1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
|
package authz
import (
v1 "github.com/authzed/authzed-go/proto/authzed/api/v1"
auth "github.com/envoyproxy/go-control-plane/envoy/service/auth/v3"
"github.com/xlgmokha/x/pkg/log"
"github.com/xlgmokha/x/pkg/mapper"
"github.com/xlgmokha/x/pkg/x"
)
func init() {
mapper.Register[*auth.CheckRequest, log.Fields](func(r *auth.CheckRequest) log.Fields {
return log.Fields{
"host": r.Attributes.Request.Http.Host,
"id": r.Attributes.Request.Http.Id,
"method": r.Attributes.Request.Http.Method,
"path": r.Attributes.Request.Http.Path,
"protocol": r.Attributes.Request.Http.Protocol,
"request_id": r.Attributes.Request.Http.Headers["x-request-id"],
"scheme": r.Attributes.Request.Http.Scheme,
"subject": r.Attributes.Request.Http.Headers["x-jwt-claim-username"],
}
})
mapper.Register[*auth.CheckRequest, *v1.ObjectReference](func(r *auth.CheckRequest) *v1.ObjectReference {
return &v1.ObjectReference{
ObjectType: "project",
ObjectId: "1",
}
})
mapper.Register[*auth.CheckRequest, *v1.SubjectReference](func(r *auth.CheckRequest) *v1.SubjectReference {
//TODO:: username is not ideal but it works for demo purposes
username := r.Attributes.Request.Http.Headers["x-jwt-claim-username"]
if x.IsZero(username) {
username = "public"
}
return &v1.SubjectReference{
Object: &v1.ObjectReference{
ObjectType: "user",
ObjectId: username,
},
}
})
mapper.Register[*auth.CheckRequest, Permission](func(r *auth.CheckRequest) Permission {
return "read"
})
mapper.Register[*auth.CheckRequest, *v1.CheckPermissionRequest](func(r *auth.CheckRequest) *v1.CheckPermissionRequest {
return &v1.CheckPermissionRequest{
Resource: mapper.MapFrom[*auth.CheckRequest, *v1.ObjectReference](r),
Permission: mapper.MapFrom[*auth.CheckRequest, Permission](r).String(),
Subject: mapper.MapFrom[*auth.CheckRequest, *v1.SubjectReference](r),
}
})
}
|
