New admin endpoint to delete data (#359)

user/domain/domain.go

@@ -556,3 +556,17 @@ func (domain *Domain) CacheReadToken(ctx context.Context, token string) (string,
 
 	return email, nil
 }
+
+func (domain *Domain) DeleteTenantData(tenantID string) error {
+	keys, err := domain.store.List(store.ListPrefix(getStoreKeyPrefixForTenent(tenantID)))
+	if err != nil {
+		return err
+	}
+	for _, k := range keys {
+		if err := domain.store.Delete(k); err != nil {
+			return err
+		}
+	}
+	logger.Infof("Deleted %d keys for user %s", len(keys), tenantID)
+	return nil
+}

user/domain/store_key.go

@@ -14,9 +14,13 @@ func getStoreKeyPrefix(ctx context.Context) string {
 		tenantId = "micro"
 	}
 
-	tenantId = strings.Replace(strings.Replace(tenantId, "/", "_", -1), "-", "_", -1)
+	return getStoreKeyPrefixForTenent(tenantId)
+}
 
-	return fmt.Sprintf("user/%s/", tenantId)
+func getStoreKeyPrefixForTenent(tenantID string) string {
+	tid := strings.Replace(strings.Replace(tenantID, "/", "_", -1), "-", "_", -1)
+
+	return fmt.Sprintf("user/%s/", tid)
 }
 
 func generateAccountStoreKey(ctx context.Context, userId string) string {

user/handler/handler.go

@@ -1,7 +1,7 @@
 package handler
 
 import (
-	goctx "context"
+	"context"
 	"crypto/rand"
 	"encoding/base64"
 	"fmt"
@@ -10,11 +10,12 @@ import (
 	"time"
 
 	"github.com/google/uuid"
+	"github.com/micro/micro/v3/service/auth"
 	"github.com/micro/micro/v3/service/errors"
 	"github.com/micro/micro/v3/service/logger"
 	"github.com/micro/micro/v3/service/store"
+	adminpb "github.com/micro/services/pkg/service/proto"
 	"golang.org/x/crypto/bcrypt"
-	"golang.org/x/net/context"
 
 	otp "github.com/micro/services/otp/proto"
 	"github.com/micro/services/user/domain"
@@ -408,7 +409,7 @@ func (s *User) ResetPassword(ctx context.Context, req *pb.ResetPasswordRequest,
 	return nil
 }
 
-func (s *User) List(ctx goctx.Context, request *pb.ListRequest, response *pb.ListResponse) error {
+func (s *User) List(ctx context.Context, request *pb.ListRequest, response *pb.ListResponse) error {
 	accs, err := s.domain.List(ctx, request.Offset, request.Limit)
 	if err != nil && err != domain.ErrNotFound {
 		return errors.InternalServerError("user.List", "Error retrieving user list")
@@ -507,3 +508,40 @@ func (s *User) VerifyToken(ctx context.Context, req *pb.VerifyTokenRequest, rsp
 
 	return nil
 }
+
+func (s *User) DeleteData(ctx context.Context, request *adminpb.DeleteDataRequest, response *adminpb.DeleteDataResponse) error {
+	if _, err := verifyMicroAdmin(ctx, "user.DeleteData"); err != nil {
+		return err
+	}
+
+	if len(request.TenantId) == 0 {
+		return errors.BadRequest("user.DeleteData", "Missing tenant ID")
+	}
+	return s.domain.DeleteTenantData(request.TenantId)
+}
+
+func verifyMicroAdmin(ctx context.Context, method string) (*auth.Account, error) {
+	acc, ok := auth.AccountFromContext(ctx)
+	if !ok {
+		return nil, errors.Unauthorized(method, "Unauthorized")
+	}
+	if err := doVerifyMicroAdmin(acc, method); err != nil {
+		return nil, err
+	}
+	return acc, nil
+}
+
+func doVerifyMicroAdmin(acc *auth.Account, method string) error {
+	errForbid := errors.Forbidden(method, "Forbidden")
+	if acc.Issuer != "micro" {
+		return errForbid
+	}
+
+	for _, s := range acc.Scopes {
+		if (s == "admin" && acc.Type == "user") || (s == "service" && acc.Type == "service") {
+			return nil
+		}
+	}
+	return errForbid
+
+}

user/main.go

@@ -6,6 +6,7 @@ import (
 	"github.com/micro/micro/v3/service/store"
 
 	otp "github.com/micro/services/otp/proto"
+	adminpb "github.com/micro/services/pkg/service/proto"
 	"github.com/micro/services/pkg/tracing"
 	"github.com/micro/services/user/handler"
 	proto "github.com/micro/services/user/proto"
@@ -23,6 +24,7 @@ func main() {
 	)
 
 	proto.RegisterUserHandler(srv.Server(), hd)
+	adminpb.RegisterAdminHandler(srv.Server(), hd)
 	traceCloser := tracing.SetupOpentracing("user")
 	defer traceCloser.Close()