/
observatorium_proxy.go
58 lines (49 loc) · 1.99 KB
/
observatorium_proxy.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
package handlers
import (
"net/http"
"github.com/bf2fc6cc711aee1a0c2a/kas-fleet-manager/internal/kafka/internal/services"
"github.com/bf2fc6cc711aee1a0c2a/kas-fleet-manager/pkg/auth"
"github.com/bf2fc6cc711aee1a0c2a/kas-fleet-manager/pkg/errors"
"github.com/bf2fc6cc711aee1a0c2a/kas-fleet-manager/pkg/handlers"
"github.com/gorilla/mux"
)
type observatoriumProxyHandler struct {
clusterService services.ClusterService
}
func NewObservatoriumProxyHandler(clusterService services.ClusterService) *observatoriumProxyHandler {
return &observatoriumProxyHandler{
clusterService: clusterService,
}
}
// ValidateTokenAndExternalClusterID validates combination of external cluster ID parameter against client ID from the claims
func (h observatoriumProxyHandler) ValidateTokenAndExternalClusterID(w http.ResponseWriter, r *http.Request) {
externalID := mux.Vars(r)["cluster_external_id"]
cfg := &handlers.HandlerConfig{
Validate: []handlers.Validate{
handlers.ValidateExternalClusterId(&externalID, "external cluster id"),
},
Action: func() (i interface{}, serviceError *errors.ServiceError) {
ctx := r.Context()
claims, err := auth.GetClaimsFromContext(ctx)
if err != nil {
return nil, errors.Unauthenticated("unable to authenticate token provided in the request")
}
clientID, err := claims.GetClientID()
if err != nil {
return nil, errors.Unauthenticated("unable to get client ID from the token")
}
cluster, err := h.clusterService.FindCluster(services.FindClusterCriteria{ExternalID: externalID})
if err != nil {
return nil, errors.GeneralError("failed to validate the request: %v" + err.Error())
}
if cluster == nil {
return nil, errors.NotFound("unable to find cluster with external cluster ID: %s", externalID)
}
if clientID != cluster.ClientID {
return nil, errors.Forbidden("failed to match the client ID in the token against provided external cluster ID: %s" + externalID)
}
return nil, nil
},
}
handlers.Handle(w, r, cfg, http.StatusOK)
}