-
Notifications
You must be signed in to change notification settings - Fork 26
/
authorizer.go
123 lines (101 loc) · 3.39 KB
/
authorizer.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
package app
import (
"context"
"net/http"
"strconv"
"github.com/aserto-dev/certs"
authz "github.com/aserto-dev/go-authorizer/aserto/authorizer/v2"
azOpenAPI "github.com/aserto-dev/openapi-authorizer/publish/authorizer"
builder "github.com/aserto-dev/service-host"
"github.com/aserto-dev/topaz/pkg/app/impl"
"github.com/aserto-dev/topaz/pkg/cc/config"
"github.com/aserto-dev/topaz/pkg/rapidoc"
"github.com/aserto-dev/topaz/resolvers"
"github.com/grpc-ecosystem/grpc-gateway/v2/runtime"
"github.com/pkg/errors"
"github.com/rs/zerolog"
"go.opencensus.io/plugin/ocgrpc"
"go.opencensus.io/stats/view"
"google.golang.org/grpc"
)
type Authorizer struct {
Resolver *resolvers.Resolvers
AuthorizerServer *impl.AuthorizerServer
cfg *builder.API
opts []grpc.ServerOption
}
const (
authorizerService = "authorizer"
)
func NewAuthorizer(cfg *builder.API, commonConfig *config.Common, authorizerOpts []grpc.ServerOption, logger *zerolog.Logger) (ServiceTypes, error) {
if cfg.GRPC.Certs.TLSCertPath != "" {
tlsCreds, err := certs.GRPCServerTLSCreds(cfg.GRPC.Certs)
if err != nil {
return nil, errors.Wrap(err, "failed to calculate tls config")
}
tlsAuth := grpc.Creds(tlsCreds)
authorizerOpts = append(authorizerOpts, tlsAuth)
}
if err := view.Register(ocgrpc.DefaultServerViews...); err != nil {
return nil, err
}
authorizerOpts = append(authorizerOpts, grpc.StatsHandler(&ocgrpc.ServerHandler{}))
authResolvers := resolvers.New()
authServer := impl.NewAuthorizerServer(logger, commonConfig, authResolvers)
return &Authorizer{
cfg: cfg,
opts: authorizerOpts,
Resolver: authResolvers,
AuthorizerServer: authServer,
}, nil
}
func (e *Authorizer) AvailableServices() []string {
return []string{authorizerService}
}
func (e *Authorizer) GetGRPCRegistrations(services ...string) builder.GRPCRegistrations {
return func(server *grpc.Server) {
authz.RegisterAuthorizerServer(server, e.AuthorizerServer)
}
}
func (e *Authorizer) GetGatewayRegistration(services ...string) builder.HandlerRegistrations {
return func(ctx context.Context, mux *runtime.ServeMux, grpcEndpoint string, opts []grpc.DialOption) error {
if err := authz.RegisterAuthorizerHandlerFromEndpoint(ctx, mux, grpcEndpoint, opts); err != nil {
return err
}
if len(services) > 0 {
if err := mux.HandlePath(http.MethodGet, authorizerOpenAPISpec, azOpenAPIHandler); err != nil {
return err
}
if err := mux.HandlePath(http.MethodGet, authorizerOpenAPIDocs, azOpenAPIDocsHandler()); err != nil {
return err
}
}
return nil
}
}
func (e *Authorizer) Cleanups() []func() {
return nil
}
const (
authorizerOpenAPISpec string = "/authorizer/openapi.json"
authorizerOpenAPIDocs string = "/authorizer/docs"
)
func azOpenAPIHandler(w http.ResponseWriter, r *http.Request, pathParams map[string]string) {
buf, err := azOpenAPI.Static().ReadFile("openapi.json")
if err != nil {
w.WriteHeader(http.StatusNotFound)
}
w.Header().Add("Content-Type", "application/json")
w.Header().Add("Content-Length", strconv.FormatInt(int64(len(buf)), 10))
_, _ = w.Write(buf)
}
func azOpenAPIDocsHandler() runtime.HandlerFunc {
h := rapidoc.Handler(&rapidoc.Opts{
Path: authorizerOpenAPIDocs,
SpecURL: authorizerOpenAPISpec,
Title: "Aserto Directory HTTP API",
}, nil)
return func(w http.ResponseWriter, r *http.Request, pathParams map[string]string) {
h.ServeHTTP(w, r)
}
}