diff options
Diffstat (limited to 'pkg/authz/cedar.go')
| -rw-r--r-- | pkg/authz/cedar.go | 34 |
1 files changed, 0 insertions, 34 deletions
diff --git a/pkg/authz/cedar.go b/pkg/authz/cedar.go deleted file mode 100644 index 18674c74..00000000 --- a/pkg/authz/cedar.go +++ /dev/null @@ -1,34 +0,0 @@ -package authz - -import ( - "net" - "net/http" - - cedar "github.com/cedar-policy/cedar-go" - "github.com/xlgmokha/x/pkg/log" - "gitlab.com/mokhax/spike/pkg/gid" - "gitlab.com/mokhax/spike/pkg/policies" -) - -func WithCedar() Authorizer { - return AuthorizerFunc(func(r *http.Request) bool { - host, _, err := net.SplitHostPort(r.Host) - if err != nil { - log.WithFields(r.Context(), log.Fields{"error": err}) - return false - } - subject, found := TokenFrom(r).Subject() - if !found { - subject = "gid://example/User/*" - } - - return policies.Allowed(cedar.Request{ - Principal: gid.NewEntityUID(subject), - Action: cedar.NewEntityUID("HttpMethod", cedar.String(r.Method)), - Resource: cedar.NewEntityUID("HttpPath", cedar.String(r.URL.Path)), - Context: cedar.NewRecord(cedar.RecordMap{ - "host": cedar.String(host), - }), - }) - }) -} |