stephie/authentricity
1
0
Fork 0
forked from authentricity/authentricity
Code Pull requests Activity

HTTP authz: Return groups

Browse source
This commit is contained in:
Erin Shepherd 2023-03-08 13:50:50 +00:00
parent cc469027ba
commit 20f0f6c047
2 changed files with 43 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

24
internal/webui/authz.go
View file

@ -2,10 +2,34 @@ package webui
import (
"context"
"fmt"
"github.com/google/uuid"
"github.com/lestrrat-go/jwx/v2/jwt/openid"
)
func getTokenGroupIDs(tok openid.Token) ([]string, error) {
groupsIfc, ok := tok.Get("authentricity.groups")
if !ok {
return nil, nil
}
groups, ok := groupsIfc.([]interface{})
if !ok {
return nil, fmt.Errorf("Groups element of token of invalid type: %+v", groups)
}
groupsStr := make([]string, len(groups))
for i := range groups {
groupsStr[i], ok = groups[i].(string)
if !ok {
return nil, fmt.Errorf("Group entry of incorrect type: %+v", groups[i])
}
}
return groupsStr, nil
}
func (s *Service) isInGroup(ctx context.Context, id uuid.UUID) bool {
tok := getUserToken(ctx)
groupsIfc, ok := tok.Get("authentricity.groups")

26
internal/webui/pg_auth.go
View file

@ -1,17 +1,29 @@
package webui
import "net/http"
import (
"net/http"
"go.uber.org/zap"
)
func (s *Service) authGet(w http.ResponseWriter, r *http.Request) {
tok := getUserToken(r.Context())
if tok == nil {
w.WriteHeader(http.StatusUnauthorized)
} else {
headers := w.Header()
headers.Add("X-Webauth-UserID", tok.Subject())
headers.Add("X-Webauth-User", tok.PreferredUsername())
headers.Add("X-Webauth-Email", tok.Email())
w.WriteHeader(http.StatusNoContent)
return
}
headers := w.Header()
headers.Add("X-Webauth-UserID", tok.Subject())
headers.Add("X-Webauth-User", tok.PreferredUsername())
headers.Add("X-Webauth-Email", tok.Email())
groups, err := getTokenGroupIDs(tok)
if err != nil {
zap.S().Errorf("Error getting groups from token: %v", err)
} else {
headers["X-Webauth-Groups"] = groups
}
w.WriteHeader(http.StatusNoContent)
}