toolz/goplt
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(auth): Complete Auth Service implementation and fix Consul health checks

Browse Source 
- Add VerifyPassword RPC to Identity Service
  - Added to proto file and generated code
  - Implemented in Identity Service gRPC server
  - Added to Identity Service client interface and gRPC client

- Complete RefreshToken implementation
  - Store refresh tokens in database using RefreshToken entity
  - Validate refresh tokens with expiration checking
  - Revoke refresh tokens on logout and token rotation

- Integrate Authz Service for role retrieval
  - Added AuthzServiceClient to Auth Service
  - Get user roles during login and token refresh
  - Gracefully handle Authz Service failures

- Require JWT secret in configuration
  - Removed default secret fallback
  - Service fails to start if JWT secret is not configured

- Fix Consul health checks for Docker
  - Services now register with Docker service names (e.g., audit-service)
  - Allows Consul (in Docker) to reach services via Docker DNS
  - Health checks use gRPC service names instead of localhost

This completes all TODOs in auth_service_fx.go and fixes the Consul
health check failures in Docker environments.
This commit is contained in:
0x1d
2025-11-06 21:26:34 +01:00
parent b02c1d44c8
commit 04022b835e
34 changed files with 6775 additions and 90 deletions
Download Patch File Download Diff File Expand all files Collapse all files

