From 3f54e2fc59f21029813863491b37e39bb6015115 Mon Sep 17 00:00:00 2001
From: mo khan <mo@mokhan.ca>
Date: Wed, 2 Apr 2025 11:23:47 -0600
Subject: refactor: move policies and entities in policies package

---
 pkg/authz/cedar.go | 35 ++++-------------------------------
 1 file changed, 4 insertions(+), 31 deletions(-)

(limited to 'pkg/authz')

diff --git a/pkg/authz/cedar.go b/pkg/authz/cedar.go
index 1d952651..7a92f8e4 100644
--- a/pkg/authz/cedar.go
+++ b/pkg/authz/cedar.go
@@ -1,53 +1,26 @@
 package authz
 
 import (
-	"encoding/json"
-	"fmt"
-	"net"
 	"net/http"
-	"os"
 
 	cedar "github.com/cedar-policy/cedar-go"
-	"github.com/cedar-policy/cedar-go/types"
-	"github.com/xlgmokha/x/pkg/x"
-	xlog "gitlab.com/mokhax/spike/pkg/log"
+	"gitlab.com/mokhax/spike/pkg/policies"
 )
 
 func WithCedar() Authorizer {
-	var policy cedar.Policy
-	x.Check(policy.UnmarshalCedar(x.Must(os.ReadFile("cedar.conf"))))
-
-	policies := cedar.NewPolicySet()
-	policies.Add("cedar.conf", &policy)
-
-	var entities cedar.EntityMap
-	if err := json.Unmarshal(x.Must(os.ReadFile("cedar.json")), &entities); err != nil {
-		xlog.Logger.Error("Error", "error", err)
-		return nil
-	}
-
 	return AuthorizerFunc(func(r *http.Request) bool {
-		host, _, err := net.SplitHostPort(r.Host)
-		if err != nil {
-			return false
-		}
-
 		subject, found := TokenFrom(r).Subject()
 		if !found {
 			subject = "*"
 		}
 
-		req := cedar.Request{
+		return policies.Allowed(cedar.Request{
 			Principal: cedar.NewEntityUID("Subject", cedar.String(subject)),
 			Action:    cedar.NewEntityUID("Action", cedar.String(r.Method)),
 			Resource:  cedar.NewEntityUID("Path", cedar.String(r.URL.Path)),
 			Context: cedar.NewRecord(cedar.RecordMap{
-				"Host": cedar.String(host),
+				"Host": cedar.String(r.Host),
 			}),
-		}
-
-		ok, diagnostic := policies.IsAuthorized(entities, req)
-		fmt.Printf("%v: %v -> %v %v%v %v\n", ok, subject, r.Method, host, r.URL.Path, diagnostic.Reasons)
-		return ok == types.Allow
+		})
 	})
 }
-- 
cgit v1.2.3