(ctx context.Context, req *adminv1.IssueMagicAuthTokenRequest)
| 25 | const magicAuthTokenFilterMaxSize = 1024 |
| 26 | |
| 27 | func (s *Server) IssueMagicAuthToken(ctx context.Context, req *adminv1.IssueMagicAuthTokenRequest) (*adminv1.IssueMagicAuthTokenResponse, error) { |
| 28 | observability.AddRequestAttributes(ctx, |
| 29 | attribute.String("args.organization", req.Org), |
| 30 | attribute.String("args.project", req.Project), |
| 31 | attribute.String("args.display_name", req.DisplayName), |
| 32 | ) |
| 33 | |
| 34 | proj, err := s.admin.DB.FindProjectByName(ctx, req.Org, req.Project) |
| 35 | if err != nil { |
| 36 | return nil, err |
| 37 | } |
| 38 | |
| 39 | org, err := s.admin.DB.FindOrganization(ctx, proj.OrganizationID) |
| 40 | if err != nil { |
| 41 | return nil, err |
| 42 | } |
| 43 | |
| 44 | claims := auth.GetClaims(ctx) |
| 45 | projPerms := claims.ProjectPermissions(ctx, proj.OrganizationID, proj.ID) |
| 46 | if !projPerms.CreateMagicAuthTokens { |
| 47 | return nil, status.Error(codes.PermissionDenied, "not allowed to create a magic auth token") |
| 48 | } |
| 49 | |
| 50 | if req.ResourceName != "" && req.ResourceType != "" { // nolint:staticcheck // for backwards compatibility |
| 51 | addResource := true |
| 52 | for _, r := range req.Resources { |
| 53 | if r.Type == req.ResourceType && r.Name == req.ResourceName { // nolint:staticcheck // for backwards compatibility |
| 54 | addResource = false |
| 55 | break |
| 56 | } |
| 57 | } |
| 58 | if addResource { |
| 59 | req.Resources = append(req.Resources, &adminv1.ResourceName{ |
| 60 | Type: req.ResourceType, // nolint:staticcheck // for backwards compatibility |
| 61 | Name: req.ResourceName, // nolint:staticcheck // for backwards compatibility |
| 62 | }) |
| 63 | } |
| 64 | } |
| 65 | |
| 66 | resources := make([]database.ResourceName, len(req.Resources)) |
| 67 | for i, r := range req.Resources { |
| 68 | resources[i] = database.ResourceName{ |
| 69 | Type: r.Type, |
| 70 | Name: r.Name, |
| 71 | } |
| 72 | } |
| 73 | opts := &admin.IssueMagicAuthTokenOptions{ |
| 74 | ProjectID: proj.ID, |
| 75 | Fields: req.Fields, |
| 76 | State: req.State, |
| 77 | DisplayName: req.DisplayName, |
| 78 | Resources: resources, |
| 79 | } |
| 80 | |
| 81 | if req.TtlMinutes != 0 { |
| 82 | ttl := time.Duration(req.TtlMinutes) * time.Minute |
| 83 | opts.TTL = &ttl |
| 84 | } |
nothing calls this directly
no test coverage detected