docs: reorder & testing
This commit is contained in:
Ilia Denisov
@@ -15,12 +15,15 @@ import (
|
||||
)
|
||||
|
||||
// InternalSessionsHandlers groups the gateway-only session handlers
|
||||
// under `/api/v1/internal/sessions/*`. The current implementation ships real
|
||||
// implementations; nil *auth.Service falls back to the Stage-3
|
||||
// placeholder so the contract test continues to validate the OpenAPI
|
||||
// envelope without booting a database.
|
||||
// under `/api/v1/internal/sessions/*`. The internal surface only
|
||||
// carries the per-request session lookup gateway needs to verify
|
||||
// signed envelopes; revocation is driven through the user surface
|
||||
// (self-driven) or through admin operations that call auth in-process,
|
||||
// not through this listener. nil *auth.Service falls back to the
|
||||
// Stage-3 placeholder so the contract test continues to validate the
|
||||
// OpenAPI envelope without booting a database.
|
||||
type InternalSessionsHandlers struct {
|
||||
svc *auth.Service
|
||||
svc *auth.Service
|
||||
logger *zap.Logger
|
||||
}
|
||||
|
||||
@@ -62,58 +65,3 @@ func (h *InternalSessionsHandlers) Get() gin.HandlerFunc {
|
||||
c.JSON(http.StatusOK, deviceSessionToWire(sess))
|
||||
}
|
||||
}
|
||||
|
||||
// Revoke handles POST /api/v1/internal/sessions/{device_session_id}/revoke.
|
||||
func (h *InternalSessionsHandlers) Revoke() gin.HandlerFunc {
|
||||
if h.svc == nil {
|
||||
return handlers.NotImplemented("internalSessionsRevoke")
|
||||
}
|
||||
return func(c *gin.Context) {
|
||||
deviceSessionID, err := uuid.Parse(c.Param("device_session_id"))
|
||||
if err != nil {
|
||||
httperr.Abort(c, http.StatusBadRequest, httperr.CodeInvalidRequest, "device_session_id must be a valid UUID")
|
||||
return
|
||||
}
|
||||
ctx := c.Request.Context()
|
||||
sess, err := h.svc.RevokeSession(ctx, deviceSessionID)
|
||||
if err != nil {
|
||||
if errors.Is(err, auth.ErrSessionNotFound) {
|
||||
httperr.Abort(c, http.StatusNotFound, httperr.CodeNotFound, "device session not found")
|
||||
return
|
||||
}
|
||||
h.logger.Error("internal sessions revoke failed",
|
||||
append(telemetry.TraceFieldsFromContext(ctx), zap.Error(err))...,
|
||||
)
|
||||
httperr.Abort(c, http.StatusInternalServerError, httperr.CodeInternalError, "service error")
|
||||
return
|
||||
}
|
||||
c.JSON(http.StatusOK, deviceSessionToWire(sess))
|
||||
}
|
||||
}
|
||||
|
||||
// RevokeAllForUser handles POST /api/v1/internal/sessions/users/{user_id}/revoke-all.
|
||||
func (h *InternalSessionsHandlers) RevokeAllForUser() gin.HandlerFunc {
|
||||
if h.svc == nil {
|
||||
return handlers.NotImplemented("internalSessionsRevokeAllForUser")
|
||||
}
|
||||
return func(c *gin.Context) {
|
||||
userID, err := uuid.Parse(c.Param("user_id"))
|
||||
if err != nil {
|
||||
httperr.Abort(c, http.StatusBadRequest, httperr.CodeInvalidRequest, "user_id must be a valid UUID")
|
||||
return
|
||||
}
|
||||
ctx := c.Request.Context()
|
||||
revoked, err := h.svc.RevokeAllForUser(ctx, userID)
|
||||
if err != nil {
|
||||
h.logger.Error("internal sessions revoke-all failed",
|
||||
append(telemetry.TraceFieldsFromContext(ctx), zap.Error(err))...,
|
||||
)
|
||||
httperr.Abort(c, http.StatusInternalServerError, httperr.CodeInternalError, "service error")
|
||||
return
|
||||
}
|
||||
c.JSON(http.StatusOK, gin.H{
|
||||
"user_id": userID.String(),
|
||||
"revoked_count": len(revoked),
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user