refactor: overhaul token management system with optimized architecture

- Replace api_token_manager.go with new modular token services
- Add TokenController for centralized token endpoint handling
- Implement optimized BrankaToken service with comprehensive tests
- Add ProjectTokenManager for improved project-level token management
- Streamline authentication controller by removing redundant token logic
- Enhance GraphQL resolver with simplified token mutation handling
- Update models for better token structure and validation
- Refactor router configuration for new token endpoints
- Clean up system schema definitions and object models
- Minor fixes in CORS middleware and Dockerfile optimization

This refactor significantly reduces code complexity (764 deletions, 195 insertions)
while improving token management performance and maintainability.

Author: sh0umik

Dockerfile

@@ -59,7 +59,6 @@ WORKDIR /app
 COPY --from=builder /build/engine .
 
 # Copy required directories with proper ownership
-COPY --chown=apito:apito plugins ./plugins/
 COPY --chown=apito:apito keys ./keys/
 
 # Make binary executable

controller/auth_controller.go

@@ -11,7 +11,6 @@ import (
 	ae "github.com/apito-io/engine/err"
 	"github.com/apito-io/engine/models"
 	"github.com/apito-io/engine/resolver"
-	"github.com/apito-io/engine/services"
 	"github.com/apito-io/engine/utility"
 	"github.com/getsentry/sentry-go"
 	"github.com/ilyakaznacheev/cleanenv"
@@ -248,135 +247,6 @@ func (a *authCtrl) errorHandler(router echo.Context, response *models.HttpRespon
 }
 
 
-func (a *authCtrl) GenerateAPIKey(c echo.Context) error {
-
-	var req map[string]interface{}
-	if err := c.Bind(&req); err != nil {
-		return c.JSON(http.StatusBadRequest, &models.HttpResponse{
-			Message: err.Error(),
-			Code:    http.StatusBadRequest,
-		})
-	}
-
-	var tenantID string
-	if _, ok := req["tenant_id"]; ok {
-		tenantID = req["tenant_id"].(string)
-	}
-
-	userID := c.Get("user")
-	if userID == nil {
-		return c.JSON(http.StatusBadRequest, &models.HttpResponse{
-			Message: "user is missing in the token payload",
-			Code:    http.StatusBadRequest,
-		})
-	}
-
-	projectID := c.Get("project_id")
-	if projectID == nil {
-		return c.JSON(http.StatusBadRequest, &models.HttpResponse{
-			Message: "You have to switch to a project in order for this to work",
-			Code:    http.StatusBadRequest,
-		})
-	}
-
-	ctx := c.Request().Context()
-
-	t := services.GetBrankaToken(a.Cfg, a.graphQLServer.SystemDriver)
-
-	apiKey, err := t.GenerateAPIKey(ctx, userID.(string), projectID.(string), tenantID, "api_key", time.Now().Add(time.Hour*24*30).Unix())
-	if err != nil {
-		return c.JSON(http.StatusBadRequest, &models.HttpResponse{
-			Message: err.Error(),
-			Code:    http.StatusBadRequest,
-		})
-	}
-
-	return c.JSON(http.StatusOK, &models.HttpResponse{
-		Token: *apiKey,
-		Code:  http.StatusOK,
-	})
-}
-
-func (a *authCtrl) SyncProject(c echo.Context) error {
-
-	type SyncProjectRequest struct {
-		Token   string          `json:"token"`
-		Project *models.Project `json:"project"`
-	}
-
-	var req SyncProjectRequest
-	if err := c.Bind(&req); err != nil {
-		return c.JSON(http.StatusBadRequest, &models.HttpResponse{
-			Message: "Bad boy, Jason ...",
-			Code:    http.StatusBadRequest,
-		})
-	}
-
-	if req.Token == "" {
-		return c.JSON(http.StatusBadRequest, &models.HttpResponse{
-			Message: "token is missing",
-			Code:    http.StatusBadRequest,
-		})
-	}
-
-	if req.Project == nil {
-		return c.JSON(http.StatusBadRequest, &models.HttpResponse{
-			Message: "project is missing",
-			Code:    http.StatusBadRequest,
-		})
-	}
-
-	if req.Project.Schema == nil {
-		return c.JSON(http.StatusBadRequest, &models.HttpResponse{
-			Message: "project does not contain any model. Nothing to sync",
-			Code:    http.StatusBadRequest,
-		})
-	}
-
-	userId := c.Get("user")
-	if userId == nil {
-		return c.JSON(http.StatusBadRequest, &models.HttpResponse{
-			Message: "user is missing in the token payload",
-			Code:    http.StatusBadRequest,
-		})
-	}
-
-	ctx := c.Request().Context()
-
-	t := services.GetBrankaToken(a.Cfg, a.graphQLServer.SystemDriver)
-
-	decodedToken, err := t.Validate(ctx, req.Token)
-	if err != nil {
-		return c.JSON(http.StatusBadRequest, &models.HttpResponse{
-			Message: err.Error(),
-			Code:    http.StatusBadRequest,
-		})
-	}
-
-	if decodedToken.UserID != userId {
-		return c.JSON(http.StatusBadRequest, &models.HttpResponse{
-			Message: "token is invalid",
-			Code:    http.StatusBadRequest,
-		})
-	}
-
-	if req.Project.SyncedProperty != nil {
-		// check
-	} else {
-		req.Project.SyncedProperty = &models.SyncProject{
-			ProjectID:       req.Project.ID,
-			SyncedTokenUsed: req.Token,
-			LocalProjectID:  req.Project.ID,
-			LastSyncedAt:    utility.GetCurrentTime(),
-		}
-	}
-
-	return c.JSON(http.StatusOK, &models.HttpResponse{
-		Body: req.Project.SyncedProperty,
-		Code: http.StatusOK,
-	})
-}
-
 func (a *authCtrl) ProjectSwitchV2(c echo.Context) error {
 	var req *models.ProjectCreateRequest
 	if err := c.Bind(&req); err != nil {

controller/graph_controller.go

@@ -477,6 +477,13 @@ func (g *GraphCtrl) PublicGraphQL(i echo.Context) error {
 		})
 	}
 
+	if req.Query == "" {
+		return i.JSON(http.StatusBadRequest, &models.HttpResponse{
+			Message: "Query can not be empty!",
+			Code:    http.StatusBadRequest,
+		})
+	}
+
 	/*fmt.Println(fmt.Sprintf("req %s", req.Query))
 	_var, _ := json.Marshal(req.Variables)
 	fmt.Println(fmt.Sprintf("variable %s", string(_var)))*/
@@ -652,6 +659,30 @@ func (g *GraphCtrl) GetSystemCacheInfo(i echo.Context) error {
 	})
 }
 
+func (g *GraphCtrl) SystemHealth(c echo.Context) error {
+
+	userId := c.Get("user")
+	if userId == nil {
+		return c.JSON(http.StatusBadRequest, &models.HttpResponse{
+			Message: "user is missing in the token payload",
+			Code:    http.StatusBadRequest,
+		})
+	}
+
+	if userId.(string) == "" {
+		return c.JSON(http.StatusBadRequest, &models.HttpResponse{
+			Message: "system health check is only allowed for authenticated users",
+			Code:    http.StatusBadRequest,
+		})
+	}
+
+	return c.JSON(http.StatusOK, map[string]interface{}{
+		"success": true,
+		"message": "System is healthy",
+		"version": "v2.0.0",
+	})
+}
+
 func (g *GraphCtrl) SystemGraphQL(i echo.Context) error {
 
 	var req models.GraphQLIncomingRequest