feat(desktop): implement workspace foundation + desktop-client skeleton
Plan 0 (workspaces): add workspaces + workspace_memberships schema, extend JWT/Actor/claims with primary_workspace_id, seed default workspace per tenant, thread workspace_id through tenant monitoring quota. Plan A (desktop skeleton): new Electron app (apps/desktop-client) with main/ preload/renderer, shared Vue component package (packages/ui-shared), and server surface — desktop client registration + token rotation + heartbeat, SSE task event stream, desktop accounts/tasks/content handlers, publish job endpoint, and supporting repositories, services, sqlc queries, and migrations. Hard cutover per plan: remove browser-extension monitoring callback endpoints, stub legacy media API in admin-web, and delete monitoring_callback_handler.go.
This commit is contained in:
@@ -0,0 +1,61 @@
|
||||
package transport
|
||||
|
||||
import (
|
||||
"context"
|
||||
"strings"
|
||||
|
||||
"github.com/gin-gonic/gin"
|
||||
|
||||
"github.com/geo-platform/tenant-api/internal/shared/response"
|
||||
"github.com/geo-platform/tenant-api/internal/tenant/app"
|
||||
"github.com/geo-platform/tenant-api/internal/tenant/repository"
|
||||
)
|
||||
|
||||
type desktopClientKey struct{}
|
||||
|
||||
func DesktopClientMiddleware(repo repository.DesktopClientRepository) gin.HandlerFunc {
|
||||
return func(c *gin.Context) {
|
||||
token, err := bearerClientToken(c.GetHeader("Authorization"))
|
||||
if err != nil {
|
||||
response.Error(c, response.ErrUnauthorized(40130, "missing_client_token", "desktop client token is required"))
|
||||
c.Abort()
|
||||
return
|
||||
}
|
||||
|
||||
client, err := repo.GetByTokenHash(c.Request.Context(), app.HashDesktopClientToken(token))
|
||||
if err != nil {
|
||||
response.Error(c, response.ErrUnauthorized(40131, "invalid_client_token", "desktop client token is invalid or revoked"))
|
||||
c.Abort()
|
||||
return
|
||||
}
|
||||
|
||||
ctx := WithDesktopClient(c.Request.Context(), client)
|
||||
c.Request = c.Request.WithContext(ctx)
|
||||
c.Next()
|
||||
}
|
||||
}
|
||||
|
||||
func WithDesktopClient(ctx context.Context, client *repository.DesktopClient) context.Context {
|
||||
return context.WithValue(ctx, desktopClientKey{}, client)
|
||||
}
|
||||
|
||||
func DesktopClientFromCtx(ctx context.Context) (*repository.DesktopClient, bool) {
|
||||
client, ok := ctx.Value(desktopClientKey{}).(*repository.DesktopClient)
|
||||
return client, ok && client != nil
|
||||
}
|
||||
|
||||
func MustDesktopClient(ctx context.Context) *repository.DesktopClient {
|
||||
client, ok := DesktopClientFromCtx(ctx)
|
||||
if !ok {
|
||||
panic("desktop client not in context")
|
||||
}
|
||||
return client
|
||||
}
|
||||
|
||||
func bearerClientToken(header string) (string, error) {
|
||||
parts := strings.SplitN(strings.TrimSpace(header), " ", 2)
|
||||
if len(parts) != 2 || !strings.EqualFold(parts[0], "bearer") || strings.TrimSpace(parts[1]) == "" {
|
||||
return "", response.ErrUnauthorized(40130, "missing_client_token", "desktop client token is required")
|
||||
}
|
||||
return strings.TrimSpace(parts[1]), nil
|
||||
}
|
||||
Reference in New Issue
Block a user