forked from fabric8-services/fabric8-auth
/
login.go
90 lines (76 loc) · 3.49 KB
/
login.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
package test
import (
"context"
"github.com/fabric8-services/fabric8-auth/account"
"github.com/fabric8-services/fabric8-auth/auth"
tokencontext "github.com/fabric8-services/fabric8-auth/login/tokencontext"
"github.com/fabric8-services/fabric8-auth/space/authz"
"github.com/fabric8-services/fabric8-auth/token"
"time"
jwt "github.com/dgrijalva/jwt-go"
"github.com/goadesign/goa"
goajwt "github.com/goadesign/goa/middleware/security/jwt"
)
type dummySpaceAuthzService struct {
}
func (s *dummySpaceAuthzService) Authorize(ctx context.Context, entitlementEndpoint string, spaceID string) (bool, error) {
return true, nil
}
func (s *dummySpaceAuthzService) Configuration() authz.AuthzConfiguration {
return nil
}
// WithIdentity fills the context with token
// Token is filled using input Identity object
func WithIdentity(ctx context.Context, ident account.Identity) context.Context {
token := fillClaimsWithIdentity(ident)
return goajwt.WithJWT(ctx, token)
}
// WithAuthz fills the context with token
// Token is filled using input Identity object and resource authorization information
func WithAuthz(ctx context.Context, key interface{}, ident account.Identity, authz auth.AuthorizationPayload) context.Context {
token := fillClaimsWithIdentity(ident)
token.Claims.(jwt.MapClaims)["authorization"] = authz
t, err := token.SignedString(key)
if err != nil {
panic(err.Error())
}
token.Raw = t
return goajwt.WithJWT(ctx, token)
}
func fillClaimsWithIdentity(ident account.Identity) *jwt.Token {
token := jwt.New(jwt.SigningMethodRS256)
token.Claims.(jwt.MapClaims)["sub"] = ident.ID.String()
token.Claims.(jwt.MapClaims)["uuid"] = ident.ID.String()
token.Claims.(jwt.MapClaims)["fullName"] = ident.User.FullName
token.Claims.(jwt.MapClaims)["imageURL"] = ident.User.ImageURL
token.Claims.(jwt.MapClaims)["iat"] = time.Now().Unix()
return token
}
func service(serviceName string, tm token.Manager, key interface{}, u account.Identity, authz *auth.AuthorizationPayload) *goa.Service {
svc := goa.New(serviceName)
if authz == nil {
svc.Context = WithIdentity(svc.Context, u)
} else {
svc.Context = WithAuthz(svc.Context, key, u, *authz)
}
svc.Context = tokencontext.ContextWithTokenManager(svc.Context, tm)
return svc
}
// ServiceAsUserWithAuthz creates a new service and fill the context with input Identity and resource authorization information
func ServiceAsUserWithAuthz(serviceName string, tm token.Manager, key interface{}, u account.Identity, authorizationPayload auth.AuthorizationPayload) *goa.Service {
svc := service(serviceName, tm, key, u, &authorizationPayload)
svc.Context = tokencontext.ContextWithSpaceAuthzService(svc.Context, &authz.KeycloakAuthzServiceManager{Service: &dummySpaceAuthzService{}})
return svc
}
// ServiceAsUser creates a new service and fill the context with input Identity
func ServiceAsUser(serviceName string, tm token.Manager, u account.Identity) *goa.Service {
svc := service(serviceName, tm, nil, u, nil)
svc.Context = tokencontext.ContextWithSpaceAuthzService(svc.Context, &authz.KeycloakAuthzServiceManager{Service: &dummySpaceAuthzService{}})
return svc
}
// ServiceAsSpaceUser creates a new service and fill the context with input Identity and space authz service
func ServiceAsSpaceUser(serviceName string, tm token.Manager, u account.Identity, authzSrv authz.AuthzService) *goa.Service {
svc := service(serviceName, tm, nil, u, nil)
svc.Context = tokencontext.ContextWithSpaceAuthzService(svc.Context, &authz.KeycloakAuthzServiceManager{Service: authzSrv})
return svc
}