diff options
| author | mo khan <mo@mokhan.ca> | 2025-07-04 17:44:34 -0600 |
|---|---|---|
| committer | mo khan <mo@mokhan.ca> | 2025-07-04 17:44:34 -0600 |
| commit | e821b395783f2494f48ad941c606bec615e3b44e (patch) | |
| tree | 1432723b38f979f1bd73a82bc0e16eb972654e32 /src/authorization | |
| parent | c27093125aed8434c16655af7e7f415d84859dc7 (diff) | |
refactor: extract method to convert http request to cedar context
Diffstat (limited to 'src/authorization')
| -rw-r--r-- | src/authorization/cedar_authorizer.rs | 26 |
1 files changed, 16 insertions, 10 deletions
diff --git a/src/authorization/cedar_authorizer.rs b/src/authorization/cedar_authorizer.rs index 4eeaf645..e56640f9 100644 --- a/src/authorization/cedar_authorizer.rs +++ b/src/authorization/cedar_authorizer.rs @@ -111,12 +111,6 @@ impl CedarAuthorizer { &self, http_request: envoy_types::pb::envoy::service::auth::v3::attribute_context::HttpRequest, ) -> Result<CedarRequest, Box<dyn std::error::Error>> { - let headers = &http_request.headers; - let bearer_token = headers - .get("authorization") - .and_then(|auth| auth.strip_prefix("Bearer ")) - .unwrap_or(""); - // Create principal entity let principal_id = EntityId::from_str("client")?; let principal_type = EntityTypeName::from_str("User")?; @@ -132,7 +126,22 @@ impl CedarAuthorizer { let resource_type = EntityTypeName::from_str("Resource")?; let resource = EntityUid::from_type_name_and_id(resource_type, resource_id); + let context = self.context_from(http_request); + CedarRequest::new(principal, action, resource, context?, None) + .map_err(|e| Box::new(e) as Box<dyn std::error::Error>) + } + + fn context_from( + &self, + http_request: envoy_types::pb::envoy::service::auth::v3::attribute_context::HttpRequest, + ) -> Result<cedar_policy::Context, cedar_policy::ContextCreationError> { let mut context_map = std::collections::HashMap::new(); + + let headers = &http_request.headers; + let bearer_token = headers + .get("authorization") + .and_then(|auth| auth.strip_prefix("Bearer ")) + .unwrap_or(""); if !bearer_token.is_empty() { context_map.insert( "bearer_token".to_string(), @@ -146,9 +155,6 @@ impl CedarAuthorizer { ); } - let context = Context::from_pairs(context_map.into_iter().collect::<Vec<_>>())?; - - CedarRequest::new(principal, action, resource, context, None) - .map_err(|e| Box::new(e) as Box<dyn std::error::Error>) + Context::from_pairs(context_map.into_iter().collect::<Vec<_>>()) } } |