trying to apply oclib changes

Fix dependencies version
Pointing on last issue#4 commit to use oc-lib env var fix, removing useless log in Dockerfile building phase
2025-01-03 16:55:12 +01:00 · 2024-12-16 14:26:47 +01:00 · 2024-12-16 10:18:23 +01:00 · 2024-12-16 09:14:40 +01:00 · 2024-12-16 09:12:28 +01:00 · 2024-12-16 09:11:35 +01:00
17 changed files with 848 additions and 990 deletions
--- a/48
+++ b/48
@@ -1,32 +1,48 @@
-FROM golang:alpine as builder
-
-ARG HOSTNAME=http://localhost
-ARG NAME=local
+FROM golang:alpine AS deps

 WORKDIR /app
+COPY go.mod go.sum ./
+RUN sed -i '/replace/d' go.mod
+RUN cat go.mod
+RUN go mod download

-COPY . .
+#----------------------------------------------------------------------------------------------
+
+FROM golang:alpine AS builder
+
+ARG HOSTNAME=http://localhost
+ARG NAME=auth

 RUN apk add git

-RUN go get github.com/beego/bee/v2 && go install github.com/beego/bee/v2@master
+RUN go install github.com/beego/bee/v2@latest

-RUN timeout 15 bee run -gendoc=true -downdoc=true -runmode=dev || :
+WORKDIR /oc-auth 

-RUN sed -i 's/http:\/\/127.0.0.1:8080\/swagger\/swagger.json/swagger.json/g' swagger/index.html
+COPY --from=deps /go/pkg /go/pkg
+COPY --from=deps /app/go.mod /app/go.sum ./

-RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -ldflags="-w -s" .
+RUN export CGO_ENABLED=0 && \
+    export GOOS=linux && \
+    export GOARCH=amd64 && \
+    export BUILD_FLAGS="-ldflags='-w -s'"

-RUN ls /app
+COPY . .

-FROM scratch
+RUN sed -i '/replace/d' go.mod
+RUN bee pack
+RUN mkdir -p /app/extracted && tar -zxvf oc-auth.tar.gz -C /app/extracted
+RUN sed -i 's/http:\/\/127.0.0.1:8080\/swagger\/swagger.json/swagger.json/g' /app/extracted/swagger/index.html
+
+#----------------------------------------------------------------------------------------------
+
+FROM golang:alpine

 WORKDIR /app
-
-COPY --from=builder /app/oc-auth /usr/bin/ 
-COPY --from=builder /app/swagger /app/swagger
-
-COPY docker_auth.json /etc/oc/auth.json
+COPY --from=builder /app/extracted/oc-auth /usr/bin
+COPY --from=builder /app/extracted/swagger /app/swagger
+COPY --from=builder /app/extracted/pem /app/pem
+COPY --from=builder /app/extracted/docker_auth.json /etc/oc/auth.json

