summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--pkg/authz/local_check_service.go (renamed from pkg/authz/check_service.go)24
-rw-r--r--pkg/authz/local_check_service_test.go (renamed from pkg/authz/check_service_test.go)4
-rw-r--r--pkg/authz/server.go2
3 files changed, 15 insertions, 15 deletions
diff --git a/pkg/authz/check_service.go b/pkg/authz/local_check_service.go
index 55560f5..e165143 100644
--- a/pkg/authz/check_service.go
+++ b/pkg/authz/local_check_service.go
@@ -34,27 +34,27 @@ var public map[string]bool = map[string]bool{
"POST:/sparkles/restore": true,
}
-type CheckService struct {
+type LocalCheckService struct {
auth.UnimplementedAuthorizationServer
}
-func NewCheckService() auth.AuthorizationServer {
- return &CheckService{}
+func NewLocalCheckService() auth.AuthorizationServer {
+ return &LocalCheckService{}
}
-func (svc *CheckService) Check(ctx context.Context, request *auth.CheckRequest) (*auth.CheckResponse, error) {
+func (svc *LocalCheckService) Check(ctx context.Context, request *auth.CheckRequest) (*auth.CheckResponse, error) {
if svc.isAllowed(ctx, request) {
return svc.OK(ctx), nil
}
return svc.Denied(ctx), nil
}
-func (svc *CheckService) isPublic(ctx context.Context, r *auth.CheckRequest) bool {
+func (svc *LocalCheckService) isPublic(ctx context.Context, r *auth.CheckRequest) bool {
ok, _ := public[svc.keyFor(r.Attributes.Request.Http)]
return ok
}
-func (svc *CheckService) isAllowed(ctx context.Context, r *auth.CheckRequest) bool {
+func (svc *LocalCheckService) isAllowed(ctx context.Context, r *auth.CheckRequest) bool {
if !svc.validRequest(ctx, r) {
return false
}
@@ -63,7 +63,7 @@ func (svc *CheckService) isAllowed(ctx context.Context, r *auth.CheckRequest) bo
return svc.isPublic(ctx, r) || svc.isLoggedIn(ctx, r)
}
-func (svc *CheckService) validRequest(ctx context.Context, r *auth.CheckRequest) bool {
+func (svc *LocalCheckService) validRequest(ctx context.Context, r *auth.CheckRequest) bool {
return x.IsPresent(r) &&
x.IsPresent(r.Attributes) &&
x.IsPresent(r.Attributes.Request) &&
@@ -71,7 +71,7 @@ func (svc *CheckService) validRequest(ctx context.Context, r *auth.CheckRequest)
}
// TODO:: Replace this naive implementation
-func (svc *CheckService) isLoggedIn(ctx context.Context, r *auth.CheckRequest) bool {
+func (svc *LocalCheckService) isLoggedIn(ctx context.Context, r *auth.CheckRequest) bool {
rawCookie := r.Attributes.Request.Http.Headers["cookie"]
if x.IsPresent(rawCookie) {
cookies, err := http.ParseCookie(rawCookie)
@@ -102,7 +102,7 @@ func (svc *CheckService) isLoggedIn(ctx context.Context, r *auth.CheckRequest) b
return false
}
-func (svc *CheckService) OK(ctx context.Context) *auth.CheckResponse {
+func (svc *LocalCheckService) OK(ctx context.Context) *auth.CheckResponse {
log.WithFields(ctx, log.Fields{"authorized": true})
return &auth.CheckResponse{
Status: &status.Status{
@@ -118,7 +118,7 @@ func (svc *CheckService) OK(ctx context.Context) *auth.CheckResponse {
}
}
-func (svc *CheckService) Denied(ctx context.Context) *auth.CheckResponse {
+func (svc *LocalCheckService) Denied(ctx context.Context) *auth.CheckResponse {
log.WithFields(ctx, log.Fields{"authorized": false})
return &auth.CheckResponse{
Status: &status.Status{
@@ -135,7 +135,7 @@ func (svc *CheckService) Denied(ctx context.Context) *auth.CheckResponse {
}
}
