adding target to app token

net/server/internal/api_getProfile.go

@@ -6,7 +6,7 @@ import (
 
 func GetProfile(w http.ResponseWriter, r *http.Request) {
 
-  account, code, err := BearerAppToken(r, true);
+  account, code, err := BearerAppyToken(r, true);
   if err != nil {
     ErrResponse(w, code, err)
     return

net/server/internal/api_setProfile.go

@@ -8,7 +8,7 @@ import (
 
 func SetProfile(w http.ResponseWriter, r *http.Request) {
 
-  account, code, err := BearerAppToken(r, true);
+  account, code, err := BearerAppyToken(r, true);
   if err != nil {
     ErrResponse(w, code, err)
     return

net/server/internal/authUtil.go

@@ -115,8 +115,44 @@ func BearerAppToken(r *http.Request, detail bool) (*store.Account, int, error) {
   return &app.Account, http.StatusOK, nil
 }
 
+func BearerAppyToken(r *http.Request, detail bool) (*store.Account, int, error) {
+
+  // parse bearer authentication
+  auth := r.Header.Get("Authorization")
+  token := strings.TrimSpace(strings.TrimPrefix(auth, "Bearer"))
+  target, access, err := ParseToken(token)
+  if err != nil {
+    return nil, http.StatusBadRequest, err
+  }
+
+  // find token record
+  var app store.App
+  if detail {
+    if err := store.DB.Preload("Account.AccountDetail").Where("account_id = ? AND token = ?", target, access).First(&app).Error; err != nil {
+      if errors.Is(err, gorm.ErrRecordNotFound) {
+        return nil, http.StatusNotFound, err
+      } else {
+        return nil, http.StatusInternalServerError, err
+      }
+    }
+  } else {
+    if err := store.DB.Preload("Account").Where("token = ?", token).First(&app).Error; err != nil {
+      if errors.Is(err, gorm.ErrRecordNotFound) {
+        return nil, http.StatusNotFound, err
+      } else {
+        return nil, http.StatusInternalServerError, err
+      }
+    }
+  }
+  if app.Account.Disabled {
+    return nil, http.StatusGone, errors.New("account is inactive")
+  }
+
+  return &app.Account, http.StatusOK, nil
+}
+
 func ParseToken(token string) (string, string, error) {
-  split := strings.Split(token, ":")
+  split := strings.Split(token, ".")
   if len(split) != 2 {
     return "", "", errors.New("invalid token format")
   }

net/server/internal/main_test.go

@@ -7,7 +7,7 @@ import (
 
 func TestMain(m *testing.M) {
 
-  SetHideLog(true)
+//  SetHideLog(true)
   SetKeySize(2048)
   store.SetPath("file::memory:?cache=shared");
   //store.SetPath("databag.db");

net/server/internal/ucAttachApp_test.go

@@ -22,7 +22,8 @@ func TestAttachAccount(t *testing.T) {
   SetBearerAuth(r, account);
   SetCredentials(r, "attachapp:pass")
   AddAccount(w, r)
-  assert.NoError(t, ReadResponse(w, nil))
+  var profile Profile
+  assert.NoError(t, ReadResponse(w, &profile))
 
   // acquire new token for attaching app
   r, w, _ = NewRequest("POST", "/account/apps", nil)
@@ -79,15 +80,14 @@ func TestAttachAccount(t *testing.T) {
     Description: "databaggerr",
   };
   r, w, _ = NewRequest("PUT", "/profile/data", &profileData)
-  SetBearerAuth(r, access)
+  SetBearerAuth(r, profile.Guid + "." + access)
   SetProfile(w, r)
   assert.NoError(t, ReadResponse(w, nil))
 
   // get profile
   r, w, _ = NewRequest("GET", "/profile", nil)
-  SetBearerAuth(r, access)
+  SetBearerAuth(r, profile.Guid + "." + access)
   GetProfile(w, r)
-  var profile Profile
   assert.NoError(t, ReadResponse(w, &profile))
   assert.Equal(t, guid, profile.Guid)
   assert.Equal(t, "attachapp", profile.Handle)