core/oc-auth
6
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity

INTERNAL ASK RULES

Browse Source
This commit is contained in:
mr
2024-10-30 16:39:52 +01:00
parent d33d2eb343
commit 2ca16c07b3
5 changed files with 16 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
infrastructure/claims/hydra_claims.go
View File

@@ -16,7 +16,7 @@ import (
type HydraClaims struct{}
func (h HydraClaims) generateKey(relation string, path string) (string, error) {
method, err := utils.ExtractMethod(relation, false)
method, err := utils.ExtractMethod(relation, true)
if err != nil {
return "", err
}
@@ -25,11 +25,14 @@ func (h HydraClaims) generateKey(relation string, path string) (string, error) {
}
// decode key expect to extract method and path from key
func (h HydraClaims) decodeKey(key string) (tools.METHOD, string, error) {
func (h HydraClaims) decodeKey(key string, external bool) (tools.METHOD, string, error) {
s := strings.Split(key, "_")
if len(s) < 2 {
return tools.GET, "", errors.New("invalid key")
}
if strings.Contains(strings.ToUpper(s[0]), "INTERNAL") && external {
return tools.GET, "", errors.New("external ask for internal key")
}
meth, err := utils.ExtractMethod(s[0], false)
if err != nil {
return meth, "", err
@@ -60,7 +63,7 @@ func (h HydraClaims) encodeSignature(host string) (string, error) {
return SignDefault(hashed[:], spkiBlock.Bytes)
}
func (h HydraClaims) DecodeClaimsInToken(host string, method string, forward string, sessionClaims Claims, publicKey string) (bool, error) {
func (h HydraClaims) DecodeClaimsInToken(host string, method string, forward string, sessionClaims Claims, publicKey string, external bool) (bool, error) {
idTokenClaims := sessionClaims.Session.IDToken
if idTokenClaims["signature"] == nil {
return false, errors.New("no signature found")
@@ -81,9 +84,9 @@ func (h HydraClaims) DecodeClaimsInToken(host string, method string, forward str
if strings.Contains(v, ":") { // is a param
continue
} else if v != splittedPath[i] {
meth, _, err := h.decodeKey(m)
meth, _, err := h.decodeKey(m, external)
if err != nil {
return false, err
continue
}
perm := perms_connectors.Permission{
Relation: "permits" + strings.ToLower(meth.String()),
@@ -99,14 +102,14 @@ func (h HydraClaims) DecodeClaimsInToken(host string, method string, forward str
// add claims to token method of HydraTokenizer
func (h HydraClaims) AddClaimsToToken(userId string, host string) Claims {
claims := Claims{}
perms, err := perms_connectors.KetoConnector{}.GetPermissionByUser(userId, false)
perms, err := perms_connectors.KetoConnector{}.GetPermissionByUser(userId, true)
if err != nil {
return claims
}
claims.Session.AccessToken = make(map[string]interface{})
claims.Session.IDToken = make(map[string]interface{})
for _, perm := range perms {
key, err := h.generateKey(perm.Relation, perm.Object)
key, err := h.generateKey(strings.ReplaceAll(perm.Relation, "permits", ""), perm.Object)
if err != nil {
continue
}