ReBAC 고도화 및 애플리케이션 관리 시스템 통합 구현

2026-02-04 15:01:13 +09:00
parent 066ea86f46
commit 7e09764ad9
21 changed files with 1532 additions and 62 deletions
--- a/backend/internal/handler/relying_party_handler.go
+++ b/backend/internal/handler/relying_party_handler.go
@@ -0,0 +1,111 @@
+package handler
+
+import (
+	"baron-sso-backend/internal/domain"
+	"baron-sso-backend/internal/service"
+	"github.com/gofiber/fiber/v2"
+	"log/slog"
+)
+
+type RelyingPartyHandler struct {
+	Service service.RelyingPartyService
+}
+
+func NewRelyingPartyHandler(s service.RelyingPartyService) *RelyingPartyHandler {
+	return &RelyingPartyHandler{Service: s}
+}
+
+func (h *RelyingPartyHandler) Create(c *fiber.Ctx) error {
+	tenantID := c.Params("tenantId")
+	if tenantID == "" {
+		return c.Status(fiber.StatusBadRequest).JSON(fiber.Map{"error": "tenantId is required"})
+	}
+
+	var req domain.HydraClient
+	if err := c.BodyParser(&req); err != nil {
+		return c.Status(fiber.StatusBadRequest).JSON(fiber.Map{"error": "invalid request body"})
+	}
+
+	rp, err := h.Service.Create(c.Context(), tenantID, req)
+	if err != nil {
+		return c.Status(fiber.StatusInternalServerError).JSON(fiber.Map{"error": err.Error()})
+	}
+
+	return c.Status(fiber.StatusCreated).JSON(rp)
+}
+
+func (h *RelyingPartyHandler) ListAll(c *fiber.Ctx) error {
+	profile, ok := c.Locals("user_profile").(*domain.UserProfileResponse)
+	if !ok {
+		return c.Status(fiber.StatusUnauthorized).JSON(fiber.Map{"error": "unauthorized: user profile not found in context"})
+	}
+
+	var rps []domain.RelyingParty
+	var err error
+
+	if profile.Role == domain.RoleSuperAdmin {
+		rps, err = h.Service.ListAll(c.Context())
+	} else if profile.Role == domain.RoleTenantAdmin && profile.TenantID != nil {
+		rps, err = h.Service.List(c.Context(), *profile.TenantID)
+	} else {
+		slog.Warn("Forbidden access to all applications", "userID", profile.ID, "role", profile.Role)
+		return c.Status(fiber.StatusForbidden).JSON(fiber.Map{"error": "forbidden: insufficient role to list all applications"})
+	}
+
+	if err != nil {
+		return c.Status(fiber.StatusInternalServerError).JSON(fiber.Map{"error": err.Error()})
+	}
+
+	return c.JSON(rps)
+}
+
+func (h *RelyingPartyHandler) List(c *fiber.Ctx) error {
+	tenantID := c.Params("tenantId")
+	if tenantID == "" {
+		return c.Status(fiber.StatusBadRequest).JSON(fiber.Map{"error": "tenantId is required"})
+	}
+
+	rps, err := h.Service.List(c.Context(), tenantID)
+	if err != nil {
+		return c.Status(fiber.StatusInternalServerError).JSON(fiber.Map{"error": err.Error()})
+	}
+
+	return c.JSON(rps)
+}
+
+func (h *RelyingPartyHandler) Get(c *fiber.Ctx) error {
+	id := c.Params("id")
+	rp, hydraClient, err := h.Service.Get(c.Context(), id)
+	if err != nil {
+		return c.Status(fiber.StatusNotFound).JSON(fiber.Map{"error": "relying party not found"})
+	}
+
+	return c.JSON(fiber.Map{
+		"relyingParty": rp,
+		"oauth2Config": hydraClient,
+	})
+}
+
+func (h *RelyingPartyHandler) Update(c *fiber.Ctx) error {
+	id := c.Params("id")
+	var req domain.HydraClient
+	if err := c.BodyParser(&req); err != nil {
+		return c.Status(fiber.StatusBadRequest).JSON(fiber.Map{"error": "invalid request body"})
+	}
+
+	rp, err := h.Service.Update(c.Context(), id, req)
+	if err != nil {
+		return c.Status(fiber.StatusInternalServerError).JSON(fiber.Map{"error": err.Error()})
+	}
+
+	return c.JSON(rp)
+}
+
+func (h *RelyingPartyHandler) Delete(c *fiber.Ctx) error {
+	id := c.Params("id")
+	if err := h.Service.Delete(c.Context(), id); err != nil {
+		return c.Status(fiber.StatusInternalServerError).JSON(fiber.Map{"error": err.Error()})
+	}
+
+	return c.SendStatus(fiber.StatusNoContent)
+}