doxygen/html/a14834_source.html

/* -*- mode: c++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-

 *

 * Copyright (C) 2026 Marco Craveiro <marco.craveiro@gmail.com>

 *

 * This program is free software; you can redistribute it and/or modify it under

 * the terms of the GNU General Public License as published by the Free Software

 * Foundation; either version 3 of the License, or (at your option) any later

 * version.

 *

 * This program is distributed in the hope that it will be useful, but WITHOUT

 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS

 * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more

 * details.

 *

 * You should have received a copy of the GNU General Public License along with

 * this program; if not, write to the Free Software Foundation, Inc., 51

 * Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.

 *

 */

#ifndef ORES_IAM_MESSAGING_TENANT_TYPE_HANDLER_HPP

#define ORES_IAM_MESSAGING_TENANT_TYPE_HANDLER_HPP


#include <stdexcept>

#include "ores.logging/make_logger.hpp"

#include "ores.nats/domain/message.hpp"

#include "ores.nats/service/client.hpp"

#include "ores.database/domain/context.hpp"

#include "ores.security/jwt/jwt_authenticator.hpp"

#include "ores.service/messaging/handler_helpers.hpp"

#include "ores.service/service/request_context.hpp"

#include "ores.iam.api/messaging/tenant_type_protocol.hpp"

#include "ores.iam.core/service/tenant_type_service.hpp"


namespace ores::iam::messaging {


namespace {


inline auto& tenant_type_handler_lg() {

    static auto instance = ores::logging::make_logger(

        "ores.iam.messaging.tenant_type_handler");

    return instance;

}


} // namespace


using ores::service::messaging::reply;

using ores::service::messaging::decode;

using ores::service::messaging::stamp;

using ores::service::messaging::error_reply;

using ores::service::messaging::has_permission;

using ores::service::messaging::log_handler_entry;

using namespace ores::logging;


class tenant_type_handler {

public:

    tenant_type_handler(ores::nats::service::client& nats,

        ores::database::context ctx,

        ores::security::jwt::jwt_authenticator signer)

        : nats_(nats), ctx_(std::move(ctx)), signer_(std::move(signer)) {}


    void list(ores::nats::message msg) {

        [[maybe_unused]] const auto correlation_id =

            log_handler_entry(tenant_type_handler_lg(), msg);

        try {

            service::tenant_type_service svc(ctx_);

            BOOST_LOG_SEV(tenant_type_handler_lg(), debug)

                << "Completed " << msg.subject;

            reply(nats_, msg, get_tenant_types_response{

                .types = svc.list_types()});

        } catch (const std::exception& e) {

            BOOST_LOG_SEV(tenant_type_handler_lg(), error)

                << msg.subject << " failed: " << e.what();

            reply(nats_, msg, get_tenant_types_response{});

        }

    }


    void save(ores::nats::message msg) {

        [[maybe_unused]] const auto correlation_id =

            log_handler_entry(tenant_type_handler_lg(), msg);

        auto req = decode<save_tenant_type_request>(msg);

        if (!req) {

            BOOST_LOG_SEV(tenant_type_handler_lg(), warn)

                << "Failed to decode: " << msg.subject;

            return;

        }

        try {

            auto ctx_expected = ores::service::service::make_request_context(

                ctx_, msg, std::optional<ores::security::jwt::jwt_authenticator>{signer_});

            if (!ctx_expected) {

                error_reply(nats_, msg, ctx_expected.error());

                return;

            }

            const auto& ctx = *ctx_expected;

            if (!has_permission(ctx, "iam::tenants:create")) {

                error_reply(nats_, msg, ores::service::error_code::forbidden);

                return;

            }

            service::tenant_type_service svc(ctx);

            stamp(req->data, ctx);

            svc.save_type(req->data);

            BOOST_LOG_SEV(tenant_type_handler_lg(), debug)

                << "Completed " << msg.subject;

            reply(nats_, msg,

                save_tenant_type_response{.success = true});

        } catch (const std::exception& e) {

            BOOST_LOG_SEV(tenant_type_handler_lg(), error)

                << msg.subject << " failed: " << e.what();

            reply(nats_, msg, save_tenant_type_response{

                .success = false, .message = e.what()});

        }

    }


    void remove(ores::nats::message msg) {

        [[maybe_unused]] const auto correlation_id =

            log_handler_entry(tenant_type_handler_lg(), msg);

        auto req = decode<delete_tenant_type_request>(msg);

        if (!req) {

            BOOST_LOG_SEV(tenant_type_handler_lg(), warn)

                << "Failed to decode: " << msg.subject;

            return;

        }

        auto ctx_expected = ores::service::service::make_request_context(

            ctx_, msg, std::optional<ores::security::jwt::jwt_authenticator>{signer_});

        if (!ctx_expected) {

            error_reply(nats_, msg, ctx_expected.error());

            return;

        }

        const auto& ctx = *ctx_expected;

        if (!has_permission(ctx, "iam::tenants:delete")) {

            error_reply(nats_, msg, ores::service::error_code::forbidden);

            return;

        }

        try {

            service::tenant_type_service svc(ctx);

            svc.remove_type(req->type);

            BOOST_LOG_SEV(tenant_type_handler_lg(), debug)

                << "Completed " << msg.subject;

            reply(nats_, msg,

                delete_tenant_type_response{.success = true});

        } catch (const std::exception& e) {

            BOOST_LOG_SEV(tenant_type_handler_lg(), error)

                << msg.subject << " failed: " << e.what();

            reply(nats_, msg, delete_tenant_type_response{

                .success = false, .message = e.what()});

        }

    }


    void history(ores::nats::message msg) {

        [[maybe_unused]] const auto correlation_id =

            log_handler_entry(tenant_type_handler_lg(), msg);

        auto req = decode<get_tenant_type_history_request>(msg);

        if (!req) {

            BOOST_LOG_SEV(tenant_type_handler_lg(), warn)

                << "Failed to decode: " << msg.subject;

            return;

        }

        try {

            service::tenant_type_service svc(ctx_);

            auto hist = svc.get_type_history(req->type);

            BOOST_LOG_SEV(tenant_type_handler_lg(), debug)

                << "Completed " << msg.subject;

            reply(nats_, msg, get_tenant_type_history_response{

                .success = true,

                .history = std::move(hist)});

        } catch (const std::exception& e) {

            BOOST_LOG_SEV(tenant_type_handler_lg(), error)

                << msg.subject << " failed: " << e.what();

            reply(nats_, msg, get_tenant_type_history_response{

                .success = false, .message = e.what()});

        }

    }


private:

    ores::nats::service::client& nats_;

    ores::database::context ctx_;

    ores::security::jwt::jwt_authenticator signer_;

};


} // namespace ores::iam::messaging

#endif

std
STL namespace.

ores::logging
Implements logging infrastructure for ORE Studio.
Definition boost_severity.hpp:28

ores::service::error_code::forbidden
@ forbidden
The caller is authenticated but lacks the required permission.

ores::database::context
Context for the operations on a postgres database.
Definition context.hpp:47

ores::nats::message
A received NATS message.
Definition message.hpp:40

ores::nats::message::subject
std::string subject
The subject the message was published to.
Definition message.hpp:44

ores::nats::service::client
NATS client: connection, pub/sub, request/reply, and JetStream.
Definition client.hpp:73

ores::security::jwt::jwt_authenticator
JWT authentication primitive.
Definition jwt_authenticator.hpp:45