[jwt] update DTO, clarify response codes

capcom6 · capcom6 · commit 39fa87f561d4 · 2025-11-24T06:31:29.000+07:00
diff --git a/go.mod b/go.mod
@@ -4,7 +4,7 @@ go 1.24.3
 
 require (
 	firebase.google.com/go/v4 v4.12.1
-	github.com/android-sms-gateway/client-go v1.9.5
+	github.com/android-sms-gateway/client-go v1.9.6-0.20251123133512-f7816d96f90a
 	github.com/ansrivas/fiberprometheus/v2 v2.6.1
 	github.com/capcom6/go-helpers v0.3.0
 	github.com/capcom6/go-infra-fx v0.5.2
diff --git a/go.sum b/go.sum
@@ -34,6 +34,8 @@ github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578 h1:d+Bc7a5rLufV
 github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE=
 github.com/android-sms-gateway/client-go v1.9.5 h1:fHrE1Pi3rKUdPVMmI9evKW0iyjB5bMIhFRxyq1wVQ+o=
 github.com/android-sms-gateway/client-go v1.9.5/go.mod h1:DQsReciU1xcaVW3T5Z2bqslNdsAwCFCtghawmA6g6L4=
+github.com/android-sms-gateway/client-go v1.9.6-0.20251123133512-f7816d96f90a h1:Tm1FDTqFRs1ZftaEmQqDdIXtMRZf2aGCp8t2BgXY/rs=
+github.com/android-sms-gateway/client-go v1.9.6-0.20251123133512-f7816d96f90a/go.mod h1:DQsReciU1xcaVW3T5Z2bqslNdsAwCFCtghawmA6g6L4=
 github.com/andybalholm/brotli v1.1.0 h1:eLKJA0d02Lf0mVpIDgYnqXcUn0GqVmEFny3VuID1U3M=
 github.com/andybalholm/brotli v1.1.0/go.mod h1:sms7XGricyQI9K10gOSf56VKKWS4oLer58Q+mhRPtnY=
 github.com/ansrivas/fiberprometheus/v2 v2.6.1 h1:wac3pXaE6BYYTF04AC6K0ktk6vCD+MnDOJZ3SK66kXM=
diff --git a/internal/sms-gateway/handlers/messages/3rdparty.go b/internal/sms-gateway/handlers/messages/3rdparty.go
@@ -56,6 +56,7 @@ type ThirdPartyController struct {
 //	@Success		202					{object}	smsgateway.GetMessageResponse	"Message enqueued"
 //	@Failure		400					{object}	smsgateway.ErrorResponse		"Invalid request"
 //	@Failure		401					{object}	smsgateway.ErrorResponse		"Unauthorized"
+//	@Failure		403					{object}	smsgateway.ErrorResponse		"Forbidden"
 //	@Failure		409					{object}	smsgateway.ErrorResponse		"Message with such ID already exists"
 //	@Failure		500					{object}	smsgateway.ErrorResponse		"Internal server error"
 //	@Header			202					{string}	Location						"Get message state URL"
@@ -189,6 +190,7 @@ func (h *ThirdPartyController) post(user users.User, c *fiber.Ctx) error {
 //	@Success		200			{object}	smsgateway.GetMessagesResponse	"A list of messages"
 //	@Failure		400			{object}	smsgateway.ErrorResponse		"Invalid request"
 //	@Failure		401			{object}	smsgateway.ErrorResponse		"Unauthorized"
+//	@Failure		403			{object}	smsgateway.ErrorResponse		"Forbidden"
 //	@Failure		500			{object}	smsgateway.ErrorResponse		"Internal server error"
 //	@Router			/3rdparty/v1/messages [get]
 //
@@ -221,6 +223,7 @@ func (h *ThirdPartyController) list(user users.User, c *fiber.Ctx) error {
 //	@Success		200	{object}	smsgateway.GetMessageResponse	"Message state"
 //	@Failure		400	{object}	smsgateway.ErrorResponse		"Invalid request"
 //	@Failure		401	{object}	smsgateway.ErrorResponse		"Unauthorized"
+//	@Failure		403	{object}	smsgateway.ErrorResponse		"Forbidden"
 //	@Failure		500	{object}	smsgateway.ErrorResponse		"Internal server error"
 //	@Router			/3rdparty/v1/messages/{id} [get]
 //
@@ -251,6 +254,7 @@ func (h *ThirdPartyController) get(user users.User, c *fiber.Ctx) error {
 //	@Success		202		{object}	object								"Inbox export request accepted"
 //	@Failure		400		{object}	smsgateway.ErrorResponse			"Invalid request"
 //	@Failure		401		{object}	smsgateway.ErrorResponse			"Unauthorized"
+//	@Failure		403		{object}	smsgateway.ErrorResponse			"Forbidden"
 //	@Failure		500		{object}	smsgateway.ErrorResponse			"Internal server error"
 //	@Router			/3rdparty/v1/messages/inbox/export [post]
 //
@@ -282,7 +286,7 @@ func (h *ThirdPartyController) Register(router fiber.Router) {
 	router.Post("", permissions.RequireScope(ScopeSend), userauth.WithUser(h.post))
 	router.Get(":id", permissions.RequireScope(ScopeRead), userauth.WithUser(h.get)).Name(route3rdPartyGetMessage)
 
