thalos-service/src/Thalos.Service.Grpc/Services/IdentityRuntimeGrpcService.cs

using Grpc.Core;
using BuildingBlock.Identity.Contracts.Conventions;
using Thalos.Service.Application.Adapters;
using Thalos.Service.Application.Grpc;
using Thalos.Service.Application.UseCases;
using BuildingBlock.Identity.Contracts.Requests;

namespace Thalos.Service.Grpc.Services;

/// <summary>
/// Internal gRPC endpoint implementation for identity runtime operations.
/// </summary>
public sealed class IdentityRuntimeGrpcService(
    IIssueIdentityTokenUseCase issueIdentityTokenUseCase,
    IEvaluateIdentityPolicyUseCase evaluateIdentityPolicyUseCase,
    IIdentityPolicyGrpcContractAdapter grpcContractAdapter) : IdentityRuntime.IdentityRuntimeBase
{
    /// <summary>
    /// Issues identity token through service use-case orchestration.
    /// </summary>
    /// <param name="request">gRPC token issuance request.</param>
    /// <param name="context">gRPC server call context.</param>
    /// <returns>gRPC token issuance response.</returns>
    public override async Task<IssueIdentityTokenGrpcResponse> IssueIdentityToken(
        IssueIdentityTokenGrpcRequest request,
        ServerCallContext context)
    {
        var useCaseRequest = new IssueIdentityTokenRequest(
            request.SubjectId,
            request.TenantId,
            ParseProvider(request.Provider),
            request.ExternalToken);
        var useCaseResponse = await issueIdentityTokenUseCase.HandleAsync(useCaseRequest);

        return new IssueIdentityTokenGrpcResponse
        {
            Token = useCaseResponse.Token,
            ExpiresInSeconds = useCaseResponse.ExpiresInSeconds
        };
    }

    /// <summary>
    /// Evaluates identity policy through service use-case orchestration.
    /// </summary>
    /// <param name="request">gRPC policy evaluation request.</param>
    /// <param name="context">gRPC server call context.</param>
    /// <returns>gRPC policy evaluation response.</returns>
    public override async Task<EvaluateIdentityPolicyGrpcResponse> EvaluateIdentityPolicy(
        EvaluateIdentityPolicyGrpcRequest request,
        ServerCallContext context)
    {
        var grpcContract = new EvaluateIdentityPolicyGrpcContract(
            request.SubjectId,
            request.TenantId,
            request.PermissionCode,
            request.Provider);

        var useCaseRequest = grpcContractAdapter.FromGrpc(grpcContract);
        var useCaseResponse = await evaluateIdentityPolicyUseCase.HandleAsync(useCaseRequest);

        return new EvaluateIdentityPolicyGrpcResponse
        {
            SubjectId = useCaseResponse.SubjectId,
            PermissionCode = useCaseResponse.PermissionCode,
            IsAllowed = useCaseResponse.IsAllowed
        };
    }

    private static IdentityAuthProvider ParseProvider(string provider)
    {
        return Enum.TryParse<IdentityAuthProvider>(provider, true, out var parsedProvider)
            ? parsedProvider
            : IdentityAuthProvider.InternalJwt;
    }
}