forked from baron/baron-sso
227 lines
5.4 KiB
Go
227 lines
5.4 KiB
Go
package repository
|
|
|
|
import (
|
|
"baron-sso-backend/internal/domain"
|
|
"context"
|
|
"time"
|
|
|
|
"gorm.io/gorm"
|
|
)
|
|
|
|
type DataIntegrityChecker interface {
|
|
CheckDataIntegrity(ctx context.Context) (domain.DataIntegrityReport, error)
|
|
}
|
|
|
|
type dataIntegrityChecker struct {
|
|
db *gorm.DB
|
|
}
|
|
|
|
func NewDataIntegrityChecker(db *gorm.DB) DataIntegrityChecker {
|
|
return &dataIntegrityChecker{db: db}
|
|
}
|
|
|
|
func (c *dataIntegrityChecker) CheckDataIntegrity(ctx context.Context) (domain.DataIntegrityReport, error) {
|
|
return CheckDataIntegrity(ctx, c.db)
|
|
}
|
|
|
|
func CheckDataIntegrity(ctx context.Context, db *gorm.DB) (domain.DataIntegrityReport, error) {
|
|
tenantChecks := []domain.DataIntegrityCheck{
|
|
{
|
|
Key: "duplicate_tenant_slugs",
|
|
Label: "중복 테넌트 slug",
|
|
Description: "삭제되지 않은 tenant의 slug를 대소문자 무시 기준으로 검사합니다.",
|
|
Severity: "error",
|
|
Count: 0,
|
|
},
|
|
{
|
|
Key: "orphan_tenant_parents",
|
|
Label: "유령 상위 테넌트 참조",
|
|
Description: "tenant.parent_id가 없거나 삭제된 tenant를 참조하는지 검사합니다.",
|
|
Severity: "error",
|
|
Count: 0,
|
|
},
|
|
}
|
|
userChecks := []domain.DataIntegrityCheck{
|
|
{
|
|
Key: "orphan_user_tenant_memberships",
|
|
Label: "유령 테넌트 사용자 소속",
|
|
Description: "users.tenant_id가 없거나 삭제된 tenant를 참조하는지 검사합니다.",
|
|
Severity: "error",
|
|
Count: 0,
|
|
},
|
|
{
|
|
Key: "orphan_user_login_id_tenants",
|
|
Label: "유령 테넌트 로그인 ID",
|
|
Description: "user_login_ids.tenant_id가 없거나 삭제된 tenant를 참조하는지 검사합니다.",
|
|
Severity: "error",
|
|
Count: 0,
|
|
},
|
|
{
|
|
Key: "orphan_user_login_id_users",
|
|
Label: "유령 사용자 로그인 ID",
|
|
Description: "user_login_ids.user_id가 없거나 삭제된 user를 참조하는지 검사합니다.",
|
|
Severity: "error",
|
|
Count: 0,
|
|
},
|
|
}
|
|
|
|
counts := []struct {
|
|
target *int64
|
|
query string
|
|
}{
|
|
{
|
|
target: &tenantChecks[0].Count,
|
|
query: `
|
|
SELECT COUNT(*)
|
|
FROM (
|
|
SELECT LOWER(TRIM(slug)) AS normalized_slug
|
|
FROM tenants
|
|
WHERE deleted_at IS NULL
|
|
AND status <> 'deleted'
|
|
AND TRIM(slug) <> ''
|
|
GROUP BY LOWER(TRIM(slug))
|
|
HAVING COUNT(*) > 1
|
|
) AS duplicate_slugs
|
|
`,
|
|
},
|
|
{
|
|
target: &tenantChecks[1].Count,
|
|
query: `
|
|
SELECT COUNT(*)
|
|
FROM tenants AS child
|
|
WHERE child.deleted_at IS NULL
|
|
AND child.parent_id IS NOT NULL
|
|
AND NOT EXISTS (
|
|
SELECT 1
|
|
FROM tenants AS parent
|
|
WHERE parent.id = child.parent_id
|
|
AND parent.deleted_at IS NULL
|
|
)
|
|
`,
|
|
},
|
|
{
|
|
target: &userChecks[0].Count,
|
|
query: `
|
|
SELECT COUNT(*)
|
|
FROM users AS u
|
|
WHERE u.deleted_at IS NULL
|
|
AND u.tenant_id IS NOT NULL
|
|
AND NOT EXISTS (
|
|
SELECT 1
|
|
FROM tenants AS t
|
|
WHERE t.id = u.tenant_id
|
|
AND t.deleted_at IS NULL
|
|
)
|
|
`,
|
|
},
|
|
{
|
|
