1 files changed, 38 insertions, 14 deletions

diff --git a/src/authorization.rs b/src/authorization.rs
index 279f62cc..d86e8938 100644
--- a/src/authorization.rs
+++ b/src/authorization.rs
@@ -2,34 +2,58 @@ use envoy_types::ext_authz::v3::CheckResponseExt;
 use envoy_types::ext_authz::v3::pb::{CheckRequest, CheckResponse};
 use tonic::{Request, Response, Status};
 
-#[derive(Debug, Default)]
-pub struct CheckService;
+trait Authorizer {
+    fn authorize(&self, request: CheckRequest) -> bool;
+}
 
-#[tonic::async_trait]
-impl envoy_types::ext_authz::v3::pb::Authorization for CheckService {
-    async fn check(
-        &self,
-        request: Request<CheckRequest>,
-    ) -> Result<Response<CheckResponse>, Status> {
-        let request = request.into_inner();
+struct CedarAuthorizer {}
 
+impl CedarAuthorizer {
+    fn new() -> CedarAuthorizer {
+        return CedarAuthorizer {};
+    }
+}
+
+impl Authorizer for CedarAuthorizer {
+    fn authorize(&self, request: CheckRequest) -> bool {
         let client_headers = request
             .attributes
             .as_ref()
             .and_then(|attr| attr.request.as_ref())
             .and_then(|req| req.http.as_ref())
             .map(|http| &http.headers)
-            .ok_or_else(|| Status::invalid_argument("client headers not populated by envoy"))?;
-
-        let mut request_status = Status::unauthenticated("not authorized");
+            .ok_or_else(|| Status::invalid_argument("client headers not populated by envoy"))
+            .unwrap();
 
         if let Some(authorization) = client_headers.get("authorization") {
             if authorization == "Bearer valid-token" {
-                request_status = Status::ok("request is valid");
+                return true;
             }
         }
 
-        Ok(Response::new(CheckResponse::with_status(request_status)))
+        return false;
+    }
+}
+
+#[derive(Debug, Default)]
+pub struct CheckService;
+
+#[tonic::async_trait]
+impl envoy_types::ext_authz::v3::pb::Authorization for CheckService {
+    async fn check(
+        &self,
+        request: Request<CheckRequest>,
+    ) -> Result<Response<CheckResponse>, Status> {
+        let request = request.into_inner();
+
+        let authorizer = CedarAuthorizer::new();
+        if authorizer.authorize(request) {
+            return Ok(Response::new(CheckResponse::with_status(Status::ok("OK"))));
+        }
+
+        return Ok(Response::new(CheckResponse::with_status(
+            Status::unauthenticated("Unauthorized"),
+        )));
     }
 }