ory용 MCP 제작, devfront/adminfront 백엔드 연결

backend/internal/service/hydra_admin_service.go

@@ -0,0 +1,265 @@
+package service
+
+import (
+	"bytes"
+	"context"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"io"
+	"net"
+	"net/http"
+	"net/url"
+	"strconv"
+	"strings"
+	"time"
+)
+
+var ErrHydraNotFound = errors.New("hydra admin: resource not found")
+
+// HydraAdminService는 Hydra Admin API 호출을 래핑합니다.
+type HydraAdminService struct {
+	AdminURL  string
+	PublicURL string
+	HTTPClient *http.Client
+}
+
+type HydraClient struct {
+	ClientID               string                 `json:"client_id"`
+	ClientName             string                 `json:"client_name,omitempty"`
+	RedirectURIs           []string               `json:"redirect_uris,omitempty"`
+	GrantTypes             []string               `json:"grant_types,omitempty"`
+	ResponseTypes          []string               `json:"response_types,omitempty"`
+	Scope                  string                 `json:"scope,omitempty"`
+	TokenEndpointAuthMethod string                `json:"token_endpoint_auth_method,omitempty"`
+	Metadata               map[string]interface{} `json:"metadata,omitempty"`
+}
+
+type HydraConsentSession struct {
+	Subject         string        `json:"subject"`
+	GrantedScope    []string      `json:"granted_scope"`
+	GrantedAudience []string      `json:"granted_audience,omitempty"`
+	Remember        bool          `json:"remember"`
+	AuthenticatedAt *time.Time    `json:"authenticated_at,omitempty"`
+	RequestedAt     *time.Time    `json:"requested_at,omitempty"`
+	Client          HydraClient   `json:"client"`
+}
+
+func NewHydraAdminService() *HydraAdminService {
+	return &HydraAdminService{
+		AdminURL:  getenv("HYDRA_ADMIN_URL", "http://hydra:4445"),
+		PublicURL: getenv("HYDRA_PUBLIC_URL", "http://hydra:4444"),
+	}
+}
+
+func (s *HydraAdminService) ListClients(ctx context.Context, limit, offset int) ([]HydraClient, error) {
+	endpoint, err := s.buildURL("/clients", map[string]int{
+		"limit":  limit,
+		"offset": offset,
+	})
+	if err != nil {
+		return nil, err
+	}
+
+	req, err := http.NewRequestWithContext(ctx, http.MethodGet, endpoint, nil)
+	if err != nil {
+		return nil, err
+	}
+
+	resp, err := s.httpClient().Do(req)
+	if err != nil {
+		return nil, err
+	}
+	defer resp.Body.Close()
+
+	if resp.StatusCode == http.StatusNotFound {
+		return nil, ErrHydraNotFound
+	}
+	if resp.StatusCode >= 300 {
+		body, _ := io.ReadAll(io.LimitReader(resp.Body, 2048))
+		return nil, fmt.Errorf("hydra admin: list clients failed status=%d body=%s", resp.StatusCode, string(body))
+	}
+
+	var clients []HydraClient
+	if err := json.NewDecoder(resp.Body).Decode(&clients); err != nil {
+		return nil, fmt.Errorf("hydra admin: decode clients failed: %w", err)
+	}
+	return clients, nil
+}
+
+func (s *HydraAdminService) GetClient(ctx context.Context, clientID string) (*HydraClient, error) {
+	endpoint := fmt.Sprintf("%s/clients/%s", strings.TrimRight(s.AdminURL, "/"), url.PathEscape(clientID))
+	req, err := http.NewRequestWithContext(ctx, http.MethodGet, endpoint, nil)
+	if err != nil {
+		return nil, err
+	}
+
+	resp, err := s.httpClient().Do(req)
+	if err != nil {
+		return nil, err
+	}
+	defer resp.Body.Close()
+
+	if resp.StatusCode == http.StatusNotFound {
+		return nil, ErrHydraNotFound
+	}
+	if resp.StatusCode >= 300 {
+		body, _ := io.ReadAll(io.LimitReader(resp.Body, 2048))
+		return nil, fmt.Errorf("hydra admin: get client failed status=%d body=%s", resp.StatusCode, string(body))
+	}
+
+	var client HydraClient
+	if err := json.NewDecoder(resp.Body).Decode(&client); err != nil {
+		return nil, fmt.Errorf("hydra admin: decode client failed: %w", err)
+	}
+	return &client, nil
+}
+
+func (s *HydraAdminService) PatchClientStatus(ctx context.Context, clientID, status string) (*HydraClient, error) {
+	payload := map[string]interface{}{
+		"metadata": map[string]interface{}{
