Split command authorization between aggregate boundaries

Author: pdt256

authorization_command_handler.go renamed to client_application_command_authorization.go

@@ -2,88 +2,22 @@ package goauth2
 
 import (
 	"github.com/inklabs/rangedb"
-	"github.com/inklabs/rangedb/pkg/clock"
 )
 
-type authorizationCommandHandler struct {
-	store          rangedb.Store
-	pendingEvents  []rangedb.Event
-	tokenGenerator TokenGenerator
-	clock          clock.Clock
+type clientApplicationCommandAuthorization struct {
+	store         rangedb.Store
+	pendingEvents []rangedb.Event
 }
 
-func newAuthorizationCommandHandler(
-	store rangedb.Store,
-	tokenGenerator TokenGenerator,
-	clock clock.Clock,
-) *authorizationCommandHandler {
-	return &authorizationCommandHandler{
-		store:          store,
-		tokenGenerator: tokenGenerator,
-		clock:          clock,
+func newClientApplicationCommandAuthorization(store rangedb.Store) *clientApplicationCommandAuthorization {
+	return &clientApplicationCommandAuthorization{
+		store: store,
 	}
 }
 
-func (h *authorizationCommandHandler) Handle(command Command) bool {
+func (h *clientApplicationCommandAuthorization) Handle(command Command) bool {
 	switch c := command.(type) {
 
-	case GrantUserAdministratorRole:
-		grantingUser := h.loadResourceOwnerAggregate(c.GrantingUserID)
-
-		if !grantingUser.IsOnBoarded {
-			h.emit(GrantUserAdministratorRoleWasRejectedDueToMissingGrantingUser{
-				UserID:         c.UserID,
-				GrantingUserID: c.GrantingUserID,
-			})
-			return false
-		}
-
-		if !grantingUser.IsAdministrator {
-			h.emit(GrantUserAdministratorRoleWasRejectedDueToNonAdministrator{
-				UserID:         c.UserID,
-				GrantingUserID: c.GrantingUserID,
-			})
-			return false
-		}
-
-	case AuthorizeUserToOnBoardClientApplications:
-		authorizingUser := h.loadResourceOwnerAggregate(c.AuthorizingUserID)
-
-		if !authorizingUser.IsOnBoarded {
-			h.emit(AuthorizeUserToOnBoardClientApplicationsWasRejectedDueToMissingAuthorizingUser{
-				UserID:            c.UserID,
-				AuthorizingUserID: c.AuthorizingUserID,
-			})
-			return false
-		}
-
-		if !authorizingUser.IsAdministrator {
-			h.emit(AuthorizeUserToOnBoardClientApplicationsWasRejectedDueToNonAdministrator{
-				UserID:            c.UserID,
-				AuthorizingUserID: c.AuthorizingUserID,
-			})
-			return false
-		}
-
-	case OnBoardClientApplication:
-		resourceOwner := h.loadResourceOwnerAggregate(c.UserID)
-
-		if !resourceOwner.IsOnBoarded {
-			h.emit(OnBoardClientApplicationWasRejectedDueToUnAuthorizeUser{
-				ClientID: c.ClientID,
-				UserID:   c.UserID,
-			})
-			return false
-		}
-
-		if !resourceOwner.IsAuthorizedToOnboardClientApplications {
-			h.emit(OnBoardClientApplicationWasRejectedDueToUnAuthorizeUser{
-				ClientID: c.ClientID,
-				UserID:   c.UserID,
-			})
-			return false
-		}
-
 	case RequestAccessTokenViaImplicitGrant:
 		clientApplication := h.loadClientApplicationAggregate(c.ClientID)
 
@@ -195,18 +129,14 @@ func (h *authorizationCommandHandler) Handle(command Command) bool {
 	return true
 }
 
-func (h *authorizationCommandHandler) emit(events ...rangedb.Event) {
+func (h *clientApplicationCommandAuthorization) emit(events ...rangedb.Event) {
 	h.pendingEvents = append(h.pendingEvents, events...)
 }
 
-func (h *authorizationCommandHandler) loadResourceOwnerAggregate(userID string) *resourceOwner {
-	return newResourceOwner(h.store.AllEventsByStream(resourceOwnerStream(userID)), h.tokenGenerator, h.clock)
-}
-
-func (h *authorizationCommandHandler) loadClientApplicationAggregate(clientID string) *clientApplication {
+func (h *clientApplicationCommandAuthorization) loadClientApplicationAggregate(clientID string) *clientApplication {
 	return newClientApplication(h.store.AllEventsByStream(clientApplicationStream(clientID)))
 }
 
