-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Added a collection type struct for authorizations
- Loading branch information
Showing
12 changed files
with
142 additions
and
100 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,4 +1,4 @@ | ||
package config | ||
package authz | ||
|
||
import ( | ||
"testing" | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,96 @@ | ||
// Package authz contains all authorizations related content | ||
package authz | ||
|
||
import ( | ||
"errors" | ||
"fmt" | ||
"log/slog" | ||
"os" | ||
"path/filepath" | ||
"strings" | ||
) | ||
|
||
// Authorizations is a collection of multiple client authorizations | ||
type Authorizations struct { | ||
authorizations map[string]*Authorization | ||
} | ||
|
||
// NewAuthorizations instantiates a new Authorizations object | ||
func NewAuthorizations() *Authorizations { | ||
return &Authorizations{ | ||
authorizations: make(map[string]*Authorization), | ||
} | ||
} | ||
|
||
// Add appends the provided auth configuration to the collection | ||
func (a *Authorizations) Add(auth *Authorization) error { | ||
if len(auth.ClientID) == 0 { | ||
return errors.New("cannot add an empty clientID") | ||
} | ||
a.authorizations[auth.ClientID] = auth | ||
return nil | ||
} | ||
|
||
// IsAllowed ensures the provided clientID is configured for accessing the provided path with the given method | ||
func (a *Authorizations) IsAllowed(clientID string, path string, method HTTPMethod) (bool, error) { | ||
reason := "" | ||
allowed := true | ||
|
||
auth, authFound := a.authorizations[clientID] | ||
if !authFound || !auth.IsAllowed(path, method) { | ||
allowed = false | ||
if !authFound { | ||
reason = fmt.Sprintf("no authz configuration defined for %s", clientID) | ||
} else { | ||
reason = fmt.Sprintf("%s is not authorized to access %s %s", clientID, method, path) | ||
} | ||
} | ||
|
||
if !allowed { | ||
return false, errors.New(reason) | ||
} | ||
return true, nil | ||
} | ||
|
||
// LoadAll loads all the client authorization yaml files from the provided directory | ||
func LoadAll(dir string) (*Authorizations, error) { | ||
|
||
fileInfo, err := os.Stat(dir) | ||
if err != nil { | ||
return nil, err | ||
} | ||
|
||
if !fileInfo.IsDir() { | ||
return nil, fmt.Errorf("'%s' is not a directory", dir) | ||
} | ||
|
||
authz := NewAuthorizations() | ||
|
||
err = filepath.Walk(dir, func(path string, info os.FileInfo, err error) error { | ||
if err != nil { | ||
return err | ||
} | ||
|
||
// Check if the file is a regular file and has a YAML extension | ||
if !info.IsDir() && (strings.HasSuffix(info.Name(), ".yaml") || strings.HasSuffix(info.Name(), ".yml")) { | ||
content, err := os.ReadFile(path) | ||
if err != nil { | ||
fmt.Println("Error:", err) | ||
|
||
} | ||
conf, err := NewAuthorizationFromYaml(content) | ||
if err != nil { | ||
slog.Error(fmt.Sprintf("unable to load '%s' see details for errors", path), slog.Any("error", err)) | ||
} | ||
authz.authorizations[conf.ClientID] = conf | ||
} | ||
|
||
return nil | ||
}) | ||
|
||
if err != nil { | ||
slog.Error(fmt.Sprintf("an error occured while load authorization files from '%s' see details for errors", dir), slog.Any("error", err)) | ||
} | ||
|
||
return authz, nil | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
// Package config provides configuration support for the Jarl server | ||
package server | ||
|
||
import "github.com/fredjeck/jarl/authz" | ||
|
||
// Configuration stores the configuration options for the Jarl server | ||
type Configuration struct { | ||
HTTPListenOn string // HTTPListenOn stores the InetAddr on which the HTTP Server is listening for inbound connections | ||
GRPCListenOn string // GRPCListenOn stores the InetAddr on which the HTTP Server is listening for inbound connections | ||
ClientsConfigurationPath string // ClientsConfigurationPath stores the path where the client configurations are stored | ||
HTTPAuthZHeader string // HTTPAuthZHeader contains the name of the http header element which will be matchted for clientID | ||
Authorizations *authz.Authorizations // Authorizations stores the configured authorizations | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.