managment frontend initiated

ApiServices/AuthService/config.py

@@ -22,7 +22,7 @@ class Configs(BaseSettings):
     EMAIL_HOST: str = ""
     DATETIME_FORMAT: str = ""
     FORGOT_LINK: str = ""
-    ALLOW_ORIGINS: list = ["http://localhost:3000"]
+    ALLOW_ORIGINS: list = ["http://localhost:3000", "http://localhost:3001"]
     VERSION: str = "0.1.001"
     DESCRIPTION: str = ""
 

ApiServices/AuthService/endpoints/auth/route.py

@@ -304,7 +304,7 @@ def authentication_token_check_post(
             status_code=status.HTTP_406_NOT_ACCEPTABLE,
             headers=headers,
         )
-    if AuthHandlers.LoginHandler.authentication_check_token_valid(access_token=token):
+    if AuthHandlers.LoginHandler.authentication_check_token_valid(domain=domain,access_token=token):
         return JSONResponse(
             content={"message": "MSG_0001"},
             status_code=status.HTTP_202_ACCEPTED,

ApiServices/AuthService/events/auth/auth.py

@@ -171,8 +171,18 @@ class LoginHandler:
             access_key=data.access_key, db_session=db_session
         )
 
+        other_domains_list, main_domain = [], ""
+        with mongo_handler.collection(f"{str(found_user.related_company)}*Domain") as collection:
+            result = collection.find_one({"user_uu_id": str(found_user.uu_id)})
+            if not result:
+                raise ValueError("EYS_00087")
+            other_domains_list = result.get("other_domains_list", [])
+            main_domain = result.get("main_domain", None)
+            if domain not in other_domains_list or not main_domain:
+                raise ValueError("EYS_00088")
+        
         if not user_handler.check_password_valid(
-            domain=domain or "",
+            domain=main_domain,
             id_=str(found_user.uu_id),
             password=data.password,
             password_hashed=found_user.hash_password,
@@ -233,6 +243,7 @@ class LoginHandler:
             person_id=found_user.person_id,
             person_uu_id=str(person.uu_id),
             request=dict(request.headers),
+            domain_list=other_domains_list,
             companies_uu_id_list=companies_uu_id_list,
             companies_id_list=companies_id_list,
             duty_uu_id_list=duty_uu_id_list,
@@ -286,13 +297,24 @@ class LoginHandler:
         found_user = user_handler.check_user_exists(
             access_key=data.access_key, db_session=db_session
         )
+        other_domains_list, main_domain = [], ""
+        with mongo_handler.collection(f"{str(found_user.related_company)}*Domain") as collection:
+            result = collection.find_one({"user_uu_id": str(found_user.uu_id)})
+            if not result:
+                raise ValueError("EYS_00087")
+            other_domains_list = result.get("other_domains_list", [])
+            main_domain = result.get("main_domain", None)
+            if domain not in other_domains_list or not main_domain:
+                raise ValueError("EYS_00088")
+
         if not user_handler.check_password_valid(
-            domain=domain,
+            domain=main_domain,
             id_=str(found_user.uu_id),
             password=data.password,
             password_hashed=found_user.hash_password,
         ):
             raise ValueError("EYS_0005")
+        
 
         occupants_selection_dict: Dict[str, Any] = {}
         living_spaces: list[BuildLivingSpace] = BuildLivingSpace.filter_all(
@@ -343,6 +365,7 @@ class LoginHandler:
                 user_id=found_user.id,
                 person_id=person.id,
                 person_uu_id=str(person.uu_id),
+                domain_list=other_domains_list,
                 request=dict(request.headers),
                 available_occupants=occupants_selection_dict,
             ).model_dump()
@@ -606,10 +629,17 @@ class LoginHandler:
             )
 
     @classmethod
-    def authentication_check_token_valid(cls, access_token: str) -> bool:
+    def authentication_check_token_valid(cls, domain, access_token: str) -> bool:
         redis_handler = RedisHandlers()
-        if redis_handler.get_object_from_redis(access_token=access_token):
-            return True
+        if auth_token := redis_handler.get_object_from_redis(access_token=access_token):
+            if auth_token.is_employee:
+                if domain not in auth_token.domain_list:
+                    raise ValueError("EYS_00112")
+                return True
+            elif auth_token.is_occupant:
+                if domain not in auth_token.domain_list:
+                    raise ValueError("EYS_00113")
+                return True
         return False
 
 

ApiServices/AuthService/middlewares/token_middleware.py

@@ -5,6 +5,7 @@ from ..config import api_config
 
 
 async def token_middleware(request: Request, call_next):
+    print("Token Middleware", dict(request.headers))
     base_url = request.url.path
     safe_endpoints = [_[0] for _ in get_safe_endpoint_urls()]
     if base_url in safe_endpoints:

ApiServices/AuthService/validations/custom/token.py

@@ -35,6 +35,7 @@ class ApplicationToken(BaseModel):
     person_uu_id: str
 
     request: Optional[dict] = None  # Request Info of Client
+    domain_list: Optional[list[str]] = None
     expires_at: Optional[float] = None  # Expiry timestamp