Files
geo/server/internal/tenant/transport/desktop_account_handler.go
T
root 1ba29b9a09
Frontend CI / Frontend (push) Successful in 3m4s
Backend CI / Backend (push) Successful in 14m24s
feat(desktop): isolate platform accounts per desktop client
Scope desktop media accounts by the authenticated desktop client_id so
the same user logging in from Mac and Windows no longer sees a shared
account list. The list, identity lookup, upsert, patch, tombstone and
async health sink paths now all require matching client_id, and the
active uniqueness index moves from (workspace, platform, uid) to
(workspace, client, platform, uid).

Also strengthen the desktop client_id seed: when the OS machine id is
unavailable, fall back to a hashed fingerprint of stable hardware MAC
addresses before the random installation id, so the same hardware
keeps the same client across reinstalls.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-06 13:13:11 +08:00

141 lines
4.0 KiB
Go

package transport
import (
"strconv"
"github.com/gin-gonic/gin"
"github.com/google/uuid"
"github.com/geo-platform/tenant-api/internal/bootstrap"
"github.com/geo-platform/tenant-api/internal/shared/auth"
"github.com/geo-platform/tenant-api/internal/shared/response"
"github.com/geo-platform/tenant-api/internal/tenant/app"
"github.com/geo-platform/tenant-api/internal/tenant/repository"
)
type DesktopAccountHandler struct {
svc *app.DesktopAccountService
}
func NewDesktopAccountHandler(a *bootstrap.App) *DesktopAccountHandler {
return &DesktopAccountHandler{
svc: app.NewDesktopAccountService(
repository.NewDesktopAccountRepository(a.DB),
repository.NewDesktopClientRepository(a.DB),
a.Redis,
a.RabbitMQ,
),
}
}
func (h *DesktopAccountHandler) List(c *gin.Context) {
if clientQuery := c.Query("client"); clientQuery != "" && clientQuery != "self" {
response.Error(c, response.ErrBadRequest(40081, "invalid_client_query", "client query must be self"))
return
}
data, err := h.svc.ListByClient(c.Request.Context(), MustDesktopClient(c.Request.Context()))
if err != nil {
response.Error(c, err)
return
}
response.Success(c, data)
}
func (h *DesktopAccountHandler) TenantList(c *gin.Context) {
data, err := h.svc.ListForActor(c.Request.Context(), auth.MustActor(c.Request.Context()))
if err != nil {
response.Error(c, err)
return
}
response.Success(c, data)
}
func (h *DesktopAccountHandler) Upsert(c *gin.Context) {
var req app.UpsertDesktopAccountRequest
if err := c.ShouldBindJSON(&req); err != nil {
response.Error(c, response.ErrBadRequest(40001, "invalid_params", err.Error()))
return
}
data, err := h.svc.Upsert(c.Request.Context(), MustDesktopClient(c.Request.Context()), req)
if err != nil {
response.Error(c, err)
return
}
response.SuccessWithStatus(c, 201, data)
}
func (h *DesktopAccountHandler) ReportHealth(c *gin.Context) {
var req app.ReportDesktopAccountHealthRequest
if err := c.ShouldBindJSON(&req); err != nil {
response.Error(c, response.ErrBadRequest(40001, "invalid_params", err.Error()))
return
}
data, err := h.svc.ReportHealth(c.Request.Context(), MustDesktopClient(c.Request.Context()), req)
if err != nil {
response.Error(c, err)
return
}
response.Success(c, data)
}
func (h *DesktopAccountHandler) Patch(c *gin.Context) {
desktopID, err := uuid.Parse(c.Param("id"))
if err != nil {
response.Error(c, response.ErrBadRequest(40082, "invalid_desktop_account_id", "desktop account id must be a uuid"))
return
}
var req app.PatchDesktopAccountRequest
if err := c.ShouldBindJSON(&req); err != nil {
response.Error(c, response.ErrBadRequest(40001, "invalid_params", err.Error()))
return
}
data, err := h.svc.Patch(c.Request.Context(), MustDesktopClient(c.Request.Context()), desktopID, req)
if err != nil {
response.Error(c, err)
return
}
response.Success(c, data)
}
func (h *DesktopAccountHandler) Delete(c *gin.Context) {
desktopID, err := uuid.Parse(c.Param("id"))
if err != nil {
response.Error(c, response.ErrBadRequest(40082, "invalid_desktop_account_id", "desktop account id must be a uuid"))
return
}
ifSyncVersion, err := strconv.ParseInt(c.Query("if_sync_version"), 10, 64)
if err != nil {
response.Error(c, response.ErrBadRequest(40083, "invalid_sync_version", "if_sync_version must be an integer"))
return
}
data, err := h.svc.Tombstone(c.Request.Context(), MustDesktopClient(c.Request.Context()), desktopID, ifSyncVersion)
if err != nil {
response.Error(c, err)
return
}
response.Success(c, data)
}
func (h *DesktopAccountHandler) RequestDelete(c *gin.Context) {
desktopID, err := uuid.Parse(c.Param("id"))
if err != nil {
response.Error(c, response.ErrBadRequest(40082, "invalid_desktop_account_id", "desktop account id must be a uuid"))
return
}
actor := auth.MustActor(c.Request.Context())
data, err := h.svc.RequestDelete(c.Request.Context(), actor, desktopID, c.Query("undo") == "true")
if err != nil {
response.Error(c, err)
return
}
response.Success(c, data)
}