feat: PAT authentication chain, token validation, and error handling by AmanGIT07 · Pull Request #1442

feat: PAT authentication chain, token validation, and error handling by AmanGIT07 · Pull Request #1442 · raystack/frontier

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

@coderabbitai resume to resume automatic reviews.
@coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

▶️ Resume reviews
🔍 Trigger review

📝 Walkthrough

Walkthrough

Adds Personal Access Token (PAT) support across authentication, PAT validation, models, repository, service, API handlers, session interceptor, mocks, and wiring; shifts PAT types to core/userpat/models and introduces PAT-specific errors and authenticators.

Changes

Cohort / File(s)	Summary
Authenticate core & authenticators `core/authenticate/authenticate.go`, `core/authenticate/authenticators.go`, `core/authenticate/service.go`, `core/authenticate/errors.go`, `core/authenticate/mocks/user_pat_service.go`, `core/authenticate/service_test.go`	Add PAT client assertion and Principal.PAT; introduce AuthenticatorFunc registry and errSkip; add UserPATService dependency to Service and generated mock; refactor GetPrincipal to iterate authenticators; update tests for constructor signature.
UserPAT domain (models, errors, validator, service, tests) `core/userpat/models/pat.go`, `core/userpat/errors/errors.go`, `core/userpat/validator.go`, `core/userpat/validator_test.go`, `core/userpat/service.go`, `core/userpat/service_test.go`, `core/userpat/userpat.go`	Move PAT type to `core/userpat/models`; add/rename PAT errors (ErrInvalidPAT, ErrMalformedPAT); add Validator for decoding, hashing, lookup, expiry and last-used update; update service to use patmodels/paterrors and adjust signatures and tests.
UserPAT mocks & Postgres storage `core/userpat/mocks/repository.go`, `internal/store/postgres/userpat.go`, `internal/store/postgres/userpat_repository.go`, `internal/store/postgres/userpat_repository_test.go`	Update mocks and storage to use `models.PAT`; add repository methods `GetBySecretHash` and `UpdateLastUsedAt`; adjust SQL, error mappings to paterrors and tests; update transform/return types.
API surface, handlers & tests `internal/api/v1beta1connect/interfaces.go`, `internal/api/v1beta1connect/mocks/user_pat_service.go`, `internal/api/v1beta1connect/user_pat.go`, `internal/api/v1beta1connect/user_pat_test.go`, `internal/api/v1beta1connect/authenticate.go`, `internal/api/v1beta1connect/organization.go`	Change UserPATService.Create to return `models.PAT` and update mocks; map PAT errors (malformed, not found, expired, disabled) to unauthenticated in GetLoggedInPrincipal; switch handlers/tests to paterrors/models.PAT; handle relation.ErrSubjectNotAllowed in org creation error path.
Session interceptor & server wiring `pkg/server/connect_interceptors/session.go`, `pkg/server/server.go`, `cmd/serve.go`	Extend SessionInterceptor API to accept PAT config and propagate PAT-prefixed tokens in gateway headers; update server and cmd wiring to pass cfg.PAT into the interceptor.

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Possibly related PRs

feat: CreateCurrentUserPAT RPC implementation #1401: Implements and wires Personal Access Token (PAT) support across authenticators, userpat domain, repository, validator, API handlers, and server wiring.

Suggested reviewers

rohilsurana
rsbh

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

_{Comment @coderabbitai help to get the list of available commands and usage tips.}