diff options
| author | mo khan <mo@mokhan.ca> | 2025-03-06 13:23:09 -0700 |
|---|---|---|
| committer | mo khan <mo@mokhan.ca> | 2025-03-06 13:23:09 -0700 |
| commit | 7f1b5e2417ccd79c556177a5382b43ce385f54ae (patch) | |
| tree | 357e45e89d4f95aeefc3c952d662a467505f2caa /lib | |
| parent | 1faacf8dda27d4eef0a4440deda82326262e0a89 (diff) | |
refactor: leave shared code in lib folder and move everything else to the service related code
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/authx.rb | 13 | ||||
| -rw-r--r-- | lib/authx/rpc.rb | 1 | ||||
| -rw-r--r-- | lib/authx/rpc/ability_handler.rb | 50 |
3 files changed, 0 insertions, 64 deletions
diff --git a/lib/authx.rb b/lib/authx.rb index 0c62039..5ee3f54 100644 --- a/lib/authx.rb +++ b/lib/authx.rb @@ -1,19 +1,6 @@ # frozen_string_literal: true -require "declarative_policy" - require "authx/rpc" module Authx - class OrganizationPolicy < DeclarativePolicy::Base - condition(:owner) { true } - - rule { owner }.enable :create_project - end - - DeclarativePolicy.configure do - name_transformation do |name| - "Authx::#{name}Policy" - end - end end diff --git a/lib/authx/rpc.rb b/lib/authx/rpc.rb index a9963c6..78edbc4 100644 --- a/lib/authx/rpc.rb +++ b/lib/authx/rpc.rb @@ -2,4 +2,3 @@ require "authx/rpc/ability_pb" require "authx/rpc/ability_twirp" -require "authx/rpc/ability_handler" diff --git a/lib/authx/rpc/ability_handler.rb b/lib/authx/rpc/ability_handler.rb deleted file mode 100644 index 5f977e6..0000000 --- a/lib/authx/rpc/ability_handler.rb +++ /dev/null @@ -1,50 +0,0 @@ -# frozen_string_literal: true - -class Organization - class << self - def find(id) - new - end - end -end - -module Authx - module Rpc - - class AbilityHandler - def allowed(request, env) - puts [request, env, can?(request)].inspect - - { - result: can?(request) - } - end - - private - - def can?(request) - subject = subject_of(request.subject) - resource = resource_from(request.resource) - policy = DeclarativePolicy.policy_for(subject, resource) - policy.can?(request.permission.to_sym) - end - - def subject_of(token) - _header, claims, _signature = from_jwt(token) - claims[:sub] - end - - def resource_from(global_id) - # TODO:: Parse global id and convert to class - GlobalID::Locator.locate(global_id) - end - - # TODO:: validate signature - def from_jwt(token) - token - .split('.', 3) - .map { |x| JSON.parse(Base64.strict_decode64(x), symbolize_names: true) } - end - end - end -end |