refactor: extract authz interface to test out different PaC libraries

1 files changed, 54 insertions, 44 deletions

diff --git a/bin/api b/bin/api
index dbec0d93..0260cd79 100755
--- a/bin/api
+++ b/bin/api
@@ -27,20 +27,10 @@ $scheme = ENV.fetch("SCHEME", "http")
 $port = ENV.fetch("PORT", 8284).to_i
 $host = ENV.fetch("HOST", "localhost:#{$port}")
 
-class Organization
-  def initialize(attributes = {})
-    @attributes = attributes
-  end
-
-  def id
-    @attributes[:id]
-  end
-end
-
-class Project
+class Entity
   class << self
     def all
-      @projects ||= []
+      @items ||= []
     end
 
     def create!(attributes)
@@ -54,47 +44,32 @@ class Project
     @attributes = attributes
   end
 
-  def to_h
-    @attributes
+  def id
+    self[:id]
   end
-end
 
-class API
-  attr_reader :rpc
+  def [](attribute)
+    @attributes.fetch(attribute)
+  end
 
-  def initialize
-    @rpc = ::Authx::Rpc::AbilityClient.new("http://idp.example.com:8080/twirp")
+  def to_h
+    @attributes
   end
+end
 
-  def call(env)
-    request = Rack::Request.new(env)
-    path = env['PATH_INFO']
-    case env['REQUEST_METHOD']
-    when 'GET'
-      case path
-      when '/projects.json'
-        return json_ok(Project.all.map(&:to_h))
-      else
-        return json_not_found
-      end
-    when 'POST'
-      case path
-      when "/projects"
-        if authorized?(request, :create_project)
-          return json_created(Project.create!(JSON.parse(request.body.read, symbolize_names: true)))
-        else
-          return json_unauthorized(:create_project)
-        end
-      else
-        return json_not_found
-      end
+class Organization < Entity
+  class << self
+    def default
+      @default ||= create!(id: SecureRandom.uuid)
     end
-    json_not_found
   end
+end
 
-  private
+class Project < Entity
+end
 
-  def authorized?(request, permission, resource = Organization.new(id: 1))
+module HTTPHelpers
+  def authorized?(request, permission, resource)
     authorization = Rack::Auth::AbstractRequest.new(request.env)
     return false unless authorization.provided?
 
@@ -136,6 +111,41 @@ class API
   end
 end
 
+class API
+  include HTTPHelpers
+
+  attr_reader :rpc
+
+  def initialize
+    @rpc = ::Authx::Rpc::AbilityClient.new("http://idp.example.com:8080/twirp")
+  end
+
+  def call(env)
+    request = Rack::Request.new(env)
+    case request.request_method
+    when Rack::GET
+      case request.path
+      when "/organizations", "/organizations.json"
+        return json_ok(Organization.all.map(&:to_h))
+      when "/projects", "/projects.json"
+        return json_ok(Project.all.map(&:to_h))
+      end
+    when Rack::POST
+      case request.path
+      when "/projects", "/projects.json"
+        if authorized?(request, :create_project, Organization.default)
+          return json_created(Project.create!(JSON.parse(request.body.read, symbolize_names: true)))
+        else
+          return json_unauthorized(:create_project)
+        end
+      end
+    end
+    json_not_found
+  end
+
+  private
+end
+
 if __FILE__ == $0
   app = Rack::Builder.new do
     use Rack::CommonLogger