From 6300c4130099b016c7dd3bfcb17d541e77d79d72 Mon Sep 17 00:00:00 2001
From: mo khan <mo@mokhan.ca>
Date: Wed, 5 Mar 2025 17:24:44 -0700
Subject: feat: connect REST API to gRPC Ability.allowed? service

---
 bin/api                    | 15 ++++++++++++++-
 bin/rpc                    |  1 +
 lib/ability_pb.rb          | 14 ++++++++++++++
 lib/ability_services_pb.rb | 20 ++++++++++++++++++++
 4 files changed, 49 insertions(+), 1 deletion(-)
 create mode 100644 lib/ability_pb.rb
 create mode 100644 lib/ability_services_pb.rb

diff --git a/bin/api b/bin/api
index 1bce8d95..212e31a2 100755
--- a/bin/api
+++ b/bin/api
@@ -6,13 +6,21 @@ gemfile do
   source 'https://rubygems.org'
 
   gem "erb", "~> 4.0"
+  gem "grpc", "~> 1.0"
   gem "json", "~> 2.0"
+  gem "logger", "~> 1.0"
   gem "rack", "~> 3.0"
   gem "rackup", "~> 2.0"
   gem "securerandom", "~> 0.1"
   gem "webrick", "~> 1.0"
 end
 
+lib_path = Pathname.new(__FILE__).parent.parent.join('lib').realpath.to_s
+$LOAD_PATH.unshift(lib_path) unless $LOAD_PATH.include?(lib_path)
+
+require 'ability_services_pb'
+
+GRPC.logger = Logger.new($stderr, level: :debug)
 $scheme = ENV.fetch("SCHEME", "http")
 $port = ENV.fetch("PORT", 8284).to_i
 $host = ENV.fetch("HOST", "localhost:#{$port}")
@@ -71,7 +79,12 @@ class API
   def authorized?(request, permission)
     # TODO:: Check the JWT for the appropriate claim
     # Connect to the Authz RPC endpoint Ability.allowed?(subject, permission, resource)
-    true
+    client = ::Ability::Stub.new('localhost:50051', :this_channel_is_insecure) # TODO:: memorize client
+    reply = client.allowed(AllowRequest.new(subject: "", permission: permission, resource: ""))
+    puts "***" * 10
+    puts reply.inspect
+    puts "***" * 10
+    reply&.result
   end
 
   def json_not_found
diff --git a/bin/rpc b/bin/rpc
index 14490182..fe9a0dcc 100755
--- a/bin/rpc
+++ b/bin/rpc
@@ -19,6 +19,7 @@ class AbilityHandler < ::Ability::Service
   def allowed(request, _call)
     puts [request, _call].inspect
     # TODO:: entrypoint to declarative policies
+    GRPC.logger.info([request, _call].inspect)
     AllowReply.new(result: true)
   end
 end
diff --git a/lib/ability_pb.rb b/lib/ability_pb.rb
new file mode 100644
index 00000000..06bc660d
--- /dev/null
+++ b/lib/ability_pb.rb
@@ -0,0 +1,14 @@
+# frozen_string_literal: true
+# Generated by the protocol buffer compiler.  DO NOT EDIT!
+# source: ability.proto
+
+require 'google/protobuf'
+
+
+descriptor_data = "\n\rability.proto\"E\n\x0c\x41llowRequest\x12\x0f\n\x07subject\x18\x01 \x02(\t\x12\x12\n\npermission\x18\x02 \x02(\t\x12\x10\n\x08resource\x18\x03 \x02(\t\"\x1c\n\nAllowReply\x12\x0e\n\x06result\x18\x01 \x02(\x08\x32\x32\n\x07\x41\x62ility\x12\'\n\x07\x41llowed\x12\r.AllowRequest\x1a\x0b.AllowReply\"\x00"
+
+pool = Google::Protobuf::DescriptorPool.generated_pool
+pool.add_serialized_file(descriptor_data)
+
+AllowRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("AllowRequest").msgclass
+AllowReply = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("AllowReply").msgclass
diff --git a/lib/ability_services_pb.rb b/lib/ability_services_pb.rb
new file mode 100644
index 00000000..7aec39bd
--- /dev/null
+++ b/lib/ability_services_pb.rb
@@ -0,0 +1,20 @@
+# Generated by the protocol buffer compiler.  DO NOT EDIT!
+# Source: ability.proto for package ''
+
+require 'grpc'
+require 'ability_pb'
+
+module Ability
+  class Service
+
+    include ::GRPC::GenericService
+
+    self.marshal_class_method = :encode
+    self.unmarshal_class_method = :decode
+    self.service_name = 'Ability'
+
+    rpc :Allowed, ::AllowRequest, ::AllowReply
+  end
+
+  Stub = Service.rpc_stub_class
+end
-- 
cgit v1.2.3