-
Notifications
You must be signed in to change notification settings - Fork 134
/
basic.go
53 lines (45 loc) · 1.45 KB
/
basic.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
package authorization
import (
"context"
"encoding/base64"
"strings"
grpc_auth "github.com/grpc-ecosystem/go-grpc-middleware/auth"
"github.com/armadaproject/armada/internal/common/armadaerrors"
"github.com/armadaproject/armada/internal/common/auth/configuration"
)
type BasicAuthService struct {
users map[string]configuration.UserInfo
}
func NewBasicAuthService(users map[string]configuration.UserInfo) *BasicAuthService {
return &BasicAuthService{users: users}
}
func (authService *BasicAuthService) Name() string {
return "Basic"
}
func (authService *BasicAuthService) Authenticate(ctx context.Context) (Principal, error) {
basicAuth, err := grpc_auth.AuthFromMD(ctx, "basic")
if err == nil {
payload, err := base64.StdEncoding.DecodeString(basicAuth)
if err != nil {
return nil, &armadaerrors.ErrInvalidCredentials{
AuthService: authService.Name(),
Message: err.Error(),
}
}
pair := strings.SplitN(string(payload), ":", 2)
return authService.loginUser(pair[0], pair[1])
}
return nil, &armadaerrors.ErrMissingCredentials{
AuthService: authService.Name(),
}
}
func (authService *BasicAuthService) loginUser(username string, password string) (Principal, error) {
userInfo, ok := authService.users[username]
if ok && userInfo.Password == password {
return NewStaticPrincipal(username, userInfo.Groups), nil
}
return nil, &armadaerrors.ErrInvalidCredentials{
Username: username,
AuthService: authService.Name(),
}
}