Merge pull request #20 from w6d-io/update

[ADD] patch metas if not present
w6d-io · Oct 12, 2023 · 12c6019 · 12c6019
2 parents 0c2c432 + 6a5fa49
commit 12c6019
Show file tree

Hide file tree

Showing 3 changed files with 71 additions and 29 deletions.
diff --git a/src/grpc/router.rs b/src/grpc/router.rs
@@ -48,10 +48,7 @@ impl Iam for MyIam {
     }
 
     ///grpc route to remove an identity field
-    async fn remove_permission(
-        &self,
-        req: Request<Input>,
-    ) -> Result<TonicResponse<Reply>, Status> {
+    async fn remove_permission(&self, req: Request<Input>) -> Result<TonicResponse<Reply>, Status> {
         let (_, ext, payload) = req.into_parts();
         let uuid = match ext.get::<RequestId>() {
             Some(uuid) => uuid

diff --git a/src/http/controler.rs b/src/http/controler.rs
@@ -1,4 +1,5 @@
-use anyhow::{bail, Context, Result};
+use anyhow::{Context, Result};
+use serde_json::Value;
 use tracing::{debug, info};
 
 #[allow(unused_imports)]
@@ -7,14 +8,24 @@ use ory_kratos_client::{
     models::{Identity, JsonPatch},
 };
 
-
 use crate::permission::{Input, Mode};
 
+fn patch_empty_meta(root: &str,patch_vec: &mut Vec<JsonPatch>, uuid: &str) -> Result<()>{
+    let path = "/".to_owned() + root;
+    let patch =
+        format!("{{\"op\" : \"add\", \"path\" : \"{path}\", \"value\" : {{}} }}");
+    let json =
+        serde_json::from_str::<JsonPatch>(&patch).context(format!("{uuid}:"))?;
+    patch_vec.push(json);
+    Ok(())
+}
+
 async fn verify_type_path(
     _client: &Configuration,
     uuid: &str,
     payload: &Input,
-) -> Result<Option<JsonPatch>> {
+) -> Result<Option<Vec<JsonPatch>>> {
+    let mut patch_vec = Vec::new();
     #[cfg(not(test))]
     let identity =
         ory_kratos_client::apis::identity_api::get_identity(_client, &payload.id, None).await?;
@@ -29,11 +40,43 @@ async fn verify_type_path(
         identity.metadata_admin = Some(serde_json::Value::String("test".to_owned()));
         identity
     };
-    debug!("identity: {:#?}", identity);
-    let meta = match identity.metadata_admin {
-        Some(meta) => meta,
-        None => bail!("{uuid}: missing metadata_admin"),
+    let (root, meta) = match payload.mode() {
+        Mode::Admin => {
+            let root = "metadata_admin";
+            let meta = match &identity.metadata_admin {
+                Some(meta) => meta,
+                None => {
+                    patch_empty_meta(root, &mut patch_vec, uuid)?;
+                    &Value::Null
+                }
+            };
+            (root, meta)
+        }
+        Mode::Public => {
+            let root = "metadata_public";
+            let meta = match &identity.metadata_public {
+                Some(meta) => meta,
+                None => {
+                    patch_empty_meta(root, &mut patch_vec, uuid)?;
+                    &Value::Null
+                }
+            };
+            (root, meta)
+        }
+        Mode::Trait => {
+            let root = "traits";
+            let meta = match &identity.traits {
+                Some(meta) => meta,
+                None => {
+                    patch_empty_meta(root, &mut patch_vec, uuid)?;
+                    &Value::Null
+                }
+            };
+            (root, meta)
+        }
     };
+    debug!("identity: {:#?}", identity);
+
     if meta
         .pointer(&("/".to_owned() + &payload.perm_type as &str))
         .is_none()
@@ -42,10 +85,11 @@ async fn verify_type_path(
             "{uuid}: {} do not exit, adding it to metadata",
             payload.perm_type
         );
-        let path = "/metadata_admin".to_owned() + "/" + &payload.perm_type as &str;
+        let path = "/".to_owned() + root + "/" + &payload.perm_type as &str;
         let patch = format!("{{\"op\" : \"add\", \"path\" : \"{path}\", \"value\" : {{}} }}");
         let json = serde_json::from_str::<JsonPatch>(&patch).context(format!("{uuid}:"))?;
-        return Ok(Some(json));
+        patch_vec.push(json);
+        return Ok(Some(patch_vec));
     }
     Ok(None)
 }
@@ -60,8 +104,8 @@ pub async fn kratos_controler(
 ) -> Result<()> {
     let mut patch_vec = Vec::new();
     if op != "remove" {
-        if let Some(json_patch) = verify_type_path(_client, uuid, &payload).await? {
-            patch_vec.push(json_patch);
+        if let Some(mut json_patch) = verify_type_path(_client, uuid, &payload).await? {
+            patch_vec.append(&mut json_patch);
         };
     }
     info!("{uuid}: Patching identity");

diff --git a/src/mtls.rs b/src/mtls.rs
@@ -29,20 +29,21 @@ pub async fn build_rustls_server_config(
 
     info!("mTLS ca cert path={}", ca);
     let ca = tokio::fs::read(ca).await.unwrap();
-    let mut server_config = if let Some(Item::X509Certificate(ca)) =
-        rustls_pemfile::read_one(&mut ca.as_ref())?
-    {
-        let mut root_cert_store = RootCertStore::empty();
-        root_cert_store
-            .add(&rustls::Certificate(ca))
-            .expect("bad ca cert");
-        config_builder
-            .with_client_cert_verifier(server::AllowAnyAuthenticatedClient::new(root_cert_store).boxed())
-            .with_single_cert(cert, key)
-            .expect("bad certificate/key")
-    } else {
-        panic!("invalid root ca cert")
-    };
+    let mut server_config =
+        if let Some(Item::X509Certificate(ca)) = rustls_pemfile::read_one(&mut ca.as_ref())? {
+            let mut root_cert_store = RootCertStore::empty();
+            root_cert_store
+                .add(&rustls::Certificate(ca))
+                .expect("bad ca cert");
+            config_builder
+                .with_client_cert_verifier(
+                    server::AllowAnyAuthenticatedClient::new(root_cert_store).boxed(),
+                )
+                .with_single_cert(cert, key)
+                .expect("bad certificate/key")
+        } else {
+            panic!("invalid root ca cert")
+        };
     server_config.alpn_protocols = vec![b"h2".to_vec(), b"http/1.1".to_vec()];
     Ok(Arc::new(server_config))
 }