forked from Onyx-Protocol/Onyx
-
Notifications
You must be signed in to change notification settings - Fork 0
/
membership.go
54 lines (47 loc) · 1.03 KB
/
membership.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
package core
import (
"context"
"encoding/json"
"net"
"time"
"chain/database/sinkdb"
"chain/errors"
"chain/net/http/authz"
)
var (
errMissingAddr = errors.New("missing address")
errInvalidAddr = errors.New("invalid address")
)
func (a *API) addAllowedMember(ctx context.Context, x struct{ Addr string }) error {
if x.Addr == "" {
return errMissingAddr
}
hostname, _, err := net.SplitHostPort(x.Addr)
if err != nil {
newerr := errors.Sub(errInvalidAddr, err)
if addrErr, ok := err.(*net.AddrError); ok {
newerr = errors.WithDetail(newerr, addrErr.Err)
}
return newerr
}
data := map[string]interface{}{
"subject": map[string]string{
"CN": hostname,
},
}
guardData, err := json.Marshal(data)
if err != nil {
return errors.Wrap(err)
}
err = a.sdb.Exec(ctx,
sinkdb.AddAllowedMember(x.Addr),
a.grants.Save(ctx, &authz.Grant{
Policy: "internal",
GuardType: "x509",
GuardData: guardData,
CreatedAt: time.Now().UTC().Format(time.RFC3339),
Protected: true,
}),
)
return errors.Wrap(err)
}