-	router.Post("inbox/export", userauth.WithUser(h.postInboxExport))
+	router.Post("inbox/export", permissions.RequireScope(ScopeExport), userauth.WithUser(h.postInboxExport))
 }
 
 func NewThirdPartyController(params thirdPartyControllerParams) *ThirdPartyController {
diff --git a/internal/sms-gateway/handlers/messages/permissions.go b/internal/sms-gateway/handlers/messages/permissions.go
@@ -8,4 +8,6 @@ const (
 	ScopeRead = "messages:read"
 	// ScopeList is the permission scope required for listing messages.
 	ScopeList = "messages:list"
+	// ScopeExport is the permission scope required for exporting messages.
+	ScopeExport = "messages:export"
 )
diff --git a/internal/sms-gateway/handlers/middlewares/jwtauth/jwtauth.go b/internal/sms-gateway/handlers/middlewares/jwtauth/jwtauth.go
@@ -1,6 +1,7 @@
 package jwtauth
 
 import (
+	"errors"
 	"strings"
 
 	"github.com/android-sms-gateway/server/internal/sms-gateway/handlers/middlewares/permissions"
@@ -27,6 +28,9 @@ func NewJWT(jwtSvc jwt.Service, usersSvc *users.Service) fiber.Handler {
 
 		user, err := usersSvc.GetByUsername(claims.UserID)
 		if err != nil {
+			if !errors.Is(err, users.ErrNotFound) {
+				return fiber.ErrInternalServerError
+			}
 			return fiber.ErrUnauthorized
 		}
 
diff --git a/internal/sms-gateway/handlers/thirdparty/auth.go b/internal/sms-gateway/handlers/thirdparty/auth.go
@@ -4,6 +4,7 @@ import (
 	"errors"
 	"time"
 
+	"github.com/android-sms-gateway/client-go/smsgateway"
 	"github.com/android-sms-gateway/server/internal/sms-gateway/handlers/base"
 	"github.com/android-sms-gateway/server/internal/sms-gateway/handlers/middlewares/permissions"
 	"github.com/android-sms-gateway/server/internal/sms-gateway/handlers/middlewares/userauth"
@@ -39,27 +40,15 @@ func (h *AuthHandler) Register(router fiber.Router) {
 	router.Delete("/token/:jti", permissions.RequireScope(ScopeTokensManage), userauth.WithUser(h.deleteToken))
 }
 
