core/oc-auth
5
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

oclib + perms naming

Browse Source
This commit is contained in:
mr 2024-11-21 11:07:19 +01:00
parent 9a86604564
commit be071ec328
5 changed files with 41 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
go.mod
View File

@ -3,7 +3,7 @@ module oc-auth
go 1.22.0 go 1.22.0
require ( require (
cloud.o-forge.io/core/oc-lib v0.0.0-20241115080752-9a8625f8b409 cloud.o-forge.io/core/oc-lib v0.0.0-20241121074503-15ca06aba883
github.com/beego/beego/v2 v2.3.1 github.com/beego/beego/v2 v2.3.1
github.com/nats-io/nats.go v1.37.0 github.com/nats-io/nats.go v1.37.0
github.com/ory/hydra-client-go v1.11.8 github.com/ory/hydra-client-go v1.11.8

16
go.sum
View File

@ -83,6 +83,22 @@ cloud.o-forge.io/core/oc-lib v0.0.0-20241114103936-c24f2f26c4ed h1:vOy5nuu/sETZ+
cloud.o-forge.io/core/oc-lib v0.0.0-20241114103936-c24f2f26c4ed/go.mod h1:ya7Q+zHhaKM+XF6sAJ+avqHEVzaMnFJQih2X3TlTlGo= cloud.o-forge.io/core/oc-lib v0.0.0-20241114103936-c24f2f26c4ed/go.mod h1:ya7Q+zHhaKM+XF6sAJ+avqHEVzaMnFJQih2X3TlTlGo=
cloud.o-forge.io/core/oc-lib v0.0.0-20241115080752-9a8625f8b409 h1:Pt9ih89OgmjnkFmRKdiMnUwYsfZcrqVqJWGNMS3Lsd4= cloud.o-forge.io/core/oc-lib v0.0.0-20241115080752-9a8625f8b409 h1:Pt9ih89OgmjnkFmRKdiMnUwYsfZcrqVqJWGNMS3Lsd4=
cloud.o-forge.io/core/oc-lib v0.0.0-20241115080752-9a8625f8b409/go.mod h1:ya7Q+zHhaKM+XF6sAJ+avqHEVzaMnFJQih2X3TlTlGo= cloud.o-forge.io/core/oc-lib v0.0.0-20241115080752-9a8625f8b409/go.mod h1:ya7Q+zHhaKM+XF6sAJ+avqHEVzaMnFJQih2X3TlTlGo=
cloud.o-forge.io/core/oc-lib v0.0.0-20241120085309-08e9ee67fe96 h1:1f2m8148/bOY19urpgtgShmGPDMnnjRqcEczrkVDJBA=
cloud.o-forge.io/core/oc-lib v0.0.0-20241120085309-08e9ee67fe96/go.mod h1:ya7Q+zHhaKM+XF6sAJ+avqHEVzaMnFJQih2X3TlTlGo=
cloud.o-forge.io/core/oc-lib v0.0.0-20241120093920-b49685aa8223 h1:LX04VfuXWxi+Q0lKhBBd7tfyLO3R4y8um3srRVlMbSY=
cloud.o-forge.io/core/oc-lib v0.0.0-20241120093920-b49685aa8223/go.mod h1:ya7Q+zHhaKM+XF6sAJ+avqHEVzaMnFJQih2X3TlTlGo=
cloud.o-forge.io/core/oc-lib v0.0.0-20241120150854-57f18b224443 h1:cqlL4/EsqYlQ6luPBC4+6+gWNwQqWVV8DPD8O7F6yM8=
cloud.o-forge.io/core/oc-lib v0.0.0-20241120150854-57f18b224443/go.mod h1:ya7Q+zHhaKM+XF6sAJ+avqHEVzaMnFJQih2X3TlTlGo=
cloud.o-forge.io/core/oc-lib v0.0.0-20241120153807-3b77c0da8352 h1:xNYjEiB/nrvXLbLcjSDfNZEPSR38/LKcsQKP/oWg5HI=
cloud.o-forge.io/core/oc-lib v0.0.0-20241120153807-3b77c0da8352/go.mod h1:ya7Q+zHhaKM+XF6sAJ+avqHEVzaMnFJQih2X3TlTlGo=
cloud.o-forge.io/core/oc-lib v0.0.0-20241120160521-ac49d3324d7b h1:5prB7K0iM284VmYdoRaBMZIOEXq5S0YgTrSp4+SnZyo=
cloud.o-forge.io/core/oc-lib v0.0.0-20241120160521-ac49d3324d7b/go.mod h1:ya7Q+zHhaKM+XF6sAJ+avqHEVzaMnFJQih2X3TlTlGo=
cloud.o-forge.io/core/oc-lib v0.0.0-20241121065159-d8fac883d260 h1:DSumHyw9XJQ/r+LjWa5GDkjS0ri/lFkU7oPr5vv8mws=
cloud.o-forge.io/core/oc-lib v0.0.0-20241121065159-d8fac883d260/go.mod h1:ya7Q+zHhaKM+XF6sAJ+avqHEVzaMnFJQih2X3TlTlGo=
cloud.o-forge.io/core/oc-lib v0.0.0-20241121071546-e9b3a65a0ec6 h1:AdUkzaX63VF3fdloWyyWT1jLM4M1pkDLErAdHyVbsKU=
cloud.o-forge.io/core/oc-lib v0.0.0-20241121071546-e9b3a65a0ec6/go.mod h1:ya7Q+zHhaKM+XF6sAJ+avqHEVzaMnFJQih2X3TlTlGo=
cloud.o-forge.io/core/oc-lib v0.0.0-20241121074503-15ca06aba883 h1:JdHJT8vuup4pJCC7rjiOe0/qD7at6400ml5zZHjEeUo=
cloud.o-forge.io/core/oc-lib v0.0.0-20241121074503-15ca06aba883/go.mod h1:ya7Q+zHhaKM+XF6sAJ+avqHEVzaMnFJQih2X3TlTlGo=
dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 h1:mFRzDkZVAjdal+s7s0MwaRv9igoPqLRdzOLzw/8Xvq8= github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 h1:mFRzDkZVAjdal+s7s0MwaRv9igoPqLRdzOLzw/8Xvq8=
github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358/go.mod h1:chxPXzSsl7ZWRAuOIE23GDNzjWuZquvFlgA8xmpunjU= github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358/go.mod h1:chxPXzSsl7ZWRAuOIE23GDNzjWuZquvFlgA8xmpunjU=

