1 files changed, 27 insertions, 1 deletions

diff --git a/pkg/authz/check_service.go b/pkg/authz/check_service.go
index ff4e92a..3c4426a 100644
--- a/pkg/authz/check_service.go
+++ b/pkg/authz/check_service.go
@@ -2,6 +2,7 @@ package authz
 
 import (
 	"context"
+	"net/http"
 	"strings"
 
 	core "github.com/envoyproxy/go-control-plane/envoy/config/core/v3"
@@ -9,6 +10,7 @@ import (
 	types "github.com/envoyproxy/go-control-plane/envoy/type/v3"
 	"github.com/xlgmokha/x/pkg/log"
 	"github.com/xlgmokha/x/pkg/x"
+	"gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/pkg/pls"
 	status "google.golang.org/genproto/googleapis/rpc/status"
 	"google.golang.org/grpc/codes"
 )
@@ -66,7 +68,31 @@ func (svc *CheckService) validRequest(ctx context.Context, r *auth.CheckRequest)
 
 // TODO:: Replace this naive implementation
 func (svc *CheckService) isLoggedIn(ctx context.Context, r *auth.CheckRequest) bool {
-	return x.IsPresent(r.Attributes.Request.Http.Headers["cookie"])
+	rawCookie := r.Attributes.Request.Http.Headers["cookie"]
+	if x.IsPresent(rawCookie) {
+		cookies, err := http.ParseCookie(rawCookie)
+		if err != nil {
+			pls.LogError(ctx, err)
+			return false
+		}
+		idTokenCookie := x.Find(cookies, func(cookie *http.Cookie) bool {
+			return cookie.Name == "id_token"
+		})
+		if x.IsZero(idTokenCookie) {
+			return false
+		}
+		segments := strings.SplitN(idTokenCookie.Value, ".", 3)
+		if len(segments) != 3 {
+			return false
+		}
+		idToken, err := NewIDToken(idTokenCookie.Value)
+		if err != nil {
+			pls.LogError(ctx, err)
+			return false
+		}
+		return x.IsPresent(idToken)
+	}
+	return false
 }
 
 func (svc *CheckService) OK(ctx context.Context) *auth.CheckResponse {