 EXPOSE 8080

--- a/27
+++ b/27
@@ -0,0 +1,27 @@
+.DEFAULT_GOAL := all
+
+build: clean
+	bee pack
+
+run:
+	bee run -gendoc=true -downdoc=true
+
+debug:
+	bee run -downdebug -gendebug
+
+clean:
+	rm -rf oc-auth oc-auth.tar.gz
+
+docker:
+	DOCKER_BUILDKIT=1 docker build -t oc/oc-auth:0.0.1 -f Dockerfile .
+	docker tag oc/oc-auth:0.0.1 oc/oc-auth:latest
+
+publish-kind:
+	kind load docker-image oc/oc-auth:0.0.1 --name opencloud
+
+publish-registry:
+	@echo "TODO"
+
+all: docker publish-kind publish-registry
+
+.PHONY: build run clean docker publish-kind publish-registry
--- a/BIN
+++ b/BIN
--- a/controllers/group.go
+++ b/controllers/group.go
@@ -0,0 +1,213 @@
+package controllers
+
+import (
+	"oc-auth/infrastructure"
+
+	beego "github.com/beego/beego/v2/server/web"
+)
+
+// Operations about auth
+type GroupController struct {
+	beego.Controller
+}
+
+// @Title Create
+// @Description create group
+// @Param	id		path 	string	true		"the id you want to get"
+// @Success 200 {auth} create success!
+// @router /:id [post]
+func (o *GroupController) Post() {
+	// store and return Id or post with UUID
+	id := o.Ctx.Input.Param(":id")
+	group, code, err := infrastructure.GetPermissionConnector().CreateGroup(id)
+	if err != nil {
+		o.Data["json"] = map[string]interface{}{
+			"data":  nil,
+			"error": err.Error(),
+			"code":  code,
+		}
+
+	} else {
+		o.Data["json"] = map[string]interface{}{
+			"data":  group,
+			"error": nil,
+			"code":  200,
+		}
+	}
+	o.ServeJSON()
+}
+
+// @Title GetByUser
+// @Description find group by user id
+// @Param	id		path 	string	true		"the id you want to get"
+// @Success 200 {auth} string
+// @router /user/:id [get]
+func (o *GroupController) GetByUser() {
+	id := o.Ctx.Input.Param(":id")
+	group, err := infrastructure.GetPermissionConnector().GetGroupByUser(id)
+	if err != nil {
+		o.Data["json"] = map[string]interface{}{
+			"data":  nil,
+			"error": err.Error(),
+			"code":  200,
+		}
+
+	} else {
+		o.Data["json"] = map[string]interface{}{
+			"data":  group,
+			"error": nil,
+			"code":  200,
+		}
+	}
+	o.ServeJSON()
+}
+
+// @Title GetAll
+// @Description find groups
+// @Success 200 {group} string
+// @router / [get]
+func (o *GroupController) GetAll() {
+	group, err := infrastructure.GetPermissionConnector().GetGroup("")
+	if err != nil {
+		o.Data["json"] = map[string]interface{}{
+			"data":  nil,
+			"error": err.Error(),
+			"code":  200,
+		}
+
+	} else {
+		o.Data["json"] = map[string]interface{}{
+			"data":  group,
+			"error": nil,
+			"code":  200,
+		}
+	}
+	o.ServeJSON()
+}
+
+// @Title Get
+// @Description find group by id
+// @Param	id		path 	string	true		"the id you want to get"
+// @Success 200 {group} string
+// @router /:id [get]
+func (o *GroupController) Get() {
+	id := o.Ctx.Input.Param(":id")
+	group, err := infrastructure.GetPermissionConnector().GetGroup(id)
+	if err != nil {
+		o.Data["json"] = map[string]interface{}{
+			"data":  nil,
+			"error": err.Error(),
+			"code":  200,
+		}
+
+	} else {
+		o.Data["json"] = map[string]interface{}{
+			"data":  group,
+			"error": nil,
+			"code":  200,
+		}
+	}
+	o.ServeJSON()
+}
+
+// @Title Delete
+// @Description delete the group
+// @Param	id		path 	string	true		"The id you want to delete"
+// @Success 200 {string} delete success!
+// @router /:id [delete]
+func (o *GroupController) Delete() {
+	id := o.Ctx.Input.Param(":id")
+	group, code, err := infrastructure.GetPermissionConnector().DeleteGroup(id)
+	if err != nil {
+		o.Data["json"] = map[string]interface{}{
+			"data":  nil,
+			"error": err.Error(),
+			"code":  code,
+		}
+
+	} else {
+		o.Data["json"] = map[string]interface{}{
+			"data":  group,
+			"error": nil,
+			"code":  200,
+		}
+	}
+	o.ServeJSON()
+}
+
+// @Title Clear
+// @Description clear the group
+// @Success 200 {string} delete success!
+// @router /clear [delete]
+func (o *GroupController) Clear() {
+	group, code, err := infrastructure.GetPermissionConnector().DeleteGroup("")
+	if err != nil {
+		o.Data["json"] = map[string]interface{}{
+			"data":  nil,
+			"error": err.Error(),
+			"code":  code,
+		}
+
+	} else {
+		o.Data["json"] = map[string]interface{}{
+			"data":  group,
+			"error": nil,
+			"code":  200,
+		}
+	}
+	o.ServeJSON()
+}
+
+// @Title Bind
+// @Description bind the group to user
+// @Param	user_id		path 	string	true		"The user_id you want to bind"
+// @Param	group_id		path 	string	true		"The group_id you want to bind"
+// @Success 200 {string} bind success!
+// @router /:user_id/:group_id [post]
+func (o *GroupController) Bind() {
+	user_id := o.Ctx.Input.Param(":user_id")
+	group_id := o.Ctx.Input.Param(":group_id")
+	group, code, err := infrastructure.GetPermissionConnector().BindGroup(user_id, group_id)
+	if err != nil {
+		o.Data["json"] = map[string]interface{}{
+			"data":  nil,
+			"error": err.Error(),
+			"code":  code,
+		}
+
+	} else {
+		o.Data["json"] = map[string]interface{}{
+			"data":  group,
+			"error": nil,
+			"code":  200,
+		}
+	}
+	o.ServeJSON()
+}
+
+// @Title UnBind
+// @Description unbind the group to user
+// @Param	group_id		path 	string	true		"The group_id you want to unbind"
+// @Param	group_id		path 	string	true		"The user_id you want to unbind"
+// @Success 200 {string} bind success!
+// @router /:user_id/:group_id [delete]
+func (o *GroupController) UnBind() {
+	user_id := o.Ctx.Input.Param(":user_id")
+	group_id := o.Ctx.Input.Param(":group_id")
+	group, code, err := infrastructure.GetPermissionConnector().UnBindGroup(user_id, group_id)
+	if err != nil {
+		o.Data["json"] = map[string]interface{}{
+			"data":  nil,
+			"error": err.Error(),
+			"code":  code,
+		}
+
+	} else {
+		o.Data["json"] = map[string]interface{}{
+			"data":  group,
+			"error": nil,
+			"code":  200,
+		}
+	}
+	o.ServeJSON()
+}
--- a/go.mod
+++ b/go.mod
@@ -3,92 +3,32 @@ module oc-auth
 go 1.22.0

