pkg/authz/cedar.go


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26

package authz

import (
	"net/http"

	cedar "github.com/cedar-policy/cedar-go"
	"gitlab.com/mokhax/spike/pkg/policies"
)

func WithCedar() Authorizer {
	return AuthorizerFunc(func(r *http.Request) bool {
		subject, found := TokenFrom(r).Subject()
		if !found {
			subject = "*"
		}

		return policies.Allowed(cedar.Request{
			Principal: cedar.NewEntityUID("Subject", cedar.String(subject)),
			Action:    cedar.NewEntityUID("Action", cedar.String(r.Method)),
			Resource:  cedar.NewEntityUID("Path", cedar.String(r.URL.Path)),
			Context: cedar.NewRecord(cedar.RecordMap{
				"Host": cedar.String(r.Host),
			}),
		})
	})
}