fix: GetImpersonationToken external_id handling

2025-12-06 05:15:21 +03:00 · 2025-12-06 05:15:21 +03:00 · 8bd515c33f
commit 8bd515c33f
parent afb1db17bd
7 changed files with 70 additions and 52 deletions
--- a/modules/auth/handlers/handlers.go
+++ b/modules/auth/handlers/handlers.go
@ -182,8 +182,33 @@ func (s Server) GetImpersonationToken(ctx context.Context, req auth.GetImpersona
 		// TODO: check err and retyrn 400/500
 	}

-	// TODO: handle tgid
-	accessToken, err := s.generateImpersonationToken(fmt.Sprintf("%d", *req.Body.UserId), fmt.Sprintf("%d", ext_service.ID))
+	var user_id string = ""
+
+	if req.Body.ExternalId != nil {
+		user, err := s.db.GetUserByExternalServiceId(context.Background(), sqlc.GetUserByExternalServiceIdParams{
+			ExternalID: fmt.Sprintf("%d", *req.Body.ExternalId),
+			ServiceID:  ext_service.ID,
+		})
+		if err != nil {
+			log.Errorf("failed to get user by external user id: %v", err)
+			return auth.GetImpersonationToken401Response{}, err
+			// TODO: check err and retyrn 400/500
+		}
+
+		user_id = fmt.Sprintf("%d", user.ID)
+	}
+
+	if req.Body.UserId != nil {
+		if user_id != "" && user_id != fmt.Sprintf("%d", *req.Body.UserId) {
+			log.Error("user_id and external_d are incorrect")
+			// TODO: 405
+			return auth.GetImpersonationToken401Response{}, nil
+		} else {
+			user_id = fmt.Sprintf("%d", *req.Body.UserId)
+		}
+	}
+
+	accessToken, err := s.generateImpersonationToken(user_id, fmt.Sprintf("%d", ext_service.ID))
 	if err != nil {
 		log.Errorf("failed to generate impersonation token: %v", err)
 		return auth.GetImpersonationToken401Response{}, err
@ -193,48 +218,6 @@ func (s Server) GetImpersonationToken(ctx context.Context, req auth.GetImpersona
 	return auth.GetImpersonationToken200JSONResponse{AccessToken: accessToken}, nil
 }

-// func (s Server) PostAuthVerifyToken(ctx context.Context, req auth.PostAuthVerifyTokenRequestObject) (auth.PostAuthVerifyTokenResponseObject, error) {
-// 	valid := false
-// 	var userID *string
-// 	var errStr *string
-
-// 	token, err := jwt.Parse(req.Body.Token, func(t *jwt.Token) (interface{}, error) {
-// 		if _, ok := t.Method.(*jwt.SigningMethodHMAC); !ok {
-// 			return nil, fmt.Errorf("unexpected signing method")
-// 		}
-// 		return accessSecret, nil
-// 	})
-
-// 	if err != nil {
-// 		e := err.Error()
-// 		errStr = &e
-// 		return auth.PostAuthVerifyToken200JSONResponse{
-// 			Valid:  &valid,
-// 			UserId: userID,
-// 			Error:  errStr,
-// 		}, nil
-// 	}
-
-// 	if claims, ok := token.Claims.(jwt.MapClaims); ok && token.Valid {
-// 		if uid, ok := claims["user_id"].(string); ok {
-// 			valid = true
-// 			userID = &uid
-// 		} else {
-// 			e := "user_id not found in token"
-// 			errStr = &e
-// 		}
-// 	} else {
-// 		e := "invalid token claims"
-// 		errStr = &e
-// 	}
-
-// 	return auth.PostAuthVerifyToken200JSONResponse{
-// 		Valid:  &valid,
-// 		UserId: userID,
-// 		Error:  errStr,
-// 	}, nil
-// }
-
 // func (s Server) PostAuthRefreshToken(ctx context.Context, req auth.PostAuthRefreshTokenRequestObject) (auth.PostAuthRefreshTokenResponseObject, error) {
 // 	valid := false
 // 	var userID *string
--- a/modules/auth/queries.sql
+++ b/modules/auth/queries.sql
@ -12,4 +12,10 @@ RETURNING id;
 -- name: GetExternalServiceByToken :one
 SELECT *
 FROM external_services
-WHERE auth_token = sqlc.arg('auth_token');
+WHERE auth_token = sqlc.arg('auth_token');
+
+-- name: GetUserByExternalServiceId :one
+SELECT u.*
+FROM users u
+LEFT JOIN external_ids ei ON eu.user_id = u.id
+WHERE ei.external_id = sqlc.arg('external_id') AND ei.service_id = sqlc.arg('service_id');