
edp "simrs-vx/internal/domain/main-entities/division-position"
|
||||
ed "simrs-vx/internal/domain/main-entities/doctor"
|
||||
ee "simrs-vx/internal/domain/main-entities/employee"
|
||||
eip "simrs-vx/internal/domain/main-entities/installation-position"
|
||||
"simrs-vx/internal/domain/main-entities/intern"
|
||||
em "simrs-vx/internal/domain/main-entities/midwife"
|
||||
en "simrs-vx/internal/domain/main-entities/nurse"
|
||||
esp "simrs-vx/internal/domain/main-entities/specialist-position"
|
||||
essp "simrs-vx/internal/domain/main-entities/subspecialist-position"
|
||||
eup "simrs-vx/internal/domain/main-entities/unit-position"
|
||||
eu "simrs-vx/internal/domain/main-entities/user"
|
||||
erg "simrs-vx/internal/domain/references/organization"
|
||||
|
||||
udp "simrs-vx/internal/use-case/main-use-case/division-position"
|
||||
uip "simrs-vx/internal/use-case/main-use-case/installation-position"
|
||||
usp "simrs-vx/internal/use-case/main-use-case/specialist-position"
|
||||
ussp "simrs-vx/internal/use-case/main-use-case/subspecialist-position"
|
||||
uup "simrs-vx/internal/use-case/main-use-case/unit-position"
|
||||
)
|
||||
|
||||
// just return the error code
|
||||
func getAndCheck(input, condition any, includes any) (eCode string) {
|
||||
qry := dg.I.Where(condition)
|
||||
|
||||
// WARNING THIS PRELOAD FAILS
|
||||
if includes != nil {
|
||||
if val := includes.(string); val != "" {
|
||||
qry = qry.Preload(val)
|
||||
} else if vals := includes.([]string); len(vals) > 0 {
|
||||
for _, val := range vals {
|
||||
qry = qry.Preload(val)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
result := qry.First(&input)
|
||||
if result.Error != nil {
|
||||
return "fetch-fail"
|
||||
} else if result.RowsAffected == 0 {
|
||||
return "auth-login-incorrect"
|
||||
}
|
||||
|
||||
return ""
|
||||
}
|
||||
|
||||
func getDivisionPosition(employee_id uint, event *pl.Event) ([]string, error) {
|
||||
var result []string
|
||||
|
||||
// get data division_position based on employee_id
|
||||
data, _, err := udp.ReadListData(edp.ReadListDto{FilterDto: edp.FilterDto{Employee_Id: &employee_id}}, event)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
if len(data) > 0 {
|
||||
for _, dp := range data {
|
||||
result = append(result, "div-"+*dp.Division_Code)
|
||||
}
|
||||
}
|
||||
|
||||
return result, nil
|
||||
}
|
||||
|
||||
func getInstallationPosition(employeeId uint, event *pl.Event) ([]string, error) {
|
||||
var result []string
|
||||
|
||||
// get data unit_position based on employee_id
|
||||
data, _, err := uip.ReadListData(eip.ReadListDto{
|
||||
FilterDto: eip.FilterDto{Employee_Id: &employeeId},
|
||||
Includes: "installation"}, event)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
if len(data) > 0 {
|
||||
for _, dp := range data {
|
||||
result = append(result, "inst-"+*dp.Installation_Code+"-"+dp.Code)
|
||||
}
|
||||
}
|
||||
|
||||
return result, nil
|
||||
}
|
||||
|
||||
func getUnitPosition(employeeId uint, event *pl.Event) ([]string, error) {
|
||||
var result []string
|
||||
|
||||
// get data unit_position based on employee_id
|
||||
data, _, err := uup.ReadListData(eup.ReadListDto{FilterDto: eup.FilterDto{Employee_Id: &employeeId}}, event)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
if len(data) > 0 {
|
||||
for _, dp := range data {
|
||||
result = append(result, "unit-"+*dp.Unit_Code+"-"+dp.Code)
|
||||
}
|
||||
}
|
||||
|
||||
return result, nil
|
||||
}
|
||||
|
||||
func getSpecialistPosition(employeeId uint, event *pl.Event) ([]string, error) {
|
||||
var result []string
|
||||
|
||||
// get data unit_position based on employee_id
|
||||
