From c10d21934dfdc89b7f288edb71434731a4223a2c Mon Sep 17 00:00:00 2001
From: mo khan <mo@mokhan.ca>
Date: Fri, 18 Jul 2025 10:52:12 -0600
Subject: refactor: extract type mappings for check service

---
 pkg/authz/init.go | 58 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 58 insertions(+)
 create mode 100644 pkg/authz/init.go

(limited to 'pkg/authz/init.go')

diff --git a/pkg/authz/init.go b/pkg/authz/init.go
new file mode 100644
index 00000000..3ceb1412
--- /dev/null
+++ b/pkg/authz/init.go
@@ -0,0 +1,58 @@
+package authz
+
+import (
+	v1 "github.com/authzed/authzed-go/proto/authzed/api/v1"
+	auth "github.com/envoyproxy/go-control-plane/envoy/service/auth/v3"
+	"github.com/xlgmokha/x/pkg/log"
+	"github.com/xlgmokha/x/pkg/mapper"
+	"github.com/xlgmokha/x/pkg/x"
+)
+
+func init() {
+	mapper.Register[*auth.CheckRequest, log.Fields](func(r *auth.CheckRequest) log.Fields {
+		return log.Fields{
+			"host":       r.Attributes.Request.Http.Host,
+			"id":         r.Attributes.Request.Http.Id,
+			"method":     r.Attributes.Request.Http.Method,
+			"path":       r.Attributes.Request.Http.Path,
+			"protocol":   r.Attributes.Request.Http.Protocol,
+			"request_id": r.Attributes.Request.Http.Headers["x-request-id"],
+			"scheme":     r.Attributes.Request.Http.Scheme,
+			"subject":    r.Attributes.Request.Http.Headers["x-jwt-claim-username"],
+		}
+	})
+
+	mapper.Register[*auth.CheckRequest, *v1.ObjectReference](func(r *auth.CheckRequest) *v1.ObjectReference {
+		return &v1.ObjectReference{
+			ObjectType: "project",
+			ObjectId:   "1",
+		}
+	})
+
+	mapper.Register[*auth.CheckRequest, *v1.SubjectReference](func(r *auth.CheckRequest) *v1.SubjectReference {
+		//TODO:: username is not ideal but it works for demo purposes
+		username := r.Attributes.Request.Http.Headers["x-jwt-claim-username"]
+		if x.IsZero(username) {
+			username = "public"
+		}
+
+		return &v1.SubjectReference{
+			Object: &v1.ObjectReference{
+				ObjectType: "user",
+				ObjectId:   username,
+			},
+		}
+	})
+
+	mapper.Register[*auth.CheckRequest, Permission](func(r *auth.CheckRequest) Permission {
+		return "read"
+	})
+
+	mapper.Register[*auth.CheckRequest, *v1.CheckPermissionRequest](func(r *auth.CheckRequest) *v1.CheckPermissionRequest {
+		return &v1.CheckPermissionRequest{
+			Resource:   mapper.MapFrom[*auth.CheckRequest, *v1.ObjectReference](r),
+			Permission: mapper.MapFrom[*auth.CheckRequest, Permission](r).String(),
+			Subject:    mapper.MapFrom[*auth.CheckRequest, *v1.SubjectReference](r),
+		}
+	})
+}
-- 
cgit v1.2.3