package auth;
import auth.models.Token;
import auth.modules.TokenException;
import auth.types.PermissionType;
import com.avaje.ebean.Ebean;
import com.avaje.ebean.SqlUpdate;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.slf4j.MDC;
import play.mvc.Http;
public class TokenService {
private static Logger logger = LoggerFactory.getLogger(TokenService.class);
public Token findByTokenValue(String tokenUID) {
return Token.findByTokenValue(tokenUID);
}
public void validateToken(Token token) {
if(token==null){
throw new TokenException(Http.Status.UNAUTHORIZED, "Token not found");
}
if(!token.isActive()){
throw new TokenException(Http.Status.UNAUTHORIZED, "Token expired");
}
}
public void validateUser(Token token) {
if(token.user==null){
throw new TokenException(Http.Status.UNAUTHORIZED, "User missing in token");
}
MDC.put("userid", token.user.username);
}
public void validateUserPermission(Token token, PermissionType permissionType) {
if (null != permissionType) {
logger.debug("Permission required: " + permissionType);
if(null == token.user.role){
throw new TokenException(Http.Status.FORBIDDEN, "User missing role");
}
logger.debug("User Permission: " + token.user.role.getPermissions());
if (token.user.role.getPermissions().contains(permissionType)) {
logger.debug("User is authorized");
}else {
String msg = "User not Authorized, missing required permission :" + permissionType;
logger.info(msg);
throw new TokenException(Http.Status.FORBIDDEN, msg);
}
}
}
public void cleanOldExpiredTokens() {
Token.deleteOldExpiredTokens();
}
}