diff options
| author | mo khan <mo@mokhan.ca> | 2025-03-06 12:27:03 -0700 |
|---|---|---|
| committer | mo khan <mo@mokhan.ca> | 2025-03-06 12:27:03 -0700 |
| commit | 68aaecae08062f6a200bc7167e8666c14165630c (patch) | |
| tree | 830f1ddb5ce40504b33976ec598a91b70d10d083 /bin | |
| parent | 534c909963f4d9ad4d4a8ec76d882cdf963f1811 (diff) | |
feat: remove standalone gRPC server
Diffstat (limited to 'bin')
| -rwxr-xr-x | bin/api | 23 | ||||
| -rwxr-xr-x | bin/idp | 2 | ||||
| -rwxr-xr-x | bin/rpc | 51 |
3 files changed, 8 insertions, 68 deletions
@@ -5,8 +5,9 @@ require 'bundler/inline' gemfile do source 'https://rubygems.org' + gem "declarative_policy", "~> 1.0" gem "erb", "~> 4.0" - gem "grpc", "~> 1.0" + gem "google-protobuf", "~> 3.0" gem "json", "~> 2.0" gem "logger", "~> 1.0" gem "rack", "~> 3.0" @@ -21,7 +22,6 @@ $LOAD_PATH.unshift(lib_path) unless $LOAD_PATH.include?(lib_path) require 'authx' -GRPC.logger = Logger.new($stderr, level: :debug) $scheme = ENV.fetch("SCHEME", "http") $port = ENV.fetch("PORT", 8284).to_i $host = ENV.fetch("HOST", "localhost:#{$port}") @@ -80,21 +80,10 @@ class API def authorized?(request, permission) # TODO:: Check the JWT for the appropriate claim # Connect to the Authz RPC endpoint Ability.allowed?(subject, permission, resource) - if twirp? - client = ::Authx::Rpc::AbilityClient.new("http://idp.example.com:8080/twirp") - response = client.allowed(subject: "", permission: permission, resource: "") - puts response.inspect - response&.error&.nil? && response&.data&.result - else - client = ::Authx::Rpc::Ability::Stub.new('localhost:50051', :this_channel_is_insecure) # TODO:: memorize client - reply = client.allowed(::Authx::Rpc::AllowRequest.new(subject: "", permission: permission, resource: "")) - puts reply.inspect - reply&.result - end - end - - def twirp? - true + client = ::Authx::Rpc::AbilityClient.new("http://idp.example.com:8080/twirp") + response = client.allowed(subject: "", permission: permission, resource: "") + puts response.inspect + response&.error&.nil? && response&.data&.result end def json_not_found @@ -5,6 +5,8 @@ require "bundler/inline" gemfile do source "https://rubygems.org" + gem "declarative_policy", "~> 1.0" + gem "google-protobuf", "~> 3.0" gem "erb", "~> 4.0" gem "rack", "~> 3.0" gem "rackup", "~> 2.0" diff --git a/bin/rpc b/bin/rpc deleted file mode 100755 index 6d9c0f7..0000000 --- a/bin/rpc +++ /dev/null @@ -1,51 +0,0 @@ -#!/usr/bin/env ruby - -require "bundler/inline" - -gemfile do - source "https://rubygems.org" - - gem "declarative_policy", "~> 1.0" - gem "grpc", "~> 1.0" - gem "grpc-tools", "~> 1.0" - gem "logger", "~> 1.0" -end - -lib_path = Pathname.new(__FILE__).parent.parent.join('lib/authx/rpc').realpath.to_s -$LOAD_PATH.unshift(lib_path) unless $LOAD_PATH.include?(lib_path) - -require 'ability_services_pb' - -class ProjectPolicy < DeclarativePolicy::Base - condition(:owner) { @subject.owner?(@user) } - - rule { owner }.enable :create_project -end - -class RawAbilityHandler < ::Authx::Rpc::Ability::Service - def allowed(request, _call) - puts [request, _call].inspect - GRPC.logger.info([request, _call].inspect) - - ::Authx::Rpc::AllowReply.new(result: true) - # TODO:: entrypoint to declarative policies - # AllowReply.new(result: policy_for(request).can?(request.permission)) - end - - private - - def policy_for(request) - # TODO:: convert subject in form of GlobalID to Resource Type - DeclarativePolicy.policy_for(request.subject, request.resource) - end -end - -host = ENV.fetch("HOST", "localhost") -port = ENV.fetch("PORT", "50051") -bind_addr = "#{host}:#{port}" -server = GRPC::RpcServer.new -server.add_http2_port(bind_addr, :this_port_is_insecure) -GRPC.logger = Logger.new($stderr, level: :debug) -GRPC.logger.info("... running insecurely on #{bind_addr}") -server.handle(RawAbilityHandler.new) -server.run_till_terminated_or_interrupted([1, 'int', 'SIGQUIT']) |