backend swagger/redoc 추가

2026-01-28 13:06:09 +09:00
parent 1883753414
commit b7a0397ef9
15 changed files with 3890 additions and 20 deletions
--- a/backend/internal/handler/dev_handler.go
+++ b/backend/internal/handler/dev_handler.go
@@ -7,6 +7,7 @@ import (
 	"time"

 	"github.com/gofiber/fiber/v2"
+	"github.com/google/uuid"
 )

 type DevHandler struct {
@@ -37,8 +38,8 @@ type clientListResponse struct {
 }

 type clientDetailResponse struct {
-	Client    clientSummary    `json:"client"`
-	Endpoints clientEndpoints  `json:"endpoints"`
+	Client    clientSummary   `json:"client"`
+	Endpoints clientEndpoints `json:"endpoints"`
 }

 type clientEndpoints struct {
@@ -61,6 +62,19 @@ type consentListResponse struct {
 	Items []consentSummary `json:"items"`
 }

+type clientUpsertRequest struct {
+	ID                      *string                 `json:"id"`
+	Name                    *string                 `json:"name"`
+	Type                    *string                 `json:"type"`
+	Status                  *string                 `json:"status"`
+	RedirectURIs            *[]string               `json:"redirectUris"`
+	Scopes                  *[]string               `json:"scopes"`
+	GrantTypes              *[]string               `json:"grantTypes"`
+	ResponseTypes           *[]string               `json:"responseTypes"`
+	TokenEndpointAuthMethod *string                 `json:"tokenEndpointAuthMethod"`
+	Metadata                *map[string]interface{} `json:"metadata"`
+}
+
 func (h *DevHandler) ListClients(c *fiber.Ctx) error {
 	limit := c.QueryInt("limit", 50)
 	offset := c.QueryInt("offset", 0)
@@ -163,6 +177,189 @@ func (h *DevHandler) UpdateClientStatus(c *fiber.Ctx) error {
 	})
 }