4
infrastructure/claims/hydra_claims.go
View File

@ -22,7 +22,7 @@ func (h HydraClaims) generateKey(relation string, path string) (string, error) {
return "", err return "", err
} }
p := strings.ReplaceAll(strings.ToUpper(path), "/", "_") p := strings.ReplaceAll(strings.ToUpper(path), "/", "_")
return strings.ToLower(method.String()) + "_" + strings.ReplaceAll(p, ":", ""), nil return strings.ToUpper(method.String()) + "_" + strings.ReplaceAll(p, ":", ""), nil
} }
// decode key expect to extract method and path from key // decode key expect to extract method and path from key
@ -38,7 +38,7 @@ func (h HydraClaims) decodeKey(key string, external bool) (tools.METHOD, string,
if err != nil { if err != nil {
return meth, "", err return meth, "", err
} }
p := strings.ReplaceAll(strings.ToLower(s[1]), "_", "/") p := strings.ReplaceAll(strings.ToUpper(s[1]), "_", "/")
return meth, p, nil return meth, p, nil
} }

28
infrastructure/perms_connectors/keto_connector.go
View File

@ -6,6 +6,7 @@ import (
"fmt" "fmt"
"oc-auth/conf" "oc-auth/conf"
"oc-auth/infrastructure/utils" "oc-auth/infrastructure/utils"
"strings"
oclib "cloud.o-forge.io/core/oc-lib" oclib "cloud.o-forge.io/core/oc-lib"
"cloud.o-forge.io/core/oc-lib/tools" "cloud.o-forge.io/core/oc-lib/tools"
@ -235,19 +236,25 @@ func (k KetoConnector) BindRole(userID string, roleID string) (string, int, erro
func (k KetoConnector) BindPermission(roleID string, permID string, relation string) (*Permission, int, error) { func (k KetoConnector) BindPermission(roleID string, permID string, relation string) (*Permission, int, error) {
perms, err := k.GetPermission(permID, relation) perms, err := k.GetPermission(permID, relation)
if err != nil || len(perms) != 1 { if err != nil || len(perms) != 1 {
if len(perms) == 0 { count := 0
for _, p := range perms {
if p.Relation == relation {
count++
}
}
if count == 0 {
return nil, 404, errors.New("Permission not found") return nil, 404, errors.New("Permission not found")
} else if len(perms) > 1 { } else if count > 1 {
return nil, 409, errors.New("Multiple permission found") return nil, 409, errors.New("Multiple permission found")
} }
} }
_, code, err := k.createRelationShip(roleID, perms[0].Relation, permID, nil) _, code, err := k.createRelationShip(roleID, relation, permID, nil)
if err != nil { if err != nil {
return nil, code, err return nil, code, err
} }
return &Permission{ return &Permission{
Object: roleID, Object: roleID,
Relation: perms[0].Relation, Relation: relation,
Subject: permID, Subject: permID,
}, 200, nil }, 200, nil
} }
@ -267,9 +274,15 @@ func (k KetoConnector) UnBindPermission(roleID string, permID string, relation s
} }
perms, err := k.GetPermission(permID, meth.String()) perms, err := k.GetPermission(permID, meth.String())
if err != nil || len(perms) != 1 { if err != nil || len(perms) != 1 {
if len(perms) == 0 { count := 0
for _, p := range perms {
if p.Relation == relation {
count++
}
}
if count == 0 {
return nil, 404, errors.New("Permission not found") return nil, 404, errors.New("Permission not found")
} else if len(perms) > 1 { } else if count > 1 {
return nil, 409, errors.New("Multiple permission found") return nil, 409, errors.New("Multiple permission found")
} }
} }
@ -285,6 +298,9 @@ func (k KetoConnector) UnBindPermission(roleID string, permID string, relation s
} }
func (k KetoConnector) createRelationShip(object string, relation string, subject string, subPerm *Permission) (*Permission, int, error) { func (k KetoConnector) createRelationShip(object string, relation string, subject string, subPerm *Permission) (*Permission, int, error) {
exist, err := k.get(object, relation, subject) exist, err := k.get(object, relation, subject)
if strings.Contains(subject, "/workflow/:id") {
fmt.Println("subject", subject, relation, exist, err)
}
if err == nil && len(exist) > 0 { if err == nil && len(exist) > 0 {
return nil, 409, errors.New("Relation already exist") return nil, 409, errors.New("Relation already exist")
} }

2
main.go
View File

@ -2,7 +2,6 @@ package main
import ( import (
"errors" "errors"
"fmt"
"oc-auth/conf" "oc-auth/conf"
"oc-auth/infrastructure" "oc-auth/infrastructure"
_ "oc-auth/routers" _ "oc-auth/routers"
@ -99,7 +98,6 @@ func generateSelfPeer() error {
} }
func discovery() { func discovery() {
fmt.Println("Discovered")
api := tools.API{} api := tools.API{}
conn := infrastructure.GetPermissionConnector() conn := infrastructure.GetPermissionConnector()