496
internal/ent/mutation.go
View File

@@ -14,6 +14,7 @@ import (
"git.dcentral.systems/toolz/goplt/internal/ent/auditlog"
"git.dcentral.systems/toolz/goplt/internal/ent/permission"
"git.dcentral.systems/toolz/goplt/internal/ent/predicate"
"git.dcentral.systems/toolz/goplt/internal/ent/refreshtoken"
"git.dcentral.systems/toolz/goplt/internal/ent/role"
"git.dcentral.systems/toolz/goplt/internal/ent/rolepermission"
"git.dcentral.systems/toolz/goplt/internal/ent/user"
@@ -31,6 +32,7 @@ const (
// Node types.
TypeAuditLog = "AuditLog"
TypePermission = "Permission"
TypeRefreshToken = "RefreshToken"
TypeRole = "Role"
TypeRolePermission = "RolePermission"
TypeUser = "User"
@@ -1270,6 +1272,500 @@ func (m *PermissionMutation) ResetEdge(name string) error {
return fmt.Errorf("unknown Permission edge %s", name)
}
// RefreshTokenMutation represents an operation that mutates the RefreshToken nodes in the graph.
type RefreshTokenMutation struct {
config
op Op
typ string
id *string
user_id *string
token_hash *string
expires_at *time.Time
created_at *time.Time
clearedFields map[string]struct{}
done bool
oldValue func(context.Context) (*RefreshToken, error)
predicates []predicate.RefreshToken
}
var _ ent.Mutation = (*RefreshTokenMutation)(nil)
// refreshtokenOption allows management of the mutation configuration using functional options.
type refreshtokenOption func(*RefreshTokenMutation)
// newRefreshTokenMutation creates new mutation for the RefreshToken entity.
func newRefreshTokenMutation(c config, op Op, opts ...refreshtokenOption) *RefreshTokenMutation {
m := &RefreshTokenMutation{
config: c,
op: op,
typ: TypeRefreshToken,
clearedFields: make(map[string]struct{}),
}
for _, opt := range opts {
opt(m)
}
return m
}
// withRefreshTokenID sets the ID field of the mutation.
func withRefreshTokenID(id string) refreshtokenOption {
return func(m *RefreshTokenMutation) {
var (
err error
once sync.Once
value *RefreshToken
)
m.oldValue = func(ctx context.Context) (*RefreshToken, error) {
once.Do(func() {
if m.done {
err = errors.New("querying old values post mutation is not allowed")
} else {
value, err = m.Client().RefreshToken.Get(ctx, id)
}
})
return value, err
}
m.id = &id
}
}
// withRefreshToken sets the old RefreshToken of the mutation.
func withRefreshToken(node *RefreshToken) refreshtokenOption {
return func(m *RefreshTokenMutation) {
m.oldValue = func(context.Context) (*RefreshToken, error) {
return node, nil
}
m.id = &node.ID
}
}
// Client returns a new `ent.Client` from the mutation. If the mutation was
// executed in a transaction (ent.Tx), a transactional client is returned.
func (m RefreshTokenMutation) Client() *Client {
client := &Client{config: m.config}
client.init()
return client
}
// Tx returns an `ent.Tx` for mutations that were executed in transactions;
// it returns an error otherwise.
func (m RefreshTokenMutation) Tx() (*Tx, error) {
if _, ok := m.driver.(*txDriver); !ok {
return nil, errors.New("ent: mutation is not running in a transaction")
}
tx := &Tx{config: m.config}
tx.init()
return tx, nil
}
// SetID sets the value of the id field. Note that this
// operation is only accepted on creation of RefreshToken entities.
func (m *RefreshTokenMutation) SetID(id string) {
m.id = &id
}
// ID returns the ID value in the mutation. Note that the ID is only available
// if it was provided to the builder or after it was returned from the database.
func (m *RefreshTokenMutation) ID() (id string, exists bool) {
if m.id == nil {
return
}
return *m.id, true
}
// IDs queries the database and returns the entity ids that match the mutation's predicate.
// That means, if the mutation is applied within a transaction with an isolation level such
// as sql.LevelSerializable, the returned ids match the ids of the rows that will be updated
// or updated by the mutation.
func (m *RefreshTokenMutation) IDs(ctx context.Context) ([]string, error) {
switch {
case m.op.Is(OpUpdateOne | OpDeleteOne):
id, exists := m.ID()
if exists {
return []string{id}, nil
}
fallthrough
case m.op.Is(OpUpdate | OpDelete):
return m.Client().RefreshToken.Query().Where(m.predicates...).IDs(ctx)
default:
return nil, fmt.Errorf("IDs is not allowed on %s operations", m.op)
}
}
// SetUserID sets the "user_id" field.
func (m *RefreshTokenMutation) SetUserID(s string) {
m.user_id = &s
}
// UserID returns the value of the "user_id" field in the mutation.
func (m *RefreshTokenMutation) UserID() (r string, exists bool) {
v := m.user_id
if v == nil {
return
}
return *v, true
}
// OldUserID returns the old "user_id" field's value of the RefreshToken entity.
// If the RefreshToken object wasn't provided to the builder, the object is fetched from the database.
// An error is returned if the mutation operation is not UpdateOne, or the database query fails.
func (m *RefreshTokenMutation) OldUserID(ctx context.Context) (v string, err error) {
if !m.op.Is(OpUpdateOne) {
return v, errors.New("OldUserID is only allowed on UpdateOne operations")
}
if m.id == nil || m.oldValue == nil {
return v, errors.New("OldUserID requires an ID field in the mutation")
}
oldValue, err := m.oldValue(ctx)
if err != nil {
return v, fmt.Errorf("querying old value for OldUserID: %w", err)
}
return oldValue.UserID, nil
}
// ResetUserID resets all changes to the "user_id" field.
func (m *RefreshTokenMutation) ResetUserID() {
m.user_id = nil
}
// SetTokenHash sets the "token_hash" field.