data, _, err := usp.ReadListData(esp.ReadListDto{FilterDto: esp.FilterDto{Employee_Id: &employeeId}}, event)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
if len(data) > 0 {
|
||||
for _, dp := range data {
|
||||
result = append(result, "spec-"+*dp.Specialist_Code+"-"+dp.Code)
|
||||
}
|
||||
}
|
||||
|
||||
return result, nil
|
||||
}
|
||||
|
||||
func getSubspecialistPosition(employeeId uint, event *pl.Event) ([]string, error) {
|
||||
var result []string
|
||||
|
||||
// get data unit_position based on employee_id
|
||||
data, _, err := ussp.ReadListData(essp.ReadListDto{
|
||||
FilterDto: essp.FilterDto{Employee_Id: &employeeId},
|
||||
Includes: "subspecialist"}, event)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
if len(data) > 0 {
|
||||
for _, dp := range data {
|
||||
result = append(result, "subspec-"+dp.Subspecialist.Code+"-"+dp.Code)
|
||||
}
|
||||
}
|
||||
|
||||
return result, nil
|
||||
}
|
||||
|
||||
func checkStrClaims(claim map[string]interface{}, key string) string {
|
||||
if v, exist := claim[key]; exist && v != nil {
|
||||
return v.(string)
|
||||
}
|
||||
return ""
|
||||
}
|
||||
|
||||
func checkStrPtrClaims(claim map[string]interface{}, key string) *string {
|
||||
if v, exist := claim[key]; exist && v != nil {
|
||||
val := v.(string)
|
||||
return &val
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func checkUntPtrClaims(claim map[string]interface{}, key string) *uint {
|
||||
if v, exist := claim[key]; exist && v != nil {
|
||||
val := uint(v.(float64))
|
||||
return &val
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func populateRoles(user *eu.User, input eu.LoginDto, atClaims jwt.MapClaims, outputData d.II, event pl.Event) error {
|
||||
id, err := uuid.NewRandom()
|
||||
if err != nil {
|
||||
panic(fmt.Sprintf(l.I.Msg("uuid-gen-fail"), err))
|
||||
}
|
||||
if input.Duration == 0 {
|
||||
input.Duration = 24 * 60
|
||||
}
|
||||
duration := time.Minute * time.Duration(input.Duration)
|
||||
aUuid := id.String()
|
||||
atExpires := time.Now().Add(duration).Unix()
|
||||
|
||||
atClaims["uuid"] = aUuid
|
||||
atClaims["exp"] = atExpires
|
||||
atClaims["user_id"] = user.Id
|
||||
atClaims["user_name"] = user.Name
|
||||
atClaims["user_contractPosition_code"] = user.ContractPosition_Code
|
||||
|
||||
outputData["user_id"] = user.Id
|
||||
outputData["user_name"] = user.Name
|
||||
outputData["user_contractPosition_code"] = user.ContractPosition_Code
|
||||
|
||||
roles := []string{}
|
||||
switch user.ContractPosition_Code {
|
||||
case erg.CSCEmp:
|
||||
// employee
|
||||
employee := ee.Employee{}
|
||||
dg.I.Where("\"User_Id\" = ?", user.Id).First(&employee)
|
||||
if employee.Id == 0 {
|
||||
return d.FieldErrors{"authentication": d.FieldError{Code: "auth-noEmployee", Message: pl.GenMessage("auth-noEmployee")}}
|
||||
}
|
||||
atClaims["employee_id"] = employee.Id
|
||||
outputData["employee_id"] = employee.Id
|
||||
roles = append(roles, "emp-"+string(*employee.Position_Code))
|
||||
|
||||
// employee position
|
||||
if employee.Id > 0 && employee.Position_Code != nil {
|
||||
atClaims["employee_position_code"] = *employee.Position_Code
|
||||
switch *employee.Position_Code {
|
||||
case erg.EPCDoc:
|
||||
doctor := ed.Doctor{}
|
||||
dg.I.Where("\"Employee_Id\" = ?", employee.Id).First(&doctor)
|
||||
if doctor.Id == 0 {
|
||||
return d.FieldErrors{"authentication": d.FieldError{Code: "auth-noDoctor", Message: pl.GenMessage("auth-noDoctor")}}
|
||||
}
|
||||
atClaims["doctor_code"] = doctor.Code
|
||||
outputData["doctor_code"] = doctor.Code
|
||||
|
||||
// specialist
|
||||
if doctor.Specialist_Code != nil {
|
||||
