mock auth, author by role token, next: filtering doctor request

This commit is contained in:
mario
2025-05-09 16:15:55 +07:00
parent 9664b1e0e3
commit 28e6110b6d
9 changed files with 459 additions and 199 deletions

View File

@@ -34,16 +34,30 @@ type CustomClaims struct {
UserID string `json:"user_id"`
Email string `json:"email"`
Role string `json:"role"`
UserName string `json:"user_name"`
TokenType string `json:"token_type"` // access or refresh
// Patient-specific fields
PatientID string `json:"patient_id,omitempty"`
PatientName string `json:"patient_name,omitempty"`
AccessionNumber string `json:"accession_number,omitempty"`
StudyIUID string `json:"study_iuid,omitempty"`
// Navigation and permissions
HomeURL string `json:"home_url,omitempty"`
StudyList string `json:"study_list,omitempty"` // enabled or disabled
FilterURL string `json:"filter_url,omitempty"` // for ref_doctor filtering
jwt.RegisteredClaims
}
// GenerateAccessToken creates a new access token
func (m *JWTManager) GenerateAccessToken(userID, email, role string) (string, error) {
// GenerateAccessToken creates a new access token with role-specific claims
func (m *JWTManager) GenerateAccessToken(userID, email, role, userName string, additionalClaims map[string]string) (string, error) {
claims := CustomClaims{
UserID: userID,
Email: email,
Role: role,
UserName: userName,
TokenType: "access",
RegisteredClaims: jwt.RegisteredClaims{
ExpiresAt: jwt.NewNumericDate(time.Now().Add(m.accessExpiry)),
@@ -51,16 +65,42 @@ func (m *JWTManager) GenerateAccessToken(userID, email, role string) (string, er
},
}
// Add role-specific additional claims
if additionalClaims != nil {
if val, ok := additionalClaims["patient_id"]; ok {
claims.PatientID = val
}
if val, ok := additionalClaims["patient_name"]; ok {
claims.PatientName = val
}
if val, ok := additionalClaims["accession_number"]; ok {
claims.AccessionNumber = val
}
if val, ok := additionalClaims["study_iuid"]; ok {
claims.StudyIUID = val
}
if val, ok := additionalClaims["home_url"]; ok {
claims.HomeURL = val
}
if val, ok := additionalClaims["study_list"]; ok {
claims.StudyList = val
}
if val, ok := additionalClaims["filter_url"]; ok {
claims.FilterURL = val
}
}
token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
return token.SignedString([]byte(m.secretKey))
}
// GenerateRefreshToken creates a new refresh token
func (m *JWTManager) GenerateRefreshToken(userID, email, role string) (string, error) {
// GenerateRefreshToken creates a new refresh token with the same claims as access token
func (m *JWTManager) GenerateRefreshToken(userID, email, role, userName string, additionalClaims map[string]string) (string, error) {
claims := CustomClaims{
UserID: userID,
Email: email,
Role: role,
UserName: userName,
TokenType: "refresh",
RegisteredClaims: jwt.RegisteredClaims{
ExpiresAt: jwt.NewNumericDate(time.Now().Add(m.refreshExpiry)),
@@ -68,6 +108,31 @@ func (m *JWTManager) GenerateRefreshToken(userID, email, role string) (string, e
},
}
// Add role-specific additional claims (same as access token)
if additionalClaims != nil {
if val, ok := additionalClaims["patient_id"]; ok {
claims.PatientID = val
}
if val, ok := additionalClaims["patient_name"]; ok {
claims.PatientName = val
}
if val, ok := additionalClaims["accession_number"]; ok {
claims.AccessionNumber = val
}
if val, ok := additionalClaims["study_iuid"]; ok {
claims.StudyIUID = val
}
if val, ok := additionalClaims["home_url"]; ok {
claims.HomeURL = val
}
if val, ok := additionalClaims["study_list"]; ok {
claims.StudyList = val
}
if val, ok := additionalClaims["filter_url"]; ok {
claims.FilterURL = val
}
}
token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
return token.SignedString([]byte(m.secretKey))
}