+func (h *DevHandler) CreateClient(c *fiber.Ctx) error {
+	var req clientUpsertRequest
+	if err := c.BodyParser(&req); err != nil {
+		return c.Status(fiber.StatusBadRequest).JSON(fiber.Map{"error": "invalid request body"})
+	}
+
+	clientID := strings.TrimSpace(valueOr(req.ID, ""))
+	if clientID == "" {
+		clientID = uuid.NewString()
+	}
+
+	name := strings.TrimSpace(valueOr(req.Name, ""))
+	if name == "" {
+		name = clientID
+	}
+
+	redirectURIs := derefSlice(req.RedirectURIs, nil)
+	if len(redirectURIs) == 0 {
+		return c.Status(fiber.StatusBadRequest).JSON(fiber.Map{"error": "redirectUris is required"})
+	}
+
+	scopes := derefSlice(req.Scopes, defaultClientScopes())
+	grantTypes := derefSlice(req.GrantTypes, defaultGrantTypes())
+	responseTypes := derefSlice(req.ResponseTypes, defaultResponseTypes())
+
+	clientType := strings.ToLower(strings.TrimSpace(valueOr(req.Type, "confidential")))
+	if clientType != "public" && clientType != "confidential" {
+		return c.Status(fiber.StatusBadRequest).JSON(fiber.Map{"error": "type must be public or confidential"})
+	}
+
+	status := strings.ToLower(strings.TrimSpace(valueOr(req.Status, "active")))
+	if status != "active" && status != "inactive" {
+		return c.Status(fiber.StatusBadRequest).JSON(fiber.Map{"error": "status must be active or inactive"})
+	}
+
+	metadata := mergeMetadata(nil, req.Metadata)
+	if metadata == nil {
+		metadata = map[string]interface{}{}
+	}
+	metadata["status"] = status
+
+	tokenAuthMethod := strings.TrimSpace(valueOr(req.TokenEndpointAuthMethod, ""))
+	if tokenAuthMethod == "" {
+		if clientType == "public" {
+			tokenAuthMethod = "none"
+		} else {
+			tokenAuthMethod = "client_secret_basic"
+		}
+	}
+
+	client := service.HydraClient{
+		ClientID:                clientID,
+		ClientName:              name,
+		RedirectURIs:            redirectURIs,
+		GrantTypes:              grantTypes,
+		ResponseTypes:           responseTypes,
+		Scope:                   strings.Join(scopes, " "),
+		TokenEndpointAuthMethod: tokenAuthMethod,
+		Metadata:                metadata,
+	}
+
+	created, err := h.Hydra.CreateClient(c.Context(), client)
+	if err != nil {
+		return c.Status(fiber.StatusInternalServerError).JSON(fiber.Map{"error": err.Error()})
+	}
+
+	summary := mapClientSummary(*created)
+	return c.Status(fiber.StatusCreated).JSON(clientDetailResponse{
+		Client: summary,
+		Endpoints: clientEndpoints{
+			Discovery:     strings.TrimRight(h.Hydra.PublicURL, "/") + "/.well-known/openid-configuration",
+			Issuer:        h.Hydra.PublicURL,
+			Authorization: strings.TrimRight(h.Hydra.PublicURL, "/") + "/oauth2/auth",
+			Token:         strings.TrimRight(h.Hydra.PublicURL, "/") + "/oauth2/token",
+			UserInfo:      strings.TrimRight(h.Hydra.PublicURL, "/") + "/userinfo",
+		},
+	})
+}
+
+func (h *DevHandler) UpdateClient(c *fiber.Ctx) error {
+	clientID := strings.TrimSpace(c.Params("id"))
+	if clientID == "" {
+		return c.Status(fiber.StatusBadRequest).JSON(fiber.Map{"error": "client id is required"})
+	}
+
+	var req clientUpsertRequest
+	if err := c.BodyParser(&req); err != nil {
+		return c.Status(fiber.StatusBadRequest).JSON(fiber.Map{"error": "invalid request body"})
+	}
+
+	current, err := h.Hydra.GetClient(c.Context(), clientID)
+	if err != nil {
+		if errors.Is(err, service.ErrHydraNotFound) {
+			return c.Status(fiber.StatusNotFound).JSON(fiber.Map{"error": "client not found"})
+		}
+		return c.Status(fiber.StatusInternalServerError).JSON(fiber.Map{"error": err.Error()})
+	}
+
+	clientType := ""
+	if req.Type != nil {
+		clientType = strings.ToLower(strings.TrimSpace(*req.Type))
+		if clientType != "public" && clientType != "confidential" {
+			return c.Status(fiber.StatusBadRequest).JSON(fiber.Map{"error": "type must be public or confidential"})
+		}
+	}
+
+	status := ""
+	if req.Status != nil {
+		status = strings.ToLower(strings.TrimSpace(*req.Status))
+		if status != "active" && status != "inactive" {
+			return c.Status(fiber.StatusBadRequest).JSON(fiber.Map{"error": "status must be active or inactive"})
+		}
+	}
+