atClaims["specialist_code"] = doctor.Specialist_Code
|
||||
outputData["specialist_code"] = doctor.Specialist_Code
|
||||
}
|
||||
if doctor.Subspecialist_Code != nil {
|
||||
atClaims["subspecialist_code"] = doctor.Subspecialist_Code
|
||||
outputData["subspecialist_code"] = doctor.Subspecialist_Code
|
||||
}
|
||||
case erg.EPCNur:
|
||||
empData := en.Nurse{}
|
||||
dg.I.Where("\"Employee_Id\" = ?", employee.Id).First(&empData)
|
||||
if empData.Id == 0 {
|
||||
return d.FieldErrors{"authentication": d.FieldError{Code: "auth-noNurse", Message: pl.GenMessage("auth-noNurse")}}
|
||||
}
|
||||
atClaims["nurse_code"] = empData.Code
|
||||
outputData["nurse_code"] = empData.Code
|
||||
case erg.EPCMwi:
|
||||
empData := em.Midwife{}
|
||||
dg.I.Where("\"Employee_Id\" = ?", employee.Id).First(&empData)
|
||||
if empData.Id == 0 {
|
||||
return d.FieldErrors{"authentication": d.FieldError{Code: "auth-noMidwife", Message: pl.GenMessage("auth-noMidwife")}}
|
||||
}
|
||||
atClaims["midwife_code"] = empData.Code
|
||||
outputData["midwife_code"] = empData.Code
|
||||
}
|
||||
|
||||
errorGetPosition := d.FieldErrors{"authentication": d.FieldError{Code: "auth-getData-failed", Message: pl.GenMessage("auth-getData-failed")}}
|
||||
|
||||
// division position
|
||||
divisionPositions, err := getDivisionPosition(employee.Id, &event)
|
||||
if err != nil {
|
||||
return errorGetPosition
|
||||
}
|
||||
|
||||
// installation position
|
||||
installationPositions, err := getInstallationPosition(employee.Id, &event)
|
||||
if err != nil {
|
||||
return errorGetPosition
|
||||
}
|
||||
|
||||
// unit position
|
||||
unitPositions, err := getUnitPosition(employee.Id, &event)
|
||||
if err != nil {
|
||||
return errorGetPosition
|
||||
}
|
||||
|
||||
// specialist position
|
||||
specialistPositions, err := getSpecialistPosition(employee.Id, &event)
|
||||
if err != nil {
|
||||
return errorGetPosition
|
||||
}
|
||||
|
||||
// subspecialist position
|
||||
subspecialistPositions, err := getSubspecialistPosition(employee.Id, &event)
|
||||
if err != nil {
|
||||
return errorGetPosition
|
||||
}
|
||||
|
||||
roles = append(roles, divisionPositions...)
|
||||
roles = append(roles, installationPositions...)
|
||||
roles = append(roles, unitPositions...)
|
||||
roles = append(roles, specialistPositions...)
|
||||
roles = append(roles, subspecialistPositions...)
|
||||
// atClaims["division_positions"] = divsionPositions
|
||||
// outputData["division_positions"] = divsionPositions
|
||||
}
|
||||
case erg.CSCInt:
|
||||
intern := intern.Intern{}
|
||||
dg.I.Where("\"User_Id\" = ?", user.Id).First(&intern)
|
||||
roles = append(roles, "int-"+string(*intern.Position_Code))
|
||||
case erg.CSCSys:
|
||||
roles = append(roles, "system")
|
||||
}
|
||||
atClaims["roles"] = roles
|
||||
outputData["roles"] = roles
|
||||
|
||||
// Generate jwt
|
||||
atSecretKey := authCfg.AtSecretKey
|
||||
at := jwt.NewWithClaims(jwt.SigningMethodHS256, atClaims)
|
||||
ats, err := at.SignedString([]byte(atSecretKey))
|
||||
if err != nil {
|
||||
return d.FieldErrors{"user": d.FieldError{Code: "token-sign-err", Message: pl.GenMessage("token-sign-err")}}
|
||||
}
|
||||
outputData["accessToken"] = ats
|
||||
|
||||
// Save to redis
|
||||
exp, _ := atClaims["exp"].(int64)
|
||||
now := time.Now()
|
||||
atx := time.Unix(exp, 0) //converting Unix to UTC(to Time object)
|
||||
err = ms.I.Set(atClaims["uuid"].(string), strconv.Itoa(int(user.Id)), atx.Sub(now)).Err()
|
||||
if err != nil {
|
||||
panic(fmt.Sprintf(l.I.Msg("redis-store-fail"), err.Error()))
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
Reference in New Issue
Block a user