 require (
-	cloud.o-forge.io/core/oc-lib v0.0.0-20241108104423-7fd44a55cb28
-	github.com/beego/beego/v2 v2.3.1
-	github.com/nats-io/nats.go v1.37.0
-	github.com/ory/hydra-client-go v1.11.8
+	cloud.o-forge.io/core/oc-lib v0.0.0-20241216081858-245f3adea3ba
+	github.com/beego/beego/v2 v2.3.4
 	github.com/smartystreets/goconvey v1.7.2
 	go.uber.org/zap v1.27.0
-	golang.org/x/oauth2 v0.23.0
 )

+replace cloud.o-forge.io/core/oc-lib => ../oc-lib
+
 require (
 	github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 // indirect
-	github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
-	github.com/cenkalti/backoff/v4 v4.2.1 // indirect
-	github.com/dgraph-io/ristretto v0.1.1 // indirect
-	github.com/dustin/go-humanize v1.0.1 // indirect
-	github.com/felixge/httpsnoop v1.0.3 // indirect
-	github.com/fsnotify/fsnotify v1.6.0 // indirect
 	github.com/go-asn1-ber/asn1-ber v1.5.5 // indirect
-	github.com/go-jose/go-jose/v3 v3.0.3 // indirect
-	github.com/go-logr/logr v1.2.4 // indirect
-	github.com/go-logr/stdr v1.2.2 // indirect
-	github.com/gobuffalo/pop/v6 v6.0.8 // indirect
 	github.com/gofrs/uuid v4.3.0+incompatible // indirect
-	github.com/gogo/protobuf v1.3.2 // indirect
-	github.com/golang/glog v1.2.0 // indirect
-	github.com/golang/mock v1.6.0 // indirect
-	github.com/gorilla/websocket v1.5.0 // indirect
-	github.com/grpc-ecosystem/grpc-gateway/v2 v2.16.2 // indirect
-	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
-	github.com/hashicorp/go-retryablehttp v0.7.7 // indirect
-	github.com/hashicorp/hcl v1.0.0 // indirect
-	github.com/inconshreveable/mousetrap v1.1.0 // indirect
-	github.com/magiconair/properties v1.8.7 // indirect
-	github.com/mattn/goveralls v0.0.12 // indirect
-	github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826 // indirect
-	github.com/openzipkin/zipkin-go v0.4.1 // indirect
-	github.com/ory/go-acc v0.2.9-0.20230103102148-6b1c9a70dbbe // indirect
-	github.com/ory/go-convenience v0.1.0 // indirect
-	github.com/ory/x v0.0.575 // indirect
-	github.com/pelletier/go-toml/v2 v2.0.9 // indirect
-	github.com/pkg/errors v0.9.1 // indirect
-	github.com/seatgeek/logrus-gelf-formatter v0.0.0-20210414080842-5b05eb8ff761 // indirect
-	github.com/sirupsen/logrus v1.9.0 // indirect
-	github.com/spf13/afero v1.9.5 // indirect
-	github.com/spf13/cast v1.5.1 // indirect
-	github.com/spf13/cobra v1.7.0 // indirect
-	github.com/spf13/jwalterweatherman v1.1.0 // indirect
-	github.com/spf13/pflag v1.0.5 // indirect
-	github.com/spf13/viper v1.16.0 // indirect
-	github.com/subosito/gotenv v1.4.2 // indirect
-	go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace v0.42.0 // indirect
-	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.42.0 // indirect
-	go.opentelemetry.io/contrib/propagators/b3 v1.17.0 // indirect
-	go.opentelemetry.io/contrib/propagators/jaeger v1.17.0 // indirect
-	go.opentelemetry.io/contrib/samplers/jaegerremote v0.11.0 // indirect
-	go.opentelemetry.io/otel v1.16.0 // indirect
-	go.opentelemetry.io/otel/exporters/jaeger v1.16.0 // indirect
-	go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.16.0 // indirect
-	go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.16.0 // indirect
-	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.16.0 // indirect
-	go.opentelemetry.io/otel/exporters/zipkin v1.16.0 // indirect
-	go.opentelemetry.io/otel/metric v1.16.0 // indirect
-	go.opentelemetry.io/otel/sdk v1.16.0 // indirect
-	go.opentelemetry.io/otel/trace v1.16.0 // indirect
-	go.opentelemetry.io/proto/otlp v1.0.0 // indirect
-	go.uber.org/atomic v1.9.0 // indirect
+	github.com/nats-io/nats.go v1.38.0 // indirect
+	github.com/robfig/cron v1.2.0 // indirect
 	go.uber.org/multierr v1.10.0 // indirect
-	golang.org/x/mod v0.17.0 // indirect
-	golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d // indirect
-	google.golang.org/genproto v0.0.0-20240227224415-6ceb2ff114de // indirect
-	google.golang.org/genproto/googleapis/api v0.0.0-20240227224415-6ceb2ff114de // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20240227224415-6ceb2ff114de // indirect
-	google.golang.org/grpc v1.63.0 // indirect
-	gopkg.in/ini.v1 v1.67.0 // indirect
 )

