refactor: extract authz interface to test out different PaC libraries

1 files changed, 31 insertions, 5 deletions

diff --git a/cmd/gtwy/main.go b/cmd/gtwy/main.go
index 1e9d3a39..0da2ea88 100644
--- a/cmd/gtwy/main.go
+++ b/cmd/gtwy/main.go
@@ -1,23 +1,49 @@
 package main
 
 import (
+	"fmt"
 	"log"
+	"net"
 	"net/http"
 
+	"github.com/casbin/casbin/v2"
 	"github.com/xlgmokha/x/pkg/env"
+	"github.com/xlgmokha/x/pkg/x"
+	"gitlab.com/mokhax/spike/pkg/authz"
 	"gitlab.com/mokhax/spike/pkg/cfg"
 	"gitlab.com/mokhax/spike/pkg/prxy"
 	"gitlab.com/mokhax/spike/pkg/srv"
 )
 
+func WithCasbin() authz.Authorizer {
+	enforcer := x.Must(casbin.NewEnforcer("model.conf", "policy.csv"))
+
+	return authz.AuthorizerFunc(func(r *http.Request) bool {
+		host, _, err := net.SplitHostPort(r.Host)
+		if err != nil {
+			return false
+		}
+
+		subject := "71cbc18e-bd41-4229-9ad2-749546a2a4a7" // TODO:: unpack sub claim in JWT
+		ok, err := enforcer.Enforce(subject, host, r.Method, r.URL.Path)
+		if err != nil {
+			fmt.Printf("%v\n", err)
+			return false
+		}
+
+		fmt.Printf("%v: %v %v %v\n", ok, r.Method, host, r.URL.Path)
+		return ok
+	})
+}
+
 func WithRoutes() cfg.Option {
 	return func(c *cfg.Config) {
 		mux := http.NewServeMux()
-		mux.Handle("/", prxy.New(map[string]string{
-			"idp.example.com": "localhost:8282",
-			"ui.example.com":  "localhost:8283",
-			"api.example.com": "localhost:8284",
-		}))
+		mux.Handle("/", authz.HTTP(WithCasbin(), prxy.New(map[string]string{
+			"idp.example.com": "http://localhost:8282",
+			"ui.example.com":  "http://localhost:8283",
+			"api.example.com": "http://localhost:8284",
+		})))
 
 		cfg.WithMux(mux)(c)
 	}