/
handler.go
114 lines (90 loc) · 2.06 KB
/
handler.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
package handler
import (
"context"
"github.com/aws/aws-lambda-go/events"
"golang.org/x/sync/errgroup"
"github.com/yunomu/auth/lib/db/productdb"
"github.com/yunomu/auth/lib/db/userlist"
"github.com/yunomu/auth/lib/preauthfunc"
)
type Handler struct {
productDB productdb.DB
userlistDB userlist.DB
preAuthFunc preauthfunc.Func
logger Logger
}
type Option func(*Handler)
func SetLogger(l Logger) Option {
return func(h *Handler) {
if l != nil {
h.logger = &defaultLogger{}
} else {
h.logger = l
}
}
}
func NewHandler(
productDB productdb.DB,
userlistDB userlist.DB,
preAuthFunc preauthfunc.Func,
opts ...Option,
) *Handler {
h := &Handler{
productDB: productDB,
userlistDB: userlistDB,
preAuthFunc: preAuthFunc,
logger: &defaultLogger{},
}
for _, f := range opts {
f(h)
}
return h
}
func containsAppCode(appCode string, appCodes []string) bool {
for _, c := range appCodes {
if c == appCode {
return true
}
}
return false
}
type Request events.CognitoEventUserPoolsPreAuthentication
func (h *Handler) Serve(ctx context.Context, req *Request) (*Request, error) {
g, ctx := errgroup.WithContext(ctx)
var product *productdb.Product
g.Go(func() error {
rec, _, err := h.productDB.Get(ctx, req.CallerContext.ClientID)
if err != nil {
h.logger.Error(err, "productDB.Get", req)
return err
}
product = rec
return nil
})
email := req.Request.UserAttributes["email"]
var user *userlist.User
g.Go(func() error {
u, _, err := h.userlistDB.Get(ctx, email)
if err != nil {
h.logger.Error(err, "userlistDB.Get", req)
return err
}
user = u
return nil
})
if err := g.Wait(); err != nil {
return nil, err
}
if !containsAppCode(product.AppCode, user.AppCodes) {
h.logger.Info("the user does not have permissions for this app", req, product, user)
return req, nil
}
if product.FuncArn == "" {
return req, nil
}
if err := h.preAuthFunc.PreAuthentication(ctx, product.FuncArn, email); err != nil {
h.logger.Error(err, "preAuthFunc.PreAuthentication", req)
return nil, err
}
return req, nil
}