 require (
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/cespare/xxhash/v2 v2.3.0 // indirect
 	github.com/coocood/freecache v1.2.4
-	github.com/gabriel-vasile/mimetype v1.4.6 // indirect
+	github.com/gabriel-vasile/mimetype v1.4.7 // indirect
 	github.com/go-ldap/ldap/v3 v3.4.8
 	github.com/go-playground/locales v0.14.1 // indirect
 	github.com/go-playground/universal-translator v0.18.1 // indirect
-	github.com/go-playground/validator/v10 v10.22.1 // indirect
-	github.com/golang/protobuf v1.5.4 // indirect
+	github.com/go-playground/validator/v10 v10.23.0 // indirect
 	github.com/golang/snappy v0.0.4 // indirect
 	github.com/google/uuid v1.6.0 // indirect
 	github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1 // indirect
@@ -96,25 +36,19 @@ require (
 	github.com/hashicorp/golang-lru v1.0.2 // indirect
 	github.com/i-core/rlog v1.0.0
 	github.com/jtolds/gls v4.20.0+incompatible // indirect
-	github.com/justinas/nosurf v1.1.1
-	github.com/kelseyhightower/envconfig v1.4.0
 	github.com/klauspost/compress v1.17.11 // indirect
-	github.com/kr/text v0.2.0 // indirect
 	github.com/leodido/go-urn v1.4.0 // indirect
 	github.com/mattn/go-colorable v0.1.13 // indirect
 	github.com/mattn/go-isatty v0.0.20 // indirect
 	github.com/mitchellh/mapstructure v1.5.0 // indirect
 	github.com/montanaflynn/stats v0.7.1 // indirect
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
-	github.com/nats-io/nkeys v0.4.7 // indirect
+	github.com/nats-io/nkeys v0.4.9 // indirect
 	github.com/nats-io/nuid v1.0.1 // indirect
-	github.com/ory/fosite v0.47.0
 	github.com/prometheus/client_golang v1.20.5 // indirect
 	github.com/prometheus/client_model v0.6.1 // indirect
-	github.com/prometheus/common v0.60.1 // indirect
+	github.com/prometheus/common v0.61.0 // indirect
 	github.com/prometheus/procfs v0.15.1 // indirect
-	github.com/purnaresa/bulwark v0.0.0-20201001150757-1cec324746b2
-	github.com/robfig/cron/v3 v3.0.1 // indirect
 	github.com/rs/zerolog v1.33.0 // indirect
 	github.com/shiena/ansicolor v0.0.0-20230509054315-a9deabde6e02 // indirect
 	github.com/smartystreets/assertions v1.2.0 // indirect
@@ -123,12 +57,11 @@ require (
 	github.com/xdg-go/stringprep v1.0.4 // indirect
 	github.com/youmark/pkcs8 v0.0.0-20240726163527-a2c0da244d78 // indirect
 	go.mongodb.org/mongo-driver v1.17.1 // indirect
-	golang.org/x/crypto v0.28.0 // indirect
-	golang.org/x/net v0.30.0 // indirect
-	golang.org/x/sync v0.8.0 // indirect
-	golang.org/x/sys v0.26.0 // indirect
-	golang.org/x/text v0.19.0 // indirect
-	google.golang.org/appengine v1.6.8 // indirect
-	google.golang.org/protobuf v1.35.1 // indirect
+	golang.org/x/crypto v0.31.0 // indirect
+	golang.org/x/net v0.33.0 // indirect
+	golang.org/x/sync v0.10.0 // indirect
+	golang.org/x/sys v0.28.0 // indirect
+	golang.org/x/text v0.21.0 // indirect
+	google.golang.org/protobuf v1.36.1 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )
--- a/go.sum
+++ b/go.sum
--- a/infrastructure/auth_connector/hydra_connector.go
+++ b/infrastructure/auth_connector/hydra_connector.go
@@ -29,6 +29,9 @@ type HydraConnector struct {
 	Caller *tools.HTTPCaller
 }