func (m *RefreshTokenMutation) SetTokenHash(s string) {
m.token_hash = &s
}
// TokenHash returns the value of the "token_hash" field in the mutation.
func (m *RefreshTokenMutation) TokenHash() (r string, exists bool) {
v := m.token_hash
if v == nil {
return
}
return *v, true
}
// OldTokenHash returns the old "token_hash" field's value of the RefreshToken entity.
// If the RefreshToken object wasn't provided to the builder, the object is fetched from the database.
// An error is returned if the mutation operation is not UpdateOne, or the database query fails.
func (m *RefreshTokenMutation) OldTokenHash(ctx context.Context) (v string, err error) {
if !m.op.Is(OpUpdateOne) {
return v, errors.New("OldTokenHash is only allowed on UpdateOne operations")
}
if m.id == nil || m.oldValue == nil {
return v, errors.New("OldTokenHash requires an ID field in the mutation")
}
oldValue, err := m.oldValue(ctx)
if err != nil {
return v, fmt.Errorf("querying old value for OldTokenHash: %w", err)
}
return oldValue.TokenHash, nil
}
// ResetTokenHash resets all changes to the "token_hash" field.
func (m *RefreshTokenMutation) ResetTokenHash() {
m.token_hash = nil
}
// SetExpiresAt sets the "expires_at" field.
func (m *RefreshTokenMutation) SetExpiresAt(t time.Time) {
m.expires_at = &t
}
// ExpiresAt returns the value of the "expires_at" field in the mutation.
func (m *RefreshTokenMutation) ExpiresAt() (r time.Time, exists bool) {
v := m.expires_at
if v == nil {
return
}
return *v, true
}
// OldExpiresAt returns the old "expires_at" field's value of the RefreshToken entity.
// If the RefreshToken object wasn't provided to the builder, the object is fetched from the database.
// An error is returned if the mutation operation is not UpdateOne, or the database query fails.
func (m *RefreshTokenMutation) OldExpiresAt(ctx context.Context) (v time.Time, err error) {
if !m.op.Is(OpUpdateOne) {
return v, errors.New("OldExpiresAt is only allowed on UpdateOne operations")
}
if m.id == nil || m.oldValue == nil {
return v, errors.New("OldExpiresAt requires an ID field in the mutation")
}
oldValue, err := m.oldValue(ctx)
if err != nil {
return v, fmt.Errorf("querying old value for OldExpiresAt: %w", err)
}
return oldValue.ExpiresAt, nil
}
// ResetExpiresAt resets all changes to the "expires_at" field.
func (m *RefreshTokenMutation) ResetExpiresAt() {
m.expires_at = nil
}
// SetCreatedAt sets the "created_at" field.
func (m *RefreshTokenMutation) SetCreatedAt(t time.Time) {
m.created_at = &t
}
// CreatedAt returns the value of the "created_at" field in the mutation.
func (m *RefreshTokenMutation) CreatedAt() (r time.Time, exists bool) {
v := m.created_at
if v == nil {
return
}
return *v, true
}
// OldCreatedAt returns the old "created_at" field's value of the RefreshToken entity.
// If the RefreshToken object wasn't provided to the builder, the object is fetched from the database.
// An error is returned if the mutation operation is not UpdateOne, or the database query fails.
func (m *RefreshTokenMutation) OldCreatedAt(ctx context.Context) (v time.Time, err error) {
if !m.op.Is(OpUpdateOne) {
return v, errors.New("OldCreatedAt is only allowed on UpdateOne operations")
}
if m.id == nil || m.oldValue == nil {
return v, errors.New("OldCreatedAt requires an ID field in the mutation")
}
oldValue, err := m.oldValue(ctx)
if err != nil {
return v, fmt.Errorf("querying old value for OldCreatedAt: %w", err)
}
return oldValue.CreatedAt, nil
}
// ResetCreatedAt resets all changes to the "created_at" field.
func (m *RefreshTokenMutation) ResetCreatedAt() {
m.created_at = nil
}
// Where appends a list predicates to the RefreshTokenMutation builder.
func (m *RefreshTokenMutation) Where(ps ...predicate.RefreshToken) {
m.predicates = append(m.predicates, ps...)
}
// WhereP appends storage-level predicates to the RefreshTokenMutation builder. Using this method,
// users can use type-assertion to append predicates that do not depend on any generated package.
func (m *RefreshTokenMutation) WhereP(ps ...func(*sql.Selector)) {
p := make([]predicate.RefreshToken, len(ps))
for i := range ps {
p[i] = ps[i]
}
m.Where(p...)
}
// Op returns the operation name.
func (m *RefreshTokenMutation) Op() Op {
return m.op
}
// SetOp allows setting the mutation operation.
func (m *RefreshTokenMutation) SetOp(op Op) {
m.op = op
}
// Type returns the node type of this mutation (RefreshToken).
func (m *RefreshTokenMutation) Type() string {
return m.typ
}
// Fields returns all fields that were changed during this mutation. Note that in
// order to get all numeric fields that were incremented/decremented, call
// AddedFields().
func (m *RefreshTokenMutation) Fields() []string {
fields := make([]string, 0, 4)
if m.user_id != nil {
fields = append(fields, refreshtoken.FieldUserID)
}
if m.token_hash != nil {
fields = append(fields, refreshtoken.FieldTokenHash)
}
if m.expires_at != nil {
fields = append(fields, refreshtoken.FieldExpiresAt)
}
if m.created_at != nil {
fields = append(fields, refreshtoken.FieldCreatedAt)
}
return fields
}
// Field returns the value of a field with the given name. The second boolean
// return value indicates that this field was not set, or was not defined in the
// schema.
func (m *RefreshTokenMutation) Field(name string) (ent.Value, bool) {
switch name {
case refreshtoken.FieldUserID:
return m.UserID()
case refreshtoken.FieldTokenHash:
return m.TokenHash()
case refreshtoken.FieldExpiresAt:
return m.ExpiresAt()
case refreshtoken.FieldCreatedAt:
return m.CreatedAt()
}
return nil, false
}
// OldField returns the old value of the field from the database. An error is
// returned if the mutation operation is not UpdateOne, or the query to the
// database failed.
func (m *RefreshTokenMutation) OldField(ctx context.Context, name string) (ent.Value, error) {
switch name {
case refreshtoken.FieldUserID:
return m.OldUserID(ctx)
case refreshtoken.FieldTokenHash:
return m.OldTokenHash(ctx)
case refreshtoken.FieldExpiresAt:
return m.OldExpiresAt(ctx)
case refreshtoken.FieldCreatedAt:
return m.OldCreatedAt(ctx)
}
return nil, fmt.Errorf("unknown RefreshToken field %s", name)
}
// SetField sets the value of a field with the given name. It returns an error if
// the field is not defined in the schema, or if the type mismatched the field
// type.
func (m *RefreshTokenMutation) SetField(name string, value ent.Value) error {
switch name {
case refreshtoken.FieldUserID:
v, ok := value.(string)
if !ok {
return fmt.Errorf("unexpected type %T for field %s", value, name)
}
m.SetUserID(v)
return nil
case refreshtoken.FieldTokenHash:
v, ok := value.(string)
if !ok {
return fmt.Errorf("unexpected type %T for field %s", value, name)
}
m.SetTokenHash(v)
return nil
case refreshtoken.FieldExpiresAt:
v, ok := value.(time.Time)
if !ok {
return fmt.Errorf("unexpected type %T for field %s", value, name)
}
m.SetExpiresAt(v)
return nil
case refreshtoken.FieldCreatedAt:
v, ok := value.(time.Time)
if !ok {
return fmt.Errorf("unexpected type %T for field %s", value, name)
}
m.SetCreatedAt(v)
return nil
}
return fmt.Errorf("unknown RefreshToken field %s", name)
}
// AddedFields returns all numeric fields that were incremented/decremented during
// this mutation.
func (m *RefreshTokenMutation) AddedFields() []string {
return nil
}
// AddedField returns the numeric value that was incremented/decremented on a field
// with the given name. The second boolean return value indicates that this field
// was not set, or was not defined in the schema.
func (m *RefreshTokenMutation) AddedField(name string) (ent.Value, bool) {
return nil, false
}
// AddField adds the value to the field with the given name. It returns an error if
// the field is not defined in the schema, or if the type mismatched the field
// type.
func (m *RefreshTokenMutation) AddField(name string, value ent.Value) error {
switch name {
}
return fmt.Errorf("unknown RefreshToken numeric field %s", name)
}
// ClearedFields returns all nullable fields that were cleared during this
// mutation.
func (m *RefreshTokenMutation) ClearedFields() []string {
return nil
}
// FieldCleared returns a boolean indicating if a field with the given name was
// cleared in this mutation.
func (m *RefreshTokenMutation) FieldCleared(name string) bool {
_, ok := m.clearedFields[name]
return ok
}
// ClearField clears the value of the field with the given name. It returns an
// error if the field is not defined in the schema.
func (m *RefreshTokenMutation) ClearField(name string) error {
return fmt.Errorf("unknown RefreshToken nullable field %s", name)
}
// ResetField resets all changes in the mutation for the field with the given name.
// It returns an error if the field is not defined in the schema.
func (m *RefreshTokenMutation) ResetField(name string) error {
switch name {
case refreshtoken.FieldUserID:
m.ResetUserID()
return nil
case refreshtoken.FieldTokenHash:
m.ResetTokenHash()
return nil
case refreshtoken.FieldExpiresAt:
m.ResetExpiresAt()
return nil
case refreshtoken.FieldCreatedAt:
m.ResetCreatedAt()
return nil
}
return fmt.Errorf("unknown RefreshToken field %s", name)
}
// AddedEdges returns all edge names that were set/added in this mutation.
func (m *RefreshTokenMutation) AddedEdges() []string {
edges := make([]string, 0, 0)
return edges
}
// AddedIDs returns all IDs (to other nodes) that were added for the given edge
// name in this mutation.
func (m *RefreshTokenMutation) AddedIDs(name string) []ent.Value {
return nil
}
// RemovedEdges returns all edge names that were removed in this mutation.
func (m *RefreshTokenMutation) RemovedEdges() []string {
edges := make([]string, 0, 0)
return edges
}
// RemovedIDs returns all IDs (to other nodes) that were removed for the edge with
// the given name in this mutation.
func (m *RefreshTokenMutation) RemovedIDs(name string) []ent.Value {
return nil
}
// ClearedEdges returns all edge names that were cleared in this mutation.
func (m *RefreshTokenMutation) ClearedEdges() []string {
edges := make([]string, 0, 0)
return edges
}
// EdgeCleared returns a boolean which indicates if the edge with the given name
// was cleared in this mutation.
func (m *RefreshTokenMutation) EdgeCleared(name string) bool {
return false
}
// ClearEdge clears the value of the edge with the given name. It returns an error
// if that edge is not defined in the schema.
func (m *RefreshTokenMutation) ClearEdge(name string) error {
return fmt.Errorf("unknown RefreshToken unique edge %s", name)
}
// ResetEdge resets all changes to the edge with the given name in this mutation.
// It returns an error if the edge is not defined in the schema.
func (m *RefreshTokenMutation) ResetEdge(name string) error {
return fmt.Errorf("unknown RefreshToken edge %s", name)
}
// RoleMutation represents an operation that mutates the Role nodes in the graph.
type RoleMutation struct {
config