diff options
| author | mo khan <mo@mokhan.ca> | 2025-07-18 10:52:12 -0600 |
|---|---|---|
| committer | mo khan <mo@mokhan.ca> | 2025-07-18 10:52:12 -0600 |
| commit | c10d21934dfdc89b7f288edb71434731a4223a2c (patch) | |
| tree | dd7afd908ec6760136d09482068b75f15880b0f2 /pkg/authz/init.go | |
| parent | 515ba2e1a3974e4ac9fb993ee7e75a9fdb4e6ddb (diff) | |
refactor: extract type mappings for check service
Diffstat (limited to 'pkg/authz/init.go')
| -rw-r--r-- | pkg/authz/init.go | 58 |
1 files changed, 58 insertions, 0 deletions
diff --git a/pkg/authz/init.go b/pkg/authz/init.go new file mode 100644 index 00000000..3ceb1412 --- /dev/null +++ b/pkg/authz/init.go @@ -0,0 +1,58 @@ +package authz + +import ( + v1 "github.com/authzed/authzed-go/proto/authzed/api/v1" + auth "github.com/envoyproxy/go-control-plane/envoy/service/auth/v3" + "github.com/xlgmokha/x/pkg/log" + "github.com/xlgmokha/x/pkg/mapper" + "github.com/xlgmokha/x/pkg/x" +) + +func init() { + mapper.Register[*auth.CheckRequest, log.Fields](func(r *auth.CheckRequest) log.Fields { + return log.Fields{ + "host": r.Attributes.Request.Http.Host, + "id": r.Attributes.Request.Http.Id, + "method": r.Attributes.Request.Http.Method, + "path": r.Attributes.Request.Http.Path, + "protocol": r.Attributes.Request.Http.Protocol, + "request_id": r.Attributes.Request.Http.Headers["x-request-id"], + "scheme": r.Attributes.Request.Http.Scheme, + "subject": r.Attributes.Request.Http.Headers["x-jwt-claim-username"], + } + }) + + mapper.Register[*auth.CheckRequest, *v1.ObjectReference](func(r *auth.CheckRequest) *v1.ObjectReference { + return &v1.ObjectReference{ + ObjectType: "project", + ObjectId: "1", + } + }) + + mapper.Register[*auth.CheckRequest, *v1.SubjectReference](func(r *auth.CheckRequest) *v1.SubjectReference { + //TODO:: username is not ideal but it works for demo purposes + username := r.Attributes.Request.Http.Headers["x-jwt-claim-username"] + if x.IsZero(username) { + username = "public" + } + + return &v1.SubjectReference{ + Object: &v1.ObjectReference{ + ObjectType: "user", + ObjectId: username, + }, + } + }) + + mapper.Register[*auth.CheckRequest, Permission](func(r *auth.CheckRequest) Permission { + return "read" + }) + + mapper.Register[*auth.CheckRequest, *v1.CheckPermissionRequest](func(r *auth.CheckRequest) *v1.CheckPermissionRequest { + return &v1.CheckPermissionRequest{ + Resource: mapper.MapFrom[*auth.CheckRequest, *v1.ObjectReference](r), + Permission: mapper.MapFrom[*auth.CheckRequest, Permission](r).String(), + Subject: mapper.MapFrom[*auth.CheckRequest, *v1.SubjectReference](r), + } + }) +} |