diff --git a/go.mod b/go.mod index 0ae47d9..a7ad333 100644 --- a/go.mod +++ b/go.mod @@ -3,7 +3,7 @@ module oc-auth go 1.22.0 require ( - cloud.o-forge.io/core/oc-lib v0.0.0-20241115080752-9a8625f8b409 + cloud.o-forge.io/core/oc-lib v0.0.0-20241121074503-15ca06aba883 github.com/beego/beego/v2 v2.3.1 github.com/nats-io/nats.go v1.37.0 github.com/ory/hydra-client-go v1.11.8 diff --git a/go.sum b/go.sum index b2c6230..0fe08bf 100644 --- a/go.sum +++ b/go.sum @@ -83,6 +83,22 @@ cloud.o-forge.io/core/oc-lib v0.0.0-20241114103936-c24f2f26c4ed h1:vOy5nuu/sETZ+ cloud.o-forge.io/core/oc-lib v0.0.0-20241114103936-c24f2f26c4ed/go.mod h1:ya7Q+zHhaKM+XF6sAJ+avqHEVzaMnFJQih2X3TlTlGo= cloud.o-forge.io/core/oc-lib v0.0.0-20241115080752-9a8625f8b409 h1:Pt9ih89OgmjnkFmRKdiMnUwYsfZcrqVqJWGNMS3Lsd4= cloud.o-forge.io/core/oc-lib v0.0.0-20241115080752-9a8625f8b409/go.mod h1:ya7Q+zHhaKM+XF6sAJ+avqHEVzaMnFJQih2X3TlTlGo= +cloud.o-forge.io/core/oc-lib v0.0.0-20241120085309-08e9ee67fe96 h1:1f2m8148/bOY19urpgtgShmGPDMnnjRqcEczrkVDJBA= +cloud.o-forge.io/core/oc-lib v0.0.0-20241120085309-08e9ee67fe96/go.mod h1:ya7Q+zHhaKM+XF6sAJ+avqHEVzaMnFJQih2X3TlTlGo= +cloud.o-forge.io/core/oc-lib v0.0.0-20241120093920-b49685aa8223 h1:LX04VfuXWxi+Q0lKhBBd7tfyLO3R4y8um3srRVlMbSY= +cloud.o-forge.io/core/oc-lib v0.0.0-20241120093920-b49685aa8223/go.mod h1:ya7Q+zHhaKM+XF6sAJ+avqHEVzaMnFJQih2X3TlTlGo= +cloud.o-forge.io/core/oc-lib v0.0.0-20241120150854-57f18b224443 h1:cqlL4/EsqYlQ6luPBC4+6+gWNwQqWVV8DPD8O7F6yM8= +cloud.o-forge.io/core/oc-lib v0.0.0-20241120150854-57f18b224443/go.mod h1:ya7Q+zHhaKM+XF6sAJ+avqHEVzaMnFJQih2X3TlTlGo= +cloud.o-forge.io/core/oc-lib v0.0.0-20241120153807-3b77c0da8352 h1:xNYjEiB/nrvXLbLcjSDfNZEPSR38/LKcsQKP/oWg5HI= +cloud.o-forge.io/core/oc-lib v0.0.0-20241120153807-3b77c0da8352/go.mod h1:ya7Q+zHhaKM+XF6sAJ+avqHEVzaMnFJQih2X3TlTlGo= +cloud.o-forge.io/core/oc-lib v0.0.0-20241120160521-ac49d3324d7b h1:5prB7K0iM284VmYdoRaBMZIOEXq5S0YgTrSp4+SnZyo= +cloud.o-forge.io/core/oc-lib v0.0.0-20241120160521-ac49d3324d7b/go.mod h1:ya7Q+zHhaKM+XF6sAJ+avqHEVzaMnFJQih2X3TlTlGo= +cloud.o-forge.io/core/oc-lib v0.0.0-20241121065159-d8fac883d260 h1:DSumHyw9XJQ/r+LjWa5GDkjS0ri/lFkU7oPr5vv8mws= +cloud.o-forge.io/core/oc-lib v0.0.0-20241121065159-d8fac883d260/go.mod h1:ya7Q+zHhaKM+XF6sAJ+avqHEVzaMnFJQih2X3TlTlGo= +cloud.o-forge.io/core/oc-lib v0.0.0-20241121071546-e9b3a65a0ec6 h1:AdUkzaX63VF3fdloWyyWT1jLM4M1pkDLErAdHyVbsKU= +cloud.o-forge.io/core/oc-lib v0.0.0-20241121071546-e9b3a65a0ec6/go.mod h1:ya7Q+zHhaKM+XF6sAJ+avqHEVzaMnFJQih2X3TlTlGo= +cloud.o-forge.io/core/oc-lib v0.0.0-20241121074503-15ca06aba883 h1:JdHJT8vuup4pJCC7rjiOe0/qD7at6400ml5zZHjEeUo= +cloud.o-forge.io/core/oc-lib v0.0.0-20241121074503-15ca06aba883/go.mod h1:ya7Q+zHhaKM+XF6sAJ+avqHEVzaMnFJQih2X3TlTlGo= dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 h1:mFRzDkZVAjdal+s7s0MwaRv9igoPqLRdzOLzw/8Xvq8= github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358/go.mod h1:chxPXzSsl7ZWRAuOIE23GDNzjWuZquvFlgA8xmpunjU= diff --git a/infrastructure/claims/hydra_claims.go b/infrastructure/claims/hydra_claims.go index 69ca5f7..b7bba25 100644 --- a/infrastructure/claims/hydra_claims.go +++ b/infrastructure/claims/hydra_claims.go @@ -22,7 +22,7 @@ func (h HydraClaims) generateKey(relation string, path