-type tokenRequest struct {
-	TTL    uint64   `json:"ttl,omitempty"`
-	Scopes []string `json:"scopes" validate:"required,min=1,dive,required"`
-}
-
-type tokenResponse struct {
-	ID          string    `json:"id"`
-	TokenType   string    `json:"token_type"`
-	AccessToken string    `json:"access_token"`
-	ExpiresAt   time.Time `json:"expires_at"`
-}
-
 // @Summary		Generate token
 // @Description	Generate new access token with specified scopes and ttl
 // @Security		ApiAuth
 // @Security		JWTAuth
 // @Tags		User, Auth
 // @Accept		json
 // @Produce		json
-// @Param		request	body		tokenRequest	true	"Request"
-// @Success		201	{object}	tokenResponse	"Token"
+// @Param		request	body		smsgateway.TokenRequest	true	"Request"
+// @Success		201	{object}	smsgateway.TokenResponse	"Token"
 // @Failure		400	{object}	smsgateway.ErrorResponse	"Invalid request"
 // @Failure		401	{object}	smsgateway.ErrorResponse	"Unauthorized"
 // @Failure		403	{object}	smsgateway.ErrorResponse	"Forbidden"
@@ -68,7 +57,7 @@ type tokenResponse struct {
 //
 // Generate token.
 func (h *AuthHandler) postToken(user users.User, c *fiber.Ctx) error {
-	req := new(tokenRequest)
+	req := new(smsgateway.TokenRequest)
 	if err := h.BodyParserValidator(c, req); err != nil {
 		return err
 	}
@@ -78,7 +67,7 @@ func (h *AuthHandler) postToken(user users.User, c *fiber.Ctx) error {
 		return err
 	}
 
-	return c.Status(fiber.StatusCreated).JSON(tokenResponse{
+	return c.Status(fiber.StatusCreated).JSON(smsgateway.TokenResponse{
 		ID:          token.ID,
 		TokenType:   "Bearer",
 		AccessToken: token.AccessToken,
diff --git a/internal/sms-gateway/handlers/webhooks/3rdparty.go b/internal/sms-gateway/handlers/webhooks/3rdparty.go
@@ -38,6 +38,7 @@ type ThirdPartyController struct {
 //	@Produce		json
 //	@Success		200	{object}	[]smsgateway.Webhook		"Webhook list"
 //	@Failure		401	{object}	smsgateway.ErrorResponse	"Unauthorized"
+//	@Failure		403	{object}	smsgateway.ErrorResponse	"Forbidden"
 //	@Failure		500	{object}	smsgateway.ErrorResponse	"Internal server error"
 //	@Router			/3rdparty/v1/webhooks [get]
 //
@@ -62,6 +63,7 @@ func (h *ThirdPartyController) get(user users.User, c *fiber.Ctx) error {
 //	@Success		201		{object}	smsgateway.Webhook			"Created"
 //	@Failure		400		{object}	smsgateway.ErrorResponse	"Invalid request"
 //	@Failure		401		{object}	smsgateway.ErrorResponse	"Unauthorized"
+//	@Failure		403		{object}	smsgateway.ErrorResponse	"Forbidden"
 //	@Failure		500		{object}	smsgateway.ErrorResponse	"Internal server error"
 //	@Router			/3rdparty/v1/webhooks [post]
 //
@@ -93,6 +95,7 @@ func (h *ThirdPartyController) post(user users.User, c *fiber.Ctx) error {
 //	@Param			id	path		string						true	"Webhook ID"
 //	@Success		204	{object}	object						"Webhook deleted"
 //	@Failure		401	{object}	smsgateway.ErrorResponse	"Unauthorized"
+//	@Failure		403	{object}	smsgateway.ErrorResponse	"Forbidden"
 //	@Failure		500	{object}	smsgateway.ErrorResponse	"Internal server error"
 //	@Router			/3rdparty/v1/webhooks/{id} [delete]
 //
diff --git a/internal/sms-gateway/openapi/docs.go b/internal/sms-gateway/openapi/docs.go

Original file line number	Diff line number	Diff line change
`@@ -8,4 +8,6 @@ const (`
`8`	`8`	`ScopeRead = "messages:read"`
`9`	`9`	`// ScopeList is the permission scope required for listing messages.`
`10`	`10`	`ScopeList = "messages:list"`
	`11`	`+ // ScopeExport is the permission scope required for exporting messages.`
	`12`	`+ ScopeExport = "messages:export"`
`11`	`13`	`)`