개발자 신청 API 구현 및 RP 생성 시 Keto 권한 자동 부여 로직 추가

2026-04-22 11:41:44 +09:00
parent 18e9a2aa4a
commit 4139bb7064
3 changed files with 181 additions and 5 deletions
--- a/backend/internal/handler/admin_handler.go
+++ b/backend/internal/handler/admin_handler.go
@@ -1,19 +1,29 @@
 package handler

 import (
+	"baron-sso-backend/internal/domain"
+	"baron-sso-backend/internal/repository"
 	"baron-sso-backend/internal/service"
+	"log/slog"
 	"runtime"
+	"strconv"
 	"time"

 	"github.com/gofiber/fiber/v2"
 )

 type AdminHandler struct {
-	Keto service.KetoService
+	Keto         service.KetoService
+	KetoOutbox   repository.KetoOutboxRepository
+	DeveloperSvc *service.DeveloperService
 }

-func NewAdminHandler(keto service.KetoService) *AdminHandler {
-	return &AdminHandler{Keto: keto}
+func NewAdminHandler(keto service.KetoService, ketoOutbox repository.KetoOutboxRepository, developerSvc *service.DeveloperService) *AdminHandler {
+	return &AdminHandler{
+		Keto:         keto,
+		KetoOutbox:   ketoOutbox,
+		DeveloperSvc: developerSvc,
+	}
 }

 func (h *AdminHandler) CheckAuth(c *fiber.Ctx) error {
@@ -39,3 +49,80 @@ func (h *AdminHandler) GetSystemStats(c *fiber.Ctx) error {

 	return c.Status(fiber.StatusOK).JSON(stats)
 }
+
+func (h *AdminHandler) ListDeveloperRequests(c *fiber.Ctx) error {
+	status := c.Query("status")
+	requests, err := h.DeveloperSvc.ListRequests(c.Context(), status)
+	if err != nil {
+		return errorJSON(c, fiber.StatusInternalServerError, err.Error())
+	}
+	return c.JSON(requests)
+}
+
+func (h *AdminHandler) ApproveDeveloperRequest(c *fiber.Ctx) error {
+	idStr := c.Params("id")
+	id, err := strconv.ParseUint(idStr, 10, 32)
+	if err != nil {
+		return errorJSON(c, fiber.StatusBadRequest, "invalid request id")
+	}
+
+	var reqBody struct {
+		AdminNotes string `json:"adminNotes"`
+	}
+	if err := c.BodyParser(&reqBody); err != nil {
+		return errorJSON(c, fiber.StatusBadRequest, "invalid request body")
+	}
+
+	// 1. Get request to know userID and tenantID
+	devReq, err := h.DeveloperSvc.GetRequestByID(c.Context(), uint(id))
+	if err != nil {
+		return errorJSON(c, fiber.StatusInternalServerError, "failed to fetch request details")
+	}
+
+	// 2. Approve in DB
+	if err := h.DeveloperSvc.ApproveRequest(c.Context(), uint(id), reqBody.AdminNotes); err != nil {
+		return errorJSON(c, fiber.StatusInternalServerError, err.Error())
+	}
+
+	// 3. Grant Keto Permissions via Outbox
+	if h.KetoOutbox != nil {
+		subject := "User:" + devReq.UserID
+		permissions := []string{"view_dev_console", "grant_dev_permissions"}
+
+		for _, relation := range permissions {
+			err := h.KetoOutbox.Create(c.Context(), &domain.KetoOutbox{
+				Namespace: "Tenant",
+				Object:    devReq.TenantID,
+				Relation:  relation,
+				Subject:   subject,
+				Action:    domain.KetoOutboxActionCreate,
+			})
+			if err != nil {
+				slog.Warn("failed to create keto outbox for developer approval", "relation", relation, "userID", devReq.UserID, "error", err)
+			}
+		}
+	}
+
+	return c.JSON(fiber.Map{"status": "ok"})
+}
+
+func (h *AdminHandler) RejectDeveloperRequest(c *fiber.Ctx) error {
+	idStr := c.Params("id")
+	id, err := strconv.ParseUint(idStr, 10, 32)
+	if err != nil {
+		return errorJSON(c, fiber.StatusBadRequest, "invalid request id")
+	}
+
+	var reqBody struct {
+		AdminNotes string `json:"adminNotes"`
+	}
+	if err := c.BodyParser(&reqBody); err != nil {
+		return errorJSON(c, fiber.StatusBadRequest, "invalid request body")
+	}
+
+	if err := h.DeveloperSvc.RejectRequest(c.Context(), uint(id), reqBody.AdminNotes); err != nil {
+		return errorJSON(c, fiber.StatusInternalServerError, err.Error())
+	}
+
+	return c.JSON(fiber.Map{"status": "ok"})
+}