string) (string, error) { return "", err } p := strings.ReplaceAll(strings.ToUpper(path), "/", "_") - return strings.ToLower(method.String()) + "_" + strings.ReplaceAll(p, ":", ""), nil + return strings.ToUpper(method.String()) + "_" + strings.ReplaceAll(p, ":", ""), nil } // decode key expect to extract method and path from key @@ -38,7 +38,7 @@ func (h HydraClaims) decodeKey(key string, external bool) (tools.METHOD, string, if err != nil { return meth, "", err } - p := strings.ReplaceAll(strings.ToLower(s[1]), "_", "/") + p := strings.ReplaceAll(strings.ToUpper(s[1]), "_", "/") return meth, p, nil } diff --git a/infrastructure/perms_connectors/keto_connector.go b/infrastructure/perms_connectors/keto_connector.go index d7fece3..6f1d027 100644 --- a/infrastructure/perms_connectors/keto_connector.go +++ b/infrastructure/perms_connectors/keto_connector.go @@ -6,6 +6,7 @@ import ( "fmt" "oc-auth/conf" "oc-auth/infrastructure/utils" + "strings" oclib "cloud.o-forge.io/core/oc-lib" "cloud.o-forge.io/core/oc-lib/tools" @@ -235,19 +236,25 @@ func (k KetoConnector) BindRole(userID string, roleID string) (string, int, erro func (k KetoConnector) BindPermission(roleID string, permID string, relation string) (*Permission, int, error) { perms, err := k.GetPermission(permID, relation) if err != nil || len(perms) != 1 { - if len(perms) == 0 { + count := 0 + for _, p := range perms { + if p.Relation == relation { + count++ + } + } + if count == 0 { return nil, 404, errors.New("Permission not found") - } else if len(perms) > 1 { + } else if count > 1 { return nil, 409, errors.New("Multiple permission found") } } - _, code, err := k.createRelationShip(roleID, perms[0].Relation, permID, nil) + _, code, err := k.createRelationShip(roleID, relation, permID, nil) if err != nil { return nil, code, err } return &Permission{ Object: roleID, - Relation: perms[0].Relation, + Relation: relation, Subject: permID, }, 200, nil } @@ -267,9 +274,15 @@ func (k KetoConnector) UnBindPermission(roleID string, permID string, relation s } perms, err := k.GetPermission(permID, meth.String()) if err != nil || len(perms) != 1 { - if len(perms) == 0 { + count := 0 + for _, p := range perms { + if p.Relation == relation { + count++ + } + } + if count == 0 { return nil, 404, errors.New("Permission not found") - } else if len(perms) > 1 { + } else if count > 1 { return nil, 409, errors.New("Multiple permission found") } } @@ -285,6 +298,9 @@ func (k KetoConnector) UnBindPermission(roleID string, permID string, relation s } func (k KetoConnector) createRelationShip(object string, relation string, subject string, subPerm *Permission) (*Permission, int, error) { exist, err := k.get(object, relation, subject) + if strings.Contains(subject, "/workflow/:id") { + fmt.Println("subject", subject, relation, exist, err) + } if err == nil && len(exist) > 0 { return nil, 409, errors.New("Relation already exist") } diff --git a/main.go b/main.go index fe2bbc4..cd860bf 100644 --- a/main.go +++ b/main.go @@ -2,7 +2,6 @@ package main import ( "errors" - "fmt" "oc-auth/conf" "oc-auth/infrastructure" _ "oc-auth/routers" @@ -99,7 +98,6 @@ func generateSelfPeer() error { } func discovery() { - fmt.Println("Discovered") api := tools.API{} conn := infrastructure.GetPermissionConnector()