+const test_name = "test-pierre"
+const test_id = "1234"
+
 func (a HydraConnector) Status() tools.State {
 	caller := tools.NewHTTPCaller(map[tools.DataType]map[tools.METHOD]string{})
 	var responseBody map[string]interface{}
@@ -45,6 +48,7 @@ func (a HydraConnector) Status() tools.State {
 	return tools.ALIVE
 }

+
 // urlFormat formats the URL of the peer with the data type API function
 func (a *HydraConnector) urlFormat(url string, replaceWith string) string {
 	// localhost is replaced by the local peer URL
@@ -176,7 +180,7 @@ func (a HydraConnector) Login(username string, cookies ...*http.Cookie) (t *Toke
 		return nil, err
 	}
 	json.Unmarshal(b, &m)
-	pp := oclib.Search(nil, strconv.Itoa(peer.SELF.EnumIndex()), oclib.LibDataEnum(oclib.PEER))
+	pp := oclib.NewRequest(oclib.LibDataEnum(oclib.PEER),test_name,test_id,nil,nil).Search(nil, strconv.Itoa(peer.SELF.EnumIndex()))
 	if len(pp.Data) == 0 || pp.Code >= 300 || pp.Err != "" {
 		return nil, errors.New("peer not found")
 	}
@@ -184,7 +188,7 @@ func (a HydraConnector) Login(username string, cookies ...*http.Cookie) (t *Toke
 	now = now.Add(time.Duration(token.ExpiresIn) * time.Second)
 	unix := now.Unix()

-	c := claims.GetClaims().AddClaimsToToken(username, pp.Data[0].(*peer.Peer).Url)
+	c := claims.GetClaims().AddClaimsToToken(username, pp.Data[0].(*peer.Peer))
 	c.Session.AccessToken["exp"] = unix

 	b, _ = json.Marshal(c)
--- a/infrastructure/claims/claims.go
+++ b/infrastructure/claims/claims.go
@@ -1,10 +1,14 @@
 package claims

-import "oc-auth/conf"
+import (
+	"oc-auth/conf"
+
+	"cloud.o-forge.io/core/oc-lib/models/peer"
+)

 // Tokenizer interface
 type ClaimService interface {
-	AddClaimsToToken(userId string, host string) Claims
+	AddClaimsToToken(userId string, peer *peer.Peer) Claims
 	DecodeClaimsInToken(host string, method string, forward string, sessionClaims Claims, publicKey string, external bool) (bool, error)
 }

--- a/infrastructure/claims/hydra_claims.go
+++ b/infrastructure/claims/hydra_claims.go
@@ -11,6 +11,7 @@ import (
 	"strings"
 	"time"

+	"cloud.o-forge.io/core/oc-lib/models/peer"
 	"cloud.o-forge.io/core/oc-lib/tools"
 )

@@ -22,7 +23,7 @@ func (h HydraClaims) generateKey(relation string, path string) (string, error) {
 		return "", err
 	}
 	p := strings.ReplaceAll(strings.ToUpper(path), "/", "_")
-	return strings.ToLower(method.String()) + "_" + strings.ReplaceAll(p, ":", ""), nil
+	return strings.ToUpper(method.String()) + "_" + strings.ReplaceAll(p, ":", ""), nil
 }

 // decode key expect to extract method and path from key
@@ -38,7 +39,7 @@ func (h HydraClaims) decodeKey(key string, external bool) (tools.METHOD, string,
 	if err != nil {
 		return meth, "", err
 	}
-	p := strings.ReplaceAll(strings.ToLower(s[1]), "_", "/")
+	p := strings.ReplaceAll(strings.ToUpper(s[1]), "_", "/")
 	return meth, p, nil
 }

@@ -125,7 +126,7 @@ func (h HydraClaims) DecodeClaimsInToken(host string, method string, forward str
 }