target: &userChecks[1].Count,
|
|
query: `
|
|
SELECT COUNT(*)
|
|
FROM user_login_ids AS uli
|
|
WHERE NOT EXISTS (
|
|
SELECT 1
|
|
FROM tenants AS t
|
|
WHERE t.id = uli.tenant_id
|
|
AND t.deleted_at IS NULL
|
|
)
|
|
`,
|
|
},
|
|
{
|
|
target: &userChecks[2].Count,
|
|
query: `
|
|
SELECT COUNT(*)
|
|
FROM user_login_ids AS uli
|
|
WHERE NOT EXISTS (
|
|
SELECT 1
|
|
FROM users AS u
|
|
WHERE u.id = uli.user_id
|
|
AND u.deleted_at IS NULL
|
|
)
|
|
`,
|
|
},
|
|
}
|
|
|
|
for _, item := range counts {
|
|
if err := db.WithContext(ctx).Raw(item.query).Scan(item.target).Error; err != nil {
|
|
return domain.DataIntegrityReport{}, err
|
|
}
|
|
}
|
|
|
|
tenantChecks = applyIntegrityStatuses(tenantChecks)
|
|
userChecks = applyIntegrityStatuses(userChecks)
|
|
sections := []domain.DataIntegritySection{
|
|
{
|
|
Key: "tenant_integrity",
|
|
Label: "테넌트 정합성",
|
|
Status: summarizeIntegrityStatus(tenantChecks),
|
|
Checks: tenantChecks,
|
|
},
|
|
{
|
|
Key: "user_integrity",
|
|
Label: "사용자 정합성",
|
|
Status: summarizeIntegrityStatus(userChecks),
|
|
Checks: userChecks,
|
|
},
|
|
}
|
|
|
|
summary := domain.DataIntegritySummary{}
|
|
for _, section := range sections {
|
|
for _, check := range section.Checks {
|
|
summary.TotalChecks++
|
|
switch check.Status {
|
|
case domain.DataIntegrityStatusFail:
|
|
summary.Failures += check.Count
|
|
case domain.DataIntegrityStatusWarning:
|
|
summary.Warnings++
|
|
default:
|
|
summary.Passed++
|
|
}
|
|
}
|
|
}
|
|
|
|
return domain.DataIntegrityReport{
|
|
Status: summarizeSectionStatus(sections),
|
|
CheckedAt: time.Now().UTC(),
|
|
Summary: summary,
|
|
Sections: sections,
|
|
}, nil
|
|
}
|
|
|
|
func applyIntegrityStatuses(checks []domain.DataIntegrityCheck) []domain.DataIntegrityCheck {
|
|
for i := range checks {
|
|
if checks[i].Count > 0 {
|
|
checks[i].Status = domain.DataIntegrityStatusFail
|
|
} else {
|
|
checks[i].Status = domain.DataIntegrityStatusPass
|
|
}
|
|
}
|
|
return checks
|
|
}
|
|
|
|
func summarizeIntegrityStatus(checks []domain.DataIntegrityCheck) domain.DataIntegrityStatus {
|
|
status := domain.DataIntegrityStatusPass
|
|
for _, check := range checks {
|
|
if check.Status == domain.DataIntegrityStatusFail {
|
|
return domain.DataIntegrityStatusFail
|
|
}
|
|
if check.Status == domain.DataIntegrityStatusWarning {
|
|
status = domain.DataIntegrityStatusWarning
|
|
}
|
|
}
|
|
return status
|
|
}
|
|
|
|
func summarizeSectionStatus(sections []domain.DataIntegritySection) domain.DataIntegrityStatus {
|
|
status := domain.DataIntegrityStatusPass
|
|
for _, section := range sections {
|
|
if section.Status == domain.DataIntegrityStatusFail {
|
|
return domain.DataIntegrityStatusFail
|
|
}
|
|
if section.Status == domain.DataIntegrityStatusWarning {
|
|
status = domain.DataIntegrityStatusWarning
|
|
}
|
|
}
|
|
return status
|
|
}
|