32 lines
1.1 KiB
C#
32 lines
1.1 KiB
C#
using Thalos.Bff.Application.Adapters;
|
|
using Thalos.Bff.Application.Security;
|
|
using Thalos.Bff.Contracts.Api;
|
|
|
|
namespace Thalos.Bff.Application.Handlers;
|
|
|
|
/// <summary>
|
|
/// Default edge handler for token issuance.
|
|
/// </summary>
|
|
public sealed class IssueTokenHandler(
|
|
IThalosServiceClient serviceClient,
|
|
IIdentityEdgeContractAdapter contractAdapter,
|
|
IPermissionGuard permissionGuard)
|
|
: IIssueTokenHandler
|
|
{
|
|
/// <inheritdoc />
|
|
public async Task<IssueTokenApiResponse> HandleAsync(IssueTokenApiRequest request)
|
|
{
|
|
var policyRequest = contractAdapter.ToPolicyRequest(request, "identity.token.issue");
|
|
var policyResponse = await serviceClient.EvaluatePolicyAsync(policyRequest);
|
|
|
|
if (!permissionGuard.CanAccess(policyResponse))
|
|
{
|
|
throw new UnauthorizedAccessException("Permission denied.");
|
|
}
|
|
|
|
var issueRequest = contractAdapter.ToIssueTokenRequest(request);
|
|
var issueResponse = await serviceClient.IssueTokenAsync(issueRequest);
|
|
return contractAdapter.ToIssueTokenApiResponse(issueResponse);
|
|
}
|
|
}
|