From 7f1b5e2417ccd79c556177a5382b43ce385f54ae Mon Sep 17 00:00:00 2001
From: mo khan <mo@mokhan.ca>
Date: Thu, 6 Mar 2025 13:23:09 -0700
Subject: refactor: leave shared code in lib folder and move everything else to
 the service related code

---
 bin/api                          |  4 +--
 bin/idp                          | 62 +++++++++++++++++++++++++++++++++++++++-
 lib/authx.rb                     | 13 ---------
 lib/authx/rpc.rb                 |  1 -
 lib/authx/rpc/ability_handler.rb | 50 --------------------------------
 5 files changed, 62 insertions(+), 68 deletions(-)
 delete mode 100644 lib/authx/rpc/ability_handler.rb

diff --git a/bin/api b/bin/api
index 0650020..3d618a2 100755
--- a/bin/api
+++ b/bin/api
@@ -21,7 +21,7 @@ end
 lib_path = Pathname.new(__FILE__).parent.parent.join('lib').realpath.to_s
 $LOAD_PATH.unshift(lib_path) unless $LOAD_PATH.include?(lib_path)
 
-require 'authx'
+require 'authx/rpc'
 
 $scheme = ENV.fetch("SCHEME", "http")
 $port = ENV.fetch("PORT", 8284).to_i
@@ -95,8 +95,6 @@ class API
   private
 
   def authorized?(request, permission, resource = Organization.new(id: 1))
-    # TODO:: Check the JWT for the appropriate claim
-    # Connect to the Authz RPC endpoint Ability.allowed?(subject, permission, resource)
     token = request&.get_header('HTTP_AUTHORIZATION')&.split(' ', 2)&.last
     response = rpc.allowed(
       subject: token,
diff --git a/bin/idp b/bin/idp
index 48a77f7..7229be6 100755
--- a/bin/idp
+++ b/bin/idp
@@ -19,7 +19,7 @@ end
 lib_path = Pathname.new(__FILE__).parent.parent.join('lib').realpath.to_s
 $LOAD_PATH.unshift(lib_path) unless $LOAD_PATH.include?(lib_path)
 
-require 'authx'
+require 'authx/rpc'
 
 $scheme = ENV.fetch("SCHEME", "http")
 $port = ENV.fetch("PORT", 8282).to_i
@@ -79,6 +79,66 @@ Saml::Kit.configure do |x|
   x.logger = Logger.new("/dev/stderr")
 end
 
+class OrganizationPolicy < DeclarativePolicy::Base
+  condition(:owner) { true }
+
+  rule { owner }.enable :create_project
+end
+
+DeclarativePolicy.configure do
+  name_transformation do |name|
+    "#{name}Policy"
+  end
+end
+
+class Organization
+  class << self
+    def find(id)
+      new
+    end
+  end
+end
+
+module Authx
+  module Rpc
+    class AbilityHandler
+      def allowed(request, env)
+        puts [request, env, can?(request)].inspect
+
+        {
+          result: can?(request)
+        }
+      end
+
+      private
+
+      def can?(request)
+        subject = subject_of(request.subject)
+        resource = resource_from(request.resource)
+        policy = DeclarativePolicy.policy_for(subject, resource)
+        policy.can?(request.permission.to_sym)
+      end
+
+      def subject_of(token)
+        _header, claims, _signature = from_jwt(token)
+        claims[:sub]
+      end
+
+      def resource_from(global_id)
+        # TODO:: Parse global id and convert to class
+        GlobalID::Locator.locate(global_id)
+      end
+
+      # TODO:: validate signature
+      def from_jwt(token)
+        token
+          .split('.', 3)
+          .map { |x| JSON.parse(Base64.strict_decode64(x), symbolize_names: true) }
+      end
+    end
+  end
+end
+
 class IdentityProvider
   def call(env)
     path = env['PATH_INFO']
diff --git a/lib/authx.rb b/lib/authx.rb
index 0c62039..5ee3f54 100644
--- a/lib/authx.rb
+++ b/lib/authx.rb
@@ -1,19 +1,6 @@
 # frozen_string_literal: true
 
-require "declarative_policy"
-
 require "authx/rpc"
 
 module Authx
-  class OrganizationPolicy < DeclarativePolicy::Base
-    condition(:owner) { true }
-
-    rule { owner }.enable :create_project
-  end
-
-  DeclarativePolicy.configure do
-    name_transformation do |name|
-      "Authx::#{name}Policy"
-    end
-  end
 end
diff --git a/lib/authx/rpc.rb b/lib/authx/rpc.rb
index a9963c6..78edbc4 100644
--- a/lib/authx/rpc.rb
+++ b/lib/authx/rpc.rb
@@ -2,4 +2,3 @@
 
 require "authx/rpc/ability_pb"
 require "authx/rpc/ability_twirp"
-require "authx/rpc/ability_handler"
diff --git a/lib/authx/rpc/ability_handler.rb b/lib/authx/rpc/ability_handler.rb
deleted file mode 100644
index 5f977e6..0000000
--- a/lib/authx/rpc/ability_handler.rb
+++ /dev/null
@@ -1,50 +0,0 @@
-# frozen_string_literal: true
-
-class Organization
-  class << self
-    def find(id)
-      new
-    end
-  end
-end
-
-module Authx
-  module Rpc
-
-    class AbilityHandler
-      def allowed(request, env)
-        puts [request, env, can?(request)].inspect
-
-        {
-          result: can?(request)
-        }
-      end
-
-      private
-
-      def can?(request)
-        subject = subject_of(request.subject)
-        resource = resource_from(request.resource)
-        policy = DeclarativePolicy.policy_for(subject, resource)
-        policy.can?(request.permission.to_sym)
-      end
-
-      def subject_of(token)
-        _header, claims, _signature = from_jwt(token)
-        claims[:sub]
-      end
-
-      def resource_from(global_id)
-        # TODO:: Parse global id and convert to class
-        GlobalID::Locator.locate(global_id)
-      end
-
-      # TODO:: validate signature
-      def from_jwt(token)
-        token
-          .split('.', 3)
-          .map { |x| JSON.parse(Base64.strict_decode64(x), symbolize_names: true) }
-      end
-    end
-  end
-end
-- 
cgit v1.2.3