-
-
Notifications
You must be signed in to change notification settings - Fork 1.5k
/
handler.go
126 lines (106 loc) · 3.07 KB
/
handler.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
package policy
import (
"encoding/json"
"fmt"
"net/http"
"github.com/julienschmidt/httprouter"
"github.com/ory-am/hydra/firewall"
"github.com/ory-am/hydra/herodot"
"github.com/ory-am/ladon"
"github.com/pborman/uuid"
"github.com/pkg/errors"
)
const (
endpoint = "/policies"
scope = "hydra.policies"
policyResource = "rn:hydra:policies"
policiesResource = "rn:hydra:policies:%s"
)
type Handler struct {
Manager ladon.Manager
H herodot.Herodot
W firewall.Firewall
}
func (h *Handler) SetRoutes(r *httprouter.Router) {
r.POST(endpoint, h.Create)
r.GET(endpoint, h.Find)
r.GET(endpoint+"/:id", h.Get)
r.DELETE(endpoint+"/:id", h.Delete)
}
func (h *Handler) Find(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
var subject = r.URL.Query().Get("subject")
var ctx = herodot.NewContext()
if subject == "" {
h.H.WriteErrorCode(ctx, w, r, http.StatusBadRequest, errors.New("Missing query parameter subject"))
}
if _, err := h.W.TokenAllowed(ctx, h.W.TokenFromRequest(r), &firewall.TokenAccessRequest{
Resource: policyResource,
Action: "find",
}, scope); err != nil {
h.H.WriteError(ctx, w, r, err)
return
}
policies, err := h.Manager.FindPoliciesForSubject(subject)
if err != nil {
h.H.WriteError(ctx, w, r, errors.Wrap(err, ""))
return
}
h.H.Write(ctx, w, r, policies)
}
func (h *Handler) Create(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
var p = ladon.DefaultPolicy{
Conditions: ladon.Conditions{},
}
ctx := herodot.NewContext()
if _, err := h.W.TokenAllowed(ctx, h.W.TokenFromRequest(r), &firewall.TokenAccessRequest{
Resource: policyResource,
Action: "create",
}, scope); err != nil {
h.H.WriteError(ctx, w, r, err)
return
}
if err := json.NewDecoder(r.Body).Decode(&p); err != nil {
h.H.WriteError(ctx, w, r, errors.Wrap(err, ""))
return
}
if p.ID == "" {
p.ID = uuid.New()
}
if err := h.Manager.Create(&p); err != nil {
h.H.WriteError(ctx, w, r, errors.Wrap(err, ""))
return
}
h.H.WriteCreated(ctx, w, r, "/policies/"+p.ID, &p)
}
func (h *Handler) Get(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
ctx := herodot.NewContext()
if _, err := h.W.TokenAllowed(ctx, h.W.TokenFromRequest(r), &firewall.TokenAccessRequest{
Resource: fmt.Sprintf(policiesResource, ps.ByName("id")),
Action: "get",
}, scope); err != nil {
h.H.WriteError(ctx, w, r, err)
return
}
policy, err := h.Manager.Get(ps.ByName("id"))
if err != nil {
h.H.WriteError(ctx, w, r, errors.Wrap(err, ""))
return
}
h.H.Write(ctx, w, r, policy)
}
func (h *Handler) Delete(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
ctx := herodot.NewContext()
id := ps.ByName("id")
if _, err := h.W.TokenAllowed(ctx, h.W.TokenFromRequest(r), &firewall.TokenAccessRequest{
Resource: fmt.Sprintf(policiesResource, id),
Action: "get",
}, scope); err != nil {
h.H.WriteError(ctx, w, r, err)
return
}
if err := h.Manager.Delete(id); err != nil {
h.H.WriteError(ctx, w, r, errors.New("Could not delete client"))
return
}
w.WriteHeader(http.StatusNoContent)
}