🔊 Add verbose permission logging

.idea/workspace.xml

@@ -4,10 +4,10 @@
     <option name="autoReloadType" value="ALL" />
   </component>
   <component name="ChangeListManager">
-    <list default="true" id="3fefb2c4-b6f9-466b-a523-53352e8d6f95" name="更改" comment=":bug: Fix get user grpc method didn't extend group's permission">
+    <list default="true" id="3fefb2c4-b6f9-466b-a523-53352e8d6f95" name="更改" comment=":bug: Fix unable get user full perm node">
       <change beforePath="$PROJECT_DIR$/.idea/workspace.xml" beforeDir="false" afterPath="$PROJECT_DIR$/.idea/workspace.xml" afterDir="false" />
       <change beforePath="$PROJECT_DIR$/pkg/internal/grpc/auth.go" beforeDir="false" afterPath="$PROJECT_DIR$/pkg/internal/grpc/auth.go" afterDir="false" />
-      <change beforePath="$PROJECT_DIR$/pkg/internal/grpc/user.go" beforeDir="false" afterPath="$PROJECT_DIR$/pkg/internal/grpc/user.go" afterDir="false" />
+      <change beforePath="$PROJECT_DIR$/pkg/internal/services/auth.go" beforeDir="false" afterPath="$PROJECT_DIR$/pkg/internal/services/auth.go" afterDir="false" />
     </list>
     <option name="SHOW_DIALOG" value="false" />
     <option name="HIGHLIGHT_CONFLICTS" value="true" />
@@ -160,7 +160,6 @@
   </component>
   <component name="VcsManagerConfiguration">
     <option name="CHECK_CODE_SMELLS_BEFORE_PROJECT_COMMIT" value="false" />
-    <MESSAGE value=":bug: Fix check perm panic" />
     <MESSAGE value=":bug: Refresh token bug" />
     <MESSAGE value=":truck: Auth kit and parser of nexus userinfo token" />
     <MESSAGE value="Revert &quot;:recycle: Move models.Account to sec.UserInfo&quot;&#10;&#10;This reverts commit 8fbb7960" />
@@ -185,7 +184,8 @@
     <MESSAGE value=":bug: Fix notification push batch emitted twice" />
     <MESSAGE value=":sparkles: Support jwks.json according OIDC stranded" />
     <MESSAGE value=":bug: Fix get user grpc method didn't extend group's permission" />
-    <option name="LAST_COMMIT_MESSAGE" value=":bug: Fix get user grpc method didn't extend group's permission" />
+    <MESSAGE value=":bug: Fix unable get user full perm node" />
+    <option name="LAST_COMMIT_MESSAGE" value=":bug: Fix unable get user full perm node" />
     <option name="GROUP_MULTIFILE_MERGE_BY_DIRECTORY" value="true" />
   </component>
   <component name="VgoProject">

pkg/internal/grpc/auth.go

@@ -4,6 +4,7 @@ import (
 	"context"
 	"git.solsynth.dev/hypernet/nexus/pkg/nex"
 	"git.solsynth.dev/hypernet/passport/pkg/authkit/models"
+	"github.com/rs/zerolog/log"
 
 	"git.solsynth.dev/hypernet/passport/pkg/internal/services"
 	jsoniter "github.com/json-iterator/go"
@@ -13,13 +14,13 @@ import (
 
 func (v *App) Authenticate(_ context.Context, in *proto.AuthRequest) (*proto.AuthReply, error) {
 	ticket, perms, err := services.Authenticate(uint(in.GetSessionId()))
+	log.Debug().Uint64("session", in.GetSessionId()).Any("permissions", perms).Msg("Authenticated session...")
 	if err != nil {
 		return &proto.AuthReply{
 			IsValid: false,
 		}, nil
 	} else {
 		user := ticket.Account
-		user.PermNodes = perms
 		userinfo := &proto.UserInfo{
 			Id:        uint64(user.ID),
 			Name:      user.Name,

pkg/internal/services/auth.go

@@ -24,6 +24,7 @@ func Authenticate(sessionId uint) (ctx models.AuthTicket, perms map[string]any,
 		_ = jsoniter.Unmarshal(rawHeldPerms, &heldPerms)
 
 		perms = FilterPermNodes(heldPerms, ctx.Claims)
+		ctx.Account.PermNodes = perms
 		return
 	}
 
@@ -45,7 +46,6 @@ func GetAuthContext(sessionId uint) (models.AuthTicket, error) {
 	key := GetAuthContextCacheKey(sessionId)
 	if val, err := marshal.Get(context.Background(), key, new(models.AuthTicket)); err == nil {
 		ctx = *val.(*models.AuthTicket)
-		// log.Debug().Uint("session", sessionId).Msg("Hint auth context cache once")
 	} else {
 		ctx, err = CacheAuthContext(sessionId)
 		log.Debug().Uint("session", sessionId).Msg("Created a new auth context cache")