+	tokenAuthMethod := strings.TrimSpace(valueOr(req.TokenEndpointAuthMethod, ""))
+	if tokenAuthMethod == "" && clientType != "" {
+		if clientType == "public" {
+			tokenAuthMethod = "none"
+		} else {
+			tokenAuthMethod = "client_secret_basic"
+		}
+	}
+
+	if req.RedirectURIs != nil && len(*req.RedirectURIs) == 0 {
+		return c.Status(fiber.StatusBadRequest).JSON(fiber.Map{"error": "redirectUris cannot be empty"})
+	}
+
+	metadata := mergeMetadata(current.Metadata, req.Metadata)
+	if status != "" {
+		if metadata == nil {
+			metadata = map[string]interface{}{}
+		}
+		metadata["status"] = status
+	}
+
+	updated := service.HydraClient{
+		ClientID:                current.ClientID,
+		ClientName:              valueOr(req.Name, current.ClientName),
+		RedirectURIs:            derefSlice(req.RedirectURIs, current.RedirectURIs),
+		GrantTypes:              derefSlice(req.GrantTypes, current.GrantTypes),
+		ResponseTypes:           derefSlice(req.ResponseTypes, current.ResponseTypes),
+		Scope:                   buildScope(valueOrSlice(req.Scopes, strings.Fields(current.Scope))),
+		TokenEndpointAuthMethod: resolveTokenAuthMethod(tokenAuthMethod, current.TokenEndpointAuthMethod),
+		Metadata:                metadata,
+	}
+
+	updatedClient, err := h.Hydra.UpdateClient(c.Context(), clientID, updated)
+	if err != nil {
+		if errors.Is(err, service.ErrHydraNotFound) {
+			return c.Status(fiber.StatusNotFound).JSON(fiber.Map{"error": "client not found"})
+		}
+		return c.Status(fiber.StatusInternalServerError).JSON(fiber.Map{"error": err.Error()})
+	}
+
+	summary := mapClientSummary(*updatedClient)
+	return c.JSON(clientDetailResponse{
+		Client: summary,
+		Endpoints: clientEndpoints{
+			Discovery:     strings.TrimRight(h.Hydra.PublicURL, "/") + "/.well-known/openid-configuration",
+			Issuer:        h.Hydra.PublicURL,
+			Authorization: strings.TrimRight(h.Hydra.PublicURL, "/") + "/oauth2/auth",
+			Token:         strings.TrimRight(h.Hydra.PublicURL, "/") + "/oauth2/token",
+			UserInfo:      strings.TrimRight(h.Hydra.PublicURL, "/") + "/userinfo",
+		},
+	})
+}
+
+func (h *DevHandler) DeleteClient(c *fiber.Ctx) error {
+	clientID := strings.TrimSpace(c.Params("id"))
+	if clientID == "" {
+		return c.Status(fiber.StatusBadRequest).JSON(fiber.Map{"error": "client id is required"})
+	}
+
+	if err := h.Hydra.DeleteClient(c.Context(), clientID); err != nil {
+		if errors.Is(err, service.ErrHydraNotFound) {
+			return c.Status(fiber.StatusNotFound).JSON(fiber.Map{"error": "client not found"})
+		}
+		return c.Status(fiber.StatusInternalServerError).JSON(fiber.Map{"error": err.Error()})
+	}
+
+	return c.SendStatus(fiber.StatusNoContent)
+}
+
 func (h *DevHandler) ListConsents(c *fiber.Ctx) error {
 	subject := strings.TrimSpace(c.Query("subject"))
 	if subject == "" {
@@ -239,3 +436,61 @@ func mapClientSummary(client service.HydraClient) clientSummary {
 		Metadata:     client.Metadata,
 	}
 }
+
+func defaultClientScopes() []string {
+	return []string{"openid", "profile", "email"}
+}
+
+func defaultGrantTypes() []string {
+	return []string{"authorization_code", "refresh_token"}
+}
+
+func defaultResponseTypes() []string {
+	return []string{"code"}
+}
+
+func buildScope(scopes []string) string {
+	return strings.Join(scopes, " ")
+}
+
+func valueOr(ptr *string, fallback string) string {
+	if ptr == nil {
+		return fallback
+	}
+	return *ptr
+}
+
+func valueOrSlice(ptr *[]string, fallback []string) []string {
+	if ptr == nil {
+		return fallback
+	}
+	return *ptr
+}
+
+func derefSlice(ptr *[]string, fallback []string) []string {
+	if ptr == nil {
+		return fallback
+	}
+	return *ptr
+}
+
+func mergeMetadata(current map[string]interface{}, incoming *map[string]interface{}) map[string]interface{} {
+	if incoming == nil {
+		return current
+	}
+	merged := map[string]interface{}{}
+	for k, v := range current {
+		merged[k] = v
+	}
+	for k, v := range *incoming {
+		merged[k] = v
+	}
+	return merged
+}
+
+func resolveTokenAuthMethod(requested, fallback string) string {
+	if strings.TrimSpace(requested) == "" {
+		return fallback
+	}
+	return requested
+}