 // add claims to token method of HydraTokenizer
-func (h HydraClaims) AddClaimsToToken(userId string, host string) Claims {
+func (h HydraClaims) AddClaimsToToken(userId string, p *peer.Peer) Claims {
 	claims := Claims{}
 	perms, err := perms_connectors.KetoConnector{}.GetPermissionByUser(userId, true)
 	if err != nil {
@@ -140,10 +141,17 @@ func (h HydraClaims) AddClaimsToToken(userId string, host string) Claims {
 		}
 		claims.Session.AccessToken[key] = perm.Subject
 	}
-	sign, err := h.encodeSignature(host)
+	sign, err := h.encodeSignature(p.Url)
 	if err != nil {
 		return claims
 	}
+	claims.Session.IDToken["peer_id"] = p.UUID
+	// we should get group from user
+	groups, err := perms_connectors.KetoConnector{}.GetGroupByUser(userId)
+	if err != nil {
+		return claims
+	}
+	claims.Session.IDToken["groups"] = groups
 	claims.Session.IDToken["signature"] = sign
 	return claims
 }
--- a/infrastructure/perms_connectors/keto_connector.go
+++ b/infrastructure/perms_connectors/keto_connector.go
@@ -6,6 +6,7 @@ import (
 	"fmt"
 	"oc-auth/conf"
 	"oc-auth/infrastructure/utils"
+	"strings"

 	oclib "cloud.o-forge.io/core/oc-lib"
 	"cloud.o-forge.io/core/oc-lib/tools"
@@ -78,13 +79,21 @@ func (k KetoConnector) CheckPermission(perm Permission, permDependancies *Permis
 	return len(perms) > 0
 }

-func (k KetoConnector) DeleteRole(roleID string) (string, int, error) {
-	k.deleteRelationShip("", "", roleID, nil)
-	_, code, err := k.deleteRelationShip(roleID, "", k.scope(), nil)
+func (k KetoConnector) deletes(object string, relation string, subject string, relation2 string) (string, int, error) {
+	k.deleteRelationShip(object, relation, subject, nil)
+	_, code, err := k.deleteRelationShip(subject, relation2, k.scope(), nil)
 	if err != nil {
 		return "", code, err
 	}
-	return roleID, 200, nil
+	return subject, 200, nil
+}
+
+func (k KetoConnector) DeleteRole(roleID string) (string, int, error) {
+	return k.deletes("", "member", roleID, "is")
+}
+
+func (k KetoConnector) DeleteGroup(groupID string) (string, int, error) {
+	return k.deletes("", "groups", groupID, "groupin")
 }

 func (k KetoConnector) DeletePermission(permID string, relation string, internal bool) (string, int, error) {
@@ -95,20 +104,15 @@ func (k KetoConnector) DeletePermission(permID string, relation string, internal
 		}
 		return "", 200, err
 	}
-	k.deleteRelationShip("", "", permID, nil)
-	_, code, err := k.deleteRelationShip(permID, "permits"+meth.String(), k.scope(), nil)
-	if err != nil {
-		return "", code, err
-	}
-	return permID, 200, nil
+	return k.deletes("", "groups", permID, "permits"+meth.String())
 }

 func (k KetoConnector) CreateRole(roleID string) (string, int, error) {
-	p, code, err := k.createRelationShip(roleID, "is", k.scope(), nil)
-	if err != nil {
-		return "", code, err
+	return k.creates(roleID, "is", k.scope())
 }
-	return p.Object, 200, nil
+
+func (k KetoConnector) CreateGroup(groupID string) (string, int, error) {
+	return k.creates(groupID, "groupin", k.scope())
 }

 func (k KetoConnector) CreatePermission(permID string, relation string, internal bool) (string, int, error) {
@@ -116,9 +120,12 @@ func (k KetoConnector) CreatePermission(permID string, relation string, internal
 	if err != nil {
 		return "", 422, err
 	}
-
 	k.BindPermission("admin", permID, "permits"+meth.String())
-	p, code, err := k.createRelationShip(permID, "permits"+meth.String(), k.scope(), nil)
+	return k.creates(permID, "permits"+meth.String(), k.scope())
+}
+
+func (k KetoConnector) creates(object string, relation string, subject string) (string, int, error) {
+	p, code, err := k.createRelationShip(object, relation, subject, nil)
 	if err != nil {
 		return "", code, err
 	}
@@ -126,25 +133,29 @@ func (k KetoConnector) CreatePermission(permID string, relation string, internal
 }

