From 7a23f5256b861705b69405c690eead5b30df7775 Mon Sep 17 00:00:00 2001
From: mo khan <mo@mokhan.ca>
Date: Sat, 5 Jul 2025 12:30:04 -0600
Subject: feat: allow requests from localhost

---
 src/authorization/server.rs | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'src/authorization/server.rs')

diff --git a/src/authorization/server.rs b/src/authorization/server.rs
index 23b7720e..feb89d52 100644
--- a/src/authorization/server.rs
+++ b/src/authorization/server.rs
@@ -40,9 +40,9 @@ impl Server {
                 tracing::info!(
                     method = %req.method(),
                     path = %req.uri().path(),
-                    content_type = ?req.headers().get("content-type").and_then(|v| v.to_str().ok()),
-                    user_agent = ?req.headers().get("user-agent").and_then(|v| v.to_str().ok()),
-                    x_request_id = ?req.headers().get("x-request-id").and_then(|v| v.to_str().ok()),
+                    content_type = req.headers().get("content-type").map_or("unknown", |v| v.to_str().unwrap_or("unknown")),
+                    user_agent = req.headers().get("user-agent").map_or("unknown", |v| v.to_str().unwrap_or("unknown")),
+                    x_request_id = req.headers().get("x-request-id").map_or("none", |v| v.to_str().unwrap_or("none")),
                     "gRPC request"
                 );
 
-- 
cgit v1.2.3


From 2a56b8fa13aef71493959ca9e50b48d806082f33 Mon Sep 17 00:00:00 2001
From: mo khan <mo@mokhan.ca>
Date: Sat, 5 Jul 2025 12:49:18 -0600
Subject: refactor: pass the PaC autorizer to the server to allow trying
 different ones

---
 src/authorization/authorizer.rs | 2 +-
 src/authorization/server.rs     | 6 +++---
 src/main.rs                     | 3 ++-
 3 files changed, 6 insertions(+), 5 deletions(-)

(limited to 'src/authorization/server.rs')

diff --git a/src/authorization/authorizer.rs b/src/authorization/authorizer.rs
index 14a7df27..62733585 100644
--- a/src/authorization/authorizer.rs
+++ b/src/authorization/authorizer.rs
@@ -1,5 +1,5 @@
 use envoy_types::ext_authz::v3::pb::CheckRequest;
 
-pub trait Authorizer: std::fmt::Debug {
+pub trait Authorizer: std::fmt::Debug + std::marker::Sync + std::marker::Send + 'static {
     fn authorize(&self, request: CheckRequest) -> bool;
 }
diff --git a/src/authorization/server.rs b/src/authorization/server.rs
index feb89d52..759a550d 100644
--- a/src/authorization/server.rs
+++ b/src/authorization/server.rs
@@ -8,13 +8,13 @@ pub struct Server {
 }
 
 impl Server {
-    pub fn new() -> Result<Server, Box<dyn std::error::Error>> {
+    pub fn new<T: super::Authorizer>(authorizer: T) -> Result<Server, Box<dyn std::error::Error>> {
         let (health_reporter, health_service) = tonic_health::server::health_reporter();
         std::mem::drop(
             health_reporter.set_service_status("", tonic_health::ServingStatus::Serving),
         );
         let authorization_service =
-            AuthorizationServer::new(CheckService::new(Arc::new(CedarAuthorizer::default())));
+            AuthorizationServer::new(CheckService::new(Arc::new(authorizer)));
 
         let reflection_service = tonic_reflection::server::Builder::configure()
             .register_encoded_file_descriptor_set(tonic_health::pb::FILE_DESCRIPTOR_SET)
@@ -64,6 +64,6 @@ impl Server {
 
 impl Default for Server {
     fn default() -> Self {
-        Self::new().unwrap()
+        Self::new(CedarAuthorizer::default()).unwrap()
     }
 }
diff --git a/src/main.rs b/src/main.rs
index 511d3d04..add0d88d 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -17,7 +17,8 @@ async fn main() -> Result<(), Box<dyn std::error::Error>> {
         .parse()?;
 
     tracing::info!(address = %addr, "Starting authorization server");
-    let server = authzd::authorization::Server::new()?;
+    let cedar = authzd::authorization::CedarAuthorizer::default();
+    let server = authzd::authorization::Server::new(cedar)?;
     server.serve(addr).await?;
 
     Ok(())
-- 
cgit v1.2.3