From c583bcd1473205104a1e1af812ed4976d30c7baa Mon Sep 17 00:00:00 2001 From: mo khan Date: Fri, 2 May 2025 14:29:41 -0600 Subject: refactor: remove anything unrelated to the authz daemon --- pkg/authz/authz.go | 23 ----------------------- pkg/authz/casbin.go | 43 ------------------------------------------- pkg/authz/cedar.go | 34 ---------------------------------- pkg/authz/token.go | 30 ------------------------------ 4 files changed, 130 deletions(-) delete mode 100644 pkg/authz/authz.go delete mode 100644 pkg/authz/casbin.go delete mode 100644 pkg/authz/cedar.go delete mode 100644 pkg/authz/token.go (limited to 'pkg/authz') diff --git a/pkg/authz/authz.go b/pkg/authz/authz.go deleted file mode 100644 index 5a93a29c..00000000 --- a/pkg/authz/authz.go +++ /dev/null @@ -1,23 +0,0 @@ -package authz - -import "net/http" - -type Authorizer interface { - Authorize(*http.Request) bool -} - -type AuthorizerFunc func(*http.Request) bool - -func (f AuthorizerFunc) Authorize(r *http.Request) bool { - return f(r) -} - -func HTTP(authorizer Authorizer, h http.Handler) http.Handler { - return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - if authorizer.Authorize(r) { - h.ServeHTTP(w, r) - } else { - w.WriteHeader(http.StatusForbidden) - } - }) -} diff --git a/pkg/authz/casbin.go b/pkg/authz/casbin.go deleted file mode 100644 index 140bdb98..00000000 --- a/pkg/authz/casbin.go +++ /dev/null @@ -1,43 +0,0 @@ -package authz - -import ( - "fmt" - "net" - "net/http" - - "github.com/casbin/casbin/v3" - "github.com/xlgmokha/x/pkg/log" - "github.com/xlgmokha/x/pkg/x" -) - -func WithCasbin() Authorizer { - enforcer := x.Must(casbin.NewEnforcer("casbin.conf", "casbin.csv")) - - return AuthorizerFunc(func(r *http.Request) bool { - host, _, err := net.SplitHostPort(r.Host) - if err != nil { - log.WithFields(r.Context(), log.Fields{"error": err}) - return false - } - - subject, found := TokenFrom(r).Subject() - if !found { - subject = "*" - } - ok, err := enforcer.Enforce(subject, host, r.Method, r.URL.Path) - if err != nil { - log.WithFields(r.Context(), log.Fields{"error": err}) - return false - } - - fmt.Printf("%v: %v -> %v %v%v\n", ok, subject, r.Method, host, r.URL.Path) - log.WithFields(r.Context(), log.Fields{ - "authz": ok, - "subject": subject, - "action": r.Method, - "domain": host, - "object": r.URL.Path, - }) - return ok - }) -} diff --git a/pkg/authz/cedar.go b/pkg/authz/cedar.go deleted file mode 100644 index 18674c74..00000000 --- a/pkg/authz/cedar.go +++ /dev/null @@ -1,34 +0,0 @@ -package authz - -import ( - "net" - "net/http" - - cedar "github.com/cedar-policy/cedar-go" - "github.com/xlgmokha/x/pkg/log" - "gitlab.com/mokhax/spike/pkg/gid" - "gitlab.com/mokhax/spike/pkg/policies" -) - -func WithCedar() Authorizer { - return AuthorizerFunc(func(r *http.Request) bool { - host, _, err := net.SplitHostPort(r.Host) - if err != nil { - log.WithFields(r.Context(), log.Fields{"error": err}) - return false - } - subject, found := TokenFrom(r).Subject() - if !found { - subject = "gid://example/User/*" - } - - return policies.Allowed(cedar.Request{ - Principal: gid.NewEntityUID(subject), - Action: cedar.NewEntityUID("HttpMethod", cedar.String(r.Method)), - Resource: cedar.NewEntityUID("HttpPath", cedar.String(r.URL.Path)), - Context: cedar.NewRecord(cedar.RecordMap{ - "host": cedar.String(host), - }), - }) - }) -} diff --git a/pkg/authz/token.go b/pkg/authz/token.go deleted file mode 100644 index 2794bf4a..00000000 --- a/pkg/authz/token.go +++ /dev/null @@ -1,30 +0,0 @@ -package authz - -import ( - "net/http" - "strings" - - "github.com/lestrrat-go/jwx/v3/jwt" - "github.com/xlgmokha/x/pkg/log" -) - -func TokenFrom(r *http.Request) jwt.Token { - authorization := r.Header.Get("Authorization") - if authorization == "" || !strings.Contains(authorization, "Bearer") { - return jwt.New() - } - - token, err := jwt.ParseRequest(r, - jwt.WithContext(r.Context()), - jwt.WithHeaderKey("Authorization"), - jwt.WithValidate(false), // TODO:: Connect this to a JSON Web Key Set - jwt.WithVerify(false), // TODO:: Connect this to a JSON Web Key Set - ) - - if err != nil { - log.WithFields(r.Context(), log.Fields{"error": err}) - return jwt.New() - } - - return token -} -- cgit v1.2.3