 func (k KetoConnector) GetRole(roleID string) ([]string, error) {
-	arr := []string{}
-	roles, err := k.get(roleID, "is", k.scope())
-	if err != nil {
-		return arr, err
+	return k.gets(roleID, "is", k.scope())
 }
-	for _, role := range roles {
-		arr = append(arr, role.Object)
-	}
-	return arr, nil
+
+func (k KetoConnector) GetGroup(groupID string) ([]string, error) {
+	return k.gets(groupID, "groupin", k.scope())
 }

 func (k KetoConnector) GetRoleByUser(userID string) ([]string, error) {
+	return k.gets("", "member", userID)
+}
+
+func (k KetoConnector) GetGroupByUser(userID string) ([]string, error) {
+	return k.gets("", "groups", userID)
+}
+
+func (k KetoConnector) gets(object string, relation string, subject string) ([]string, error) {
 	arr := []string{}
-	roles, err := k.get("", "member", userID)
+	objs, err := k.get(object, relation, subject)
 	if err != nil {
 		return arr, err
 	}
-	for _, role := range roles {
-		arr = append(arr, role.Object)
+	for _, obj := range objs {
+		arr = append(arr, obj.Object)
 	}
 	return arr, nil
 }
@@ -224,40 +235,62 @@ func (k KetoConnector) get(object string, relation string, subject string) ([]Pe
 	return t, nil
 }

-func (k KetoConnector) BindRole(userID string, roleID string) (string, int, error) {
-	_, code, err := k.createRelationShip(roleID, "member", userID, nil)
+func (k KetoConnector) binds(subject string, relation string, object string) (string, int, error) {
+	_, code, err := k.createRelationShip(object, relation, subject, nil)
 	if err != nil {
-		return roleID, code, err
+		return object, code, err
 	}
-	return roleID, 200, nil
+	return object, 200, nil
+}
+
+func (k KetoConnector) BindRole(userID string, roleID string) (string, int, error) {
+	return k.binds(userID, "member", roleID)
+}
+
+func (k KetoConnector) BindGroup(userID string, groupID string) (string, int, error) {
+	return k.binds(userID, "groups", groupID)
 }

 func (k KetoConnector) BindPermission(roleID string, permID string, relation string) (*Permission, int, error) {
 	perms, err := k.GetPermission(permID, relation)
 	if err != nil || len(perms) != 1 {
-		if len(perms) == 0 {
+		count := 0
+		for _, p := range perms {
+			if p.Relation == relation {
+				count++
+			}
+		}
+		if count == 0 {
 			return nil, 404, errors.New("Permission not found")
-		} else if len(perms) > 1 {
+		} else if count > 1 {
 			return nil, 409, errors.New("Multiple permission found")
 		}
 	}
-	_, code, err := k.createRelationShip(roleID, perms[0].Relation, permID, nil)
+	_, code, err := k.createRelationShip(roleID, relation, permID, nil)
 	if err != nil {
 		return nil, code, err
 	}
 	return &Permission{
 		Object:   roleID,
-		Relation: perms[0].Relation,
+		Relation: relation,
 		Subject:  permID,
 	}, 200, nil
 }

-func (k KetoConnector) UnBindRole(userID string, roleID string) (string, int, error) {
-	_, code, err := k.deleteRelationShip(roleID, "member", userID, nil)
+func (k KetoConnector) unbinds(subject string, relation string, object string) (string, int, error) {
+	_, code, err := k.deleteRelationShip(object, relation, subject, nil)
 	if err != nil {
-		return roleID, code, err
+		return object, code, err
 	}
-	return roleID, 200, nil
+	return object, 200, nil
+}
+
+func (k KetoConnector) UnBindRole(userID string, roleID string) (string, int, error) {
+	return k.unbinds(userID, "member", roleID)
+}
+
+func (k KetoConnector) UnBindGroup(userID string, groupID string) (string, int, error) {
+	return k.unbinds(userID, "groups", groupID)
 }

 func (k KetoConnector) UnBindPermission(roleID string, permID string, relation string) (*Permission, int, error) {
@@ -267,9 +300,15 @@ func (k KetoConnector) UnBindPermission(roleID string, permID string, relation s
 	}
 	perms, err := k.GetPermission(permID, meth.String())
 	if err != nil || len(perms) != 1 {
-		if len(perms) == 0 {
+		count := 0
+		for _, p := range perms {
+			if p.Relation == relation {
+				count++
+			}
+		}
+		if count == 0 {
 			return nil, 404, errors.New("Permission not found")
-		} else if len(perms) > 1 {
+		} else if count > 1 {
 			return nil, 409, errors.New("Multiple permission found")
 		}
 	}
@@ -285,6 +324,9 @@ func (k KetoConnector) UnBindPermission(roleID string, permID string, relation s
 }
 func (k KetoConnector) createRelationShip(object string, relation string, subject string, subPerm *Permission) (*Permission, int, error) {
 	exist, err := k.get(object, relation, subject)
+	if strings.Contains(subject, "/workflow/:id") {
+		fmt.Println("subject", subject, relation, exist, err)
+	}
 	if err == nil && len(exist) > 0 {
 		return nil, 409, errors.New("Relation already exist")
 	}
--- a/infrastructure/perms_connectors/perms_connector.go
+++ b/infrastructure/perms_connectors/perms_connector.go
@@ -1,8 +1,6 @@
 package perms_connectors