-func (h *authorizationCommandHandler) GetPendingEvents() []rangedb.Event {
+func (h *clientApplicationCommandAuthorization) GetPendingEvents() []rangedb.Event {
 	return h.pendingEvents
 }

goauth2.go

@@ -52,7 +52,8 @@ func New(options ...Option) *App {
 	}
 
 	app.preCommandHandlers = []PreCommandHandler{
-		newAuthorizationCommandHandler(app.store, app.tokenGenerator, app.clock),
+		newResourceOwnerCommandAuthorization(app.store, app.tokenGenerator, app.clock),
+		newClientApplicationCommandAuthorization(app.store),
 	}
 
 	return app

resource_owner_command_authorization.go

@@ -0,0 +1,102 @@
+package goauth2
+
+import (
+	"github.com/inklabs/rangedb"
+	"github.com/inklabs/rangedb/pkg/clock"
+)
+
+type resourceOwnerCommandAuthorization struct {
+	store          rangedb.Store
+	clock          clock.Clock
+	tokenGenerator TokenGenerator
+	pendingEvents  []rangedb.Event
+}
+
+func newResourceOwnerCommandAuthorization(
+	store rangedb.Store,
+	tokenGenerator TokenGenerator,
+	clock clock.Clock,
+) *resourceOwnerCommandAuthorization {
+	return &resourceOwnerCommandAuthorization{
+		store:          store,
+		tokenGenerator: tokenGenerator,
+		clock:          clock,
+	}
+}
+
+func (a *resourceOwnerCommandAuthorization) Handle(command Command) bool {
+	switch c := command.(type) {
+
+	case GrantUserAdministratorRole:
+		grantingUser := a.loadResourceOwnerAggregate(c.GrantingUserID)
+
+		if !grantingUser.IsOnBoarded {
+			a.emit(GrantUserAdministratorRoleWasRejectedDueToMissingGrantingUser{
+				UserID:         c.UserID,
+				GrantingUserID: c.GrantingUserID,
+			})
+			return false
+		}
+
+		if !grantingUser.IsAdministrator {
+			a.emit(GrantUserAdministratorRoleWasRejectedDueToNonAdministrator{
+				UserID:         c.UserID,
+				GrantingUserID: c.GrantingUserID,
+			})
+			return false
+		}
+
+	case AuthorizeUserToOnBoardClientApplications:
+		authorizingUser := a.loadResourceOwnerAggregate(c.AuthorizingUserID)
+
+		if !authorizingUser.IsOnBoarded {
+			a.emit(AuthorizeUserToOnBoardClientApplicationsWasRejectedDueToMissingAuthorizingUser{
+				UserID:            c.UserID,
+				AuthorizingUserID: c.AuthorizingUserID,
+			})
+			return false
+		}
+
+		if !authorizingUser.IsAdministrator {
+			a.emit(AuthorizeUserToOnBoardClientApplicationsWasRejectedDueToNonAdministrator{
+				UserID:            c.UserID,
+				AuthorizingUserID: c.AuthorizingUserID,
+			})
+			return false
+		}
+
+	case OnBoardClientApplication:
+		resourceOwner := a.loadResourceOwnerAggregate(c.UserID)
+
+		if !resourceOwner.IsOnBoarded {
+			a.emit(OnBoardClientApplicationWasRejectedDueToUnAuthorizeUser{
+				ClientID: c.ClientID,
+				UserID:   c.UserID,
+			})
+			return false
+		}
+
+		if !resourceOwner.IsAuthorizedToOnboardClientApplications {
+			a.emit(OnBoardClientApplicationWasRejectedDueToUnAuthorizeUser{
+				ClientID: c.ClientID,
+				UserID:   c.UserID,
+			})
+			return false
+		}
+
+	}
+
+	return true
+}
+
+func (a *resourceOwnerCommandAuthorization) emit(events ...rangedb.Event) {
+	a.pendingEvents = append(a.pendingEvents, events...)
+}
+
+func (a *resourceOwnerCommandAuthorization) loadResourceOwnerAggregate(userID string) *resourceOwner {
+	return newResourceOwner(a.store.AllEventsByStream(resourceOwnerStream(userID)), a.tokenGenerator, a.clock)
+}
+
+func (a *resourceOwnerCommandAuthorization) GetPendingEvents() []rangedb.Event {
+	return a.pendingEvents
+}