ruochen/ez-api
1
0
Fork 0
mirror of https://github.com/EZ-Api/ez-api.git synced 2026-01-13 17:47:51 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
8645b22b8385eb4312f7878a4ba6ed463fdbed4e
ez-api/internal/api/master_handler.go
zenfun 8645b22b83 feat(auth): implement master key authentication system with child key issuance 
Add admin and master authentication layers with JWT support. Replace direct
key creation with hierarchical master/child key system. Update database
schema to support master accounts with configurable limits and epoch-based
key revocation. Add health check endpoint with system status monitoring.

BREAKING CHANGE: Removed direct POST /keys endpoint in favor of master-based
key issuance through /v1/tokens. Database migration requires dropping old User
table and creating Master table with new relationships.
2025-12-05 00:16:47 +08:00

65 lines
1.6 KiB
Go
Raw Blame History

package api
import (
"net/http"
"strings"
"github.com/ez-api/ez-api/internal/model"
"github.com/ez-api/ez-api/internal/service"
"github.com/gin-gonic/gin"
)
type MasterHandler struct {
masterService *service.MasterService
}
func NewMasterHandler(masterService *service.MasterService) *MasterHandler {
return &MasterHandler{masterService: masterService}
}
type IssueChildKeyRequest struct {
Group string `json:"group"`
Scopes string `json:"scopes"`
}
func (h *MasterHandler) IssueChildKey(c *gin.Context) {
master, exists := c.Get("master")
if !exists {
c.JSON(http.StatusUnauthorized, gin.H{"error": "master key not found in context"})
return
}
masterModel := master.(*model.Master)
var req IssueChildKeyRequest
if err := c.ShouldBindJSON(&req); err != nil {
c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
return
}
// If group is not specified, inherit from master
group := req.Group
if strings.TrimSpace(group) == "" {
group = masterModel.Group
}
// Security: Ensure the requested group is allowed for this master.
// For now, we'll just enforce it's the same group.
if group != masterModel.Group {
c.JSON(http.StatusForbidden, gin.H{"error": "cannot issue key for a different group"})
return
}
key, rawChildKey, err := h.masterService.IssueChildKey(masterModel.ID, group, req.Scopes)
if err != nil {
c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to issue child key", "details": err.Error()})
return
}
c.JSON(http.StatusCreated, gin.H{
"id": key.ID,
"key_secret": rawChildKey,
"group": key.Group,
"scopes": key.Scopes,
})
}
Reference in New Issue View Git Blame Copy Permalink