-func (svc *CheckService) fieldsFor(r *auth.CheckRequest) log.Fields {
+func (svc *LocalCheckService) fieldsFor(r *auth.CheckRequest) log.Fields {
return log.Fields{
"host": r.Attributes.Request.Http.Host,
"id": r.Attributes.Request.Http.Id,
@@ -147,6 +147,6 @@ func (svc *CheckService) fieldsFor(r *auth.CheckRequest) log.Fields {
}
}
-func (svc *CheckService) keyFor(r *auth.AttributeContext_HttpRequest) string {
+func (svc *LocalCheckService) keyFor(r *auth.AttributeContext_HttpRequest) string {
return strings.Join([]string{r.Method, r.Path}, ":")
}
diff --git a/pkg/authz/check_service_test.go b/pkg/authz/local_check_service_test.go
index fc2da86..eb633d4 100644
--- a/pkg/authz/check_service_test.go
+++ b/pkg/authz/local_check_service_test.go
@@ -11,8 +11,8 @@ import (
"google.golang.org/protobuf/types/known/timestamppb"
)
-func TestCheckService(t *testing.T) {
- svc := NewCheckService()
+func TestLocalCheckService(t *testing.T) {
+ svc := NewLocalCheckService()
t.Run("allows access", func(t *testing.T) {
idToken := "eyJ0eXAiOiJKV1QiLCJraWQiOiJ0ZDBTbWRKUTRxUGg1cU5Lek0yNjBDWHgyVWgtd2hHLU1Eam9PS1dmdDhFIiwiYWxnIjoiUlMyNTYifQ.eyJpc3MiOiJodHRwOi8vZ2RrLnRlc3Q6MzAwMCIsInN1YiI6IjEiLCJhdWQiOiJlMzFlMWRhMGI4ZjZiNmUzNWNhNzBjNzkwYjEzYzA0MDZlNDRhY2E2YjJiZjY3ZjU1ZGU3MzU1YTk3OWEyMjRmIiwiZXhwIjoxNzQ3OTM3OTgzLCJpYXQiOjE3NDc5Mzc4NjMsImF1dGhfdGltZSI6MTc0Nzc3NDA2Nywic3ViX2xlZ2FjeSI6IjI0NzRjZjBiMjIxMTY4OGE1NzI5N2FjZTBlMjYwYTE1OTQ0NzU0ZDE2YjFiZDQyYzlkNjc3OWM5MDAzNjc4MDciLCJuYW1lIjoiQWRtaW5pc3RyYXRvciIsIm5pY2tuYW1lIjoicm9vdCIsInByZWZlcnJlZF91c2VybmFtZSI6InJvb3QiLCJlbWFpbCI6ImFkbWluQGV4YW1wbGUuY29tIiwiZW1haWxfdmVyaWZpZWQiOnRydWUsInByb2ZpbGUiOiJodHRwOi8vZ2RrLnRlc3Q6MzAwMC9yb290IiwicGljdHVyZSI6Imh0dHBzOi8vd3d3LmdyYXZhdGFyLmNvbS9hdmF0YXIvMjU4ZDhkYzkxNmRiOGNlYTJjYWZiNmMzY2QwY2IwMjQ2ZWZlMDYxNDIxZGJkODNlYzNhMzUwNDI4Y2FiZGE0Zj9zPTgwJmQ9aWRlbnRpY29uIiwiZ3JvdXBzX2RpcmVjdCI6WyJnaXRsYWItb3JnIiwidG9vbGJveCIsIm1hc3NfaW5zZXJ0X2dyb3VwX18wXzEwMCIsImN1c3RvbS1yb2xlcy1yb290LWdyb3VwL2FhIiwiY3VzdG9tLXJvbGVzLXJvb3QtZ3JvdXAvYWEvYWFhIiwiZ251d2dldCIsIkNvbW1pdDQ1MSIsImphc2hrZW5hcyIsImZsaWdodGpzIiwidHdpdHRlciIsImdpdGxhYi1leGFtcGxlcyIsImdpdGxhYi1leGFtcGxlcy9zZWN1cml0eSIsIjQxMjcwOCIsImdpdGxhYi1leGFtcGxlcy9kZW1vLWdyb3VwIiwiY3VzdG9tLXJvbGVzLXJvb3QtZ3JvdXAiLCI0MzQwNDQtZ3JvdXAtMSIsIjQzNDA0NC1ncm91cC0yIiwiZ2l0bGFiLW9yZzEiLCJnaXRsYWItb3JnL3NlY3VyZSIsImdpdGxhYi1vcmcvc2VjdXJlL21hbmFnZXJzIiwiZ2l0bGFiLW9yZy9zZWN1cml0eS1wcm9kdWN0cyIsImdpdGxhYi1vcmcvc2VjdXJpdHktcHJvZHVjdHMvYW5hbHl6ZXJzIl19.TjTrGS5FjfPoY0HWkSLvgjogBxB27jX2beosOZAkwXi_gO3q9DTnL0csOgxjoF1UR8baPNfMFBqL1ipLxBdY9vvDxZve-sOhoSptjzLGkCi7uQKeu7r8wNyFWNWhcLwmbinZyENGSZqIDSkHy0lGdo9oj7qqnH6sYqU46jtWACDGSHTFjNNuo1s_P2SZgkaq4c4v4jdlVV_C_Qlvtl7-eaWV1LzTpB4Mz0VWGsRx1pk3-KnS24crhBjxSE383z4Nar4ZhrsrTK-bOj33l6U32gRKNb4g6GxrPXaRQ268n37spQmbQn0aDwmUOABv-aBRy203bCCZca8BJ0XBur8t6w"
diff --git a/pkg/authz/server.go b/pkg/authz/server.go
index 434d233..6eedcca 100644
--- a/pkg/authz/server.go
+++ b/pkg/authz/server.go
@@ -30,7 +30,7 @@ func New(ctx context.Context, options ...grpc.ServerOption) *Server {
connection := Connection.From(ctx)
if x.IsZero(connection) {
- auth.RegisterAuthorizationServer(server, NewCheckService())
+ auth.RegisterAuthorizationServer(server, NewLocalCheckService())
} else {
pls.LogNow(ctx, log.Fields{"authzd": map[string]string{
"target": connection.CanonicalTarget(),
generated by cgit v1.2.3 (git 2.39.1) at 2026-02-02 11:19:09 +0000