/
auxdata.go
55 lines (42 loc) · 1.35 KB
/
auxdata.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
// Copyright 2021-2024 Zenauth Ltd.
// SPDX-License-Identifier: Apache-2.0
package auxdata
import (
"context"
"errors"
"fmt"
enginev1 "github.com/cerbos/cerbos/api/genpb/cerbos/engine/v1"
requestv1 "github.com/cerbos/cerbos/api/genpb/cerbos/request/v1"
"github.com/cerbos/cerbos/internal/config"
"github.com/cerbos/cerbos/internal/observability/tracing"
)
var ErrFailedToExtractJWT = errors.New("failed to extract JWT")
type AuxData struct {
jwt *jwtHelper
}
func New(ctx context.Context) (*AuxData, error) {
conf := &Conf{}
if err := config.GetSection(conf); err != nil {
return nil, err
}
return NewFromConf(ctx, conf), nil
}
func NewFromConf(ctx context.Context, conf *Conf) *AuxData {
return &AuxData{jwt: newJWTHelper(ctx, conf.JWT)}
}
func NewWithoutVerification(ctx context.Context) *AuxData {
return &AuxData{jwt: newJWTHelper(ctx, &JWTConf{DisableVerification: true})}
}
// Extract auxiliary data and convert to format expected by the engine.
func (ad *AuxData) Extract(ctx context.Context, adProto *requestv1.AuxData) (*enginev1.AuxData, error) {
if adProto == nil {
return nil, nil
}
ctx, span := tracing.StartSpan(ctx, "aux_data.Extract")
defer span.End()
jwtPB, err := ad.jwt.extract(ctx, adProto.Jwt)
if err != nil {
return nil, fmt.Errorf("%w: %w", ErrFailedToExtractJWT, err)
}
return &enginev1.AuxData{Jwt: jwtPB}, nil
}