summaryrefslogtreecommitdiff
path: root/src/authorization/server.rs
diff options
context:
space:
mode:
Diffstat (limited to 'src/authorization/server.rs')
-rw-r--r--src/authorization/server.rs50
1 files changed, 50 insertions, 0 deletions
diff --git a/src/authorization/server.rs b/src/authorization/server.rs
new file mode 100644
index 00000000..2ad270df
--- /dev/null
+++ b/src/authorization/server.rs
@@ -0,0 +1,50 @@
+use super::cedar_authorizer::CedarAuthorizer;
+use super::check_service::CheckService;
+use envoy_types::ext_authz::v3::pb::AuthorizationServer;
+use std::sync::Arc;
+
+pub struct Server {
+ router: tonic::transport::server::Router,
+}
+
+impl Server {
+ pub fn new() -> Result<Server, Box<dyn std::error::Error>> {
+ let (_health_reporter, health_service) = tonic_health::server::health_reporter();
+ let authorization_service =
+ AuthorizationServer::new(CheckService::new(Arc::new(CedarAuthorizer::default())));
+
+ Ok(Self::new_with(|mut builder| {
+ builder
+ .add_service(authorization_service)
+ .add_service(health_service)
+ }))
+ }
+
+ pub fn new_with<F>(f: F) -> Server
+ where
+ F: FnOnce(tonic::transport::Server) -> tonic::transport::server::Router,
+ {
+ let builder = tonic::transport::Server::builder()
+ .trace_fn(|req| {
+ tracing::info_span!(
+ "request",
+ method = %req.method(),
+ path = %req.uri().path(),
+ headers = ?req.headers(),
+ )
+ })
+ .timeout(std::time::Duration::from_secs(30));
+ let router = f(builder);
+ Server { router }
+ }
+
+ pub async fn serve(self, addr: std::net::SocketAddr) -> Result<(), tonic::transport::Error> {
+ self.router.serve(addr).await
+ }
+}
+
+impl Default for Server {
+ fn default() -> Self {
+ Self::new().unwrap()
+ }
+}
generated by cgit v1.2.3 (git 2.39.1) at 2026-02-02 14:43:57 +0000