+			"status": status,
+		},
+	}
+	body, _ := json.Marshal(payload)
+	endpoint := fmt.Sprintf("%s/clients/%s", strings.TrimRight(s.AdminURL, "/"), url.PathEscape(clientID))
+
+	req, err := http.NewRequestWithContext(ctx, http.MethodPatch, endpoint, bytes.NewReader(body))
+	if err != nil {
+		return nil, err
+	}
+	req.Header.Set("Content-Type", "application/merge-patch+json")
+
+	resp, err := s.httpClient().Do(req)
+	if err != nil {
+		return nil, err
+	}
+	defer resp.Body.Close()
+
+	if resp.StatusCode == http.StatusNotFound {
+		return nil, ErrHydraNotFound
+	}
+	if resp.StatusCode >= 300 {
+		respBody, _ := io.ReadAll(io.LimitReader(resp.Body, 2048))
+		return nil, fmt.Errorf("hydra admin: patch client failed status=%d body=%s", resp.StatusCode, string(respBody))
+	}
+
+	var updated HydraClient
+	if err := json.NewDecoder(resp.Body).Decode(&updated); err != nil {
+		return nil, fmt.Errorf("hydra admin: decode patched client failed: %w", err)
+	}
+	return &updated, nil
+}
+
+func (s *HydraAdminService) ListConsentSessions(ctx context.Context, subject, clientID string) ([]HydraConsentSession, error) {
+	params := map[string]string{
+		"subject": subject,
+	}
+	if clientID != "" {
+		params["client"] = clientID
+	}
+	endpoint, err := s.buildURLWithParams("/oauth2/auth/sessions/consent", params)
+	if err != nil {
+		return nil, err
+	}
+
+	req, err := http.NewRequestWithContext(ctx, http.MethodGet, endpoint, nil)
+	if err != nil {
+		return nil, err
+	}
+
+	resp, err := s.httpClient().Do(req)
+	if err != nil {
+		return nil, err
+	}
+	defer resp.Body.Close()
+
+	if resp.StatusCode >= 300 {
+		body, _ := io.ReadAll(io.LimitReader(resp.Body, 2048))
+		return nil, fmt.Errorf("hydra admin: list consent sessions failed status=%d body=%s", resp.StatusCode, string(body))
+	}
+
+	var sessions []HydraConsentSession
+	if err := json.NewDecoder(resp.Body).Decode(&sessions); err != nil {
+		return nil, fmt.Errorf("hydra admin: decode consent sessions failed: %w", err)
+	}
+	return sessions, nil
+}
+
+func (s *HydraAdminService) RevokeConsentSessions(ctx context.Context, subject, clientID string) error {
+	params := map[string]string{
+		"subject": subject,
+	}
+	if clientID != "" {
+		params["client"] = clientID
+	}
+	endpoint, err := s.buildURLWithParams("/oauth2/auth/sessions/consent", params)
+	if err != nil {
+		return err
+	}
+
+	req, err := http.NewRequestWithContext(ctx, http.MethodDelete, endpoint, nil)
+	if err != nil {
+		return err
+	}
+
+	resp, err := s.httpClient().Do(req)
+	if err != nil {
+		return err
+	}
+	defer resp.Body.Close()
+
+	if resp.StatusCode >= 300 {
+		body, _ := io.ReadAll(io.LimitReader(resp.Body, 2048))
+		return fmt.Errorf("hydra admin: revoke consent failed status=%d body=%s", resp.StatusCode, string(body))
+	}
+	return nil
+}
+
+func (s *HydraAdminService) httpClient() *http.Client {
+	if s.HTTPClient != nil {
+		return s.HTTPClient
+	}
+	return &http.Client{
+		Timeout: 10 * time.Second,
+		Transport: &http.Transport{
+			DialContext: (&net.Dialer{
+				Timeout:   5 * time.Second,
+				KeepAlive: 30 * time.Second,
+			}).DialContext,
+			TLSHandshakeTimeout: 5 * time.Second,
+		},
+	}
+}
+
+func (s *HydraAdminService) buildURL(path string, ints map[string]int) (string, error) {
+	base := strings.TrimRight(s.AdminURL, "/")
+	u, err := url.Parse(base + path)
+	if err != nil {
+		return "", err
+	}
+	q := u.Query()
+	for key, value := range ints {
+		if value > 0 {
+			q.Set(key, strconv.Itoa(value))
+		}
+	}
+	u.RawQuery = q.Encode()
+	return u.String(), nil
+}
+
+func (s *HydraAdminService) buildURLWithParams(path string, params map[string]string) (string, error) {
+	base := strings.TrimRight(s.AdminURL, "/")
+	u, err := url.Parse(base + path)
+	if err != nil {
+		return "", err
+	}
+	q := u.Query()
+	for key, value := range params {
+		if value != "" {
+			q.Set(key, value)
+		}
+	}
+	u.RawQuery = q.Encode()
+	return u.String(), nil
+}