 import (
-	"oc-auth/conf"
-
 	"cloud.o-forge.io/core/oc-lib/tools"
 )

@@ -25,21 +23,27 @@ type PermConnector interface {
 	Status() tools.State
 	CheckPermission(perm Permission, permDependancies *Permission, internal bool) bool
 	BindRole(userID string, roleID string) (string, int, error)
+	BindGroup(userID string, groupID string) (string, int, error)
 	BindPermission(roleID string, permID string, relation string) (*Permission, int, error)

 	UnBindRole(userID string, roleID string) (string, int, error)
+	UnBindGroup(userID string, groupID string) (string, int, error)
 	UnBindPermission(roleID string, permID string, relation string) (*Permission, int, error)

 	CreateRole(roleID string) (string, int, error)
+	CreateGroup(groupID string) (string, int, error)
 	CreatePermission(permID string, relation string, internal bool) (string, int, error)
 	DeleteRole(roleID string) (string, int, error)
+	DeleteGroup(groupID string) (string, int, error)
 	DeletePermission(permID string, relation string, internal bool) (string, int, error)

 	GetRoleByUser(userID string) ([]string, error)
+	GetGroupByUser(userID string) ([]string, error)
 	GetPermissionByRole(roleID string) ([]Permission, error)
 	GetPermissionByUser(userID string, internal bool) ([]Permission, error)

 	GetRole(roleID string) ([]string, error)
+	GetGroup(groupID string) ([]string, error)
 	GetPermission(permID string, relation string) ([]Permission, error)
 }

@@ -48,5 +52,5 @@ var c = map[string]PermConnector{
 }

 func GetPermissionConnector() PermConnector {
-	return c[conf.GetConfig().PermissionConnectorHost]
+	return c["keto"]
 }
--- a/main.go
+++ b/main.go
@@ -2,7 +2,6 @@ package main

 import (
 	"errors"
-	"fmt"
 	"oc-auth/conf"
 	"oc-auth/infrastructure"
 	_ "oc-auth/routers"
@@ -17,6 +16,7 @@ import (
 	beego "github.com/beego/beego/v2/server/web"
 )

+const test_name = "test-pierre"
 const appname = "oc-auth"

 // @securityDefinitions.apikey Bearer
@@ -57,6 +57,8 @@ func main() {
 }

 func generateSelfPeer() error {
+	requester := oclib.NewRequest(oclib.LibDataEnum(oclib.PEER), test_name, "1234", nil, nil)
+
 	// TODO check if files at private & public path are set
 	// check if files at private & public path are set
 	if _, err := os.Stat(conf.GetConfig().PrivateKeyPath); errors.Is(err, os.ErrNotExist) {
@@ -66,15 +68,18 @@ func generateSelfPeer() error {
 		return errors.New("public key path does not exist")
 	}
 	// check if peer already exists
-	p := oclib.Search(nil, strconv.Itoa(peer.SELF.EnumIndex()), oclib.LibDataEnum(oclib.PEER))
-	if len(p.Data) > 0 {
-		// check public key with the one in the database
+	p := requester.Search(nil,strconv.Itoa(peer.SELF.EnumIndex()))
+	// p := oclib.Search(nil, strconv.Itoa(peer.SELF.EnumIndex()), oclib.L	ibDataEnum(oclib.PEER))
+	file := ""
 	f, err := os.ReadFile(conf.GetConfig().PublicKeyPath)
 	if err != nil {
 		return err
 	}
+	file = string(f)
+	if len(p.Data) > 0 {
+		// check public key with the one in the database
 		// compare the public key from file with the one in the database
-		if !strings.Contains(string(f), p.Data[0].(*peer.Peer).PublicKey) {
+		if !strings.Contains(file, p.Data[0].(*peer.Peer).PublicKey) {
 			return errors.New("public key is different from the one in the database")
 		}
 		return nil
@@ -86,10 +91,10 @@ func generateSelfPeer() error {
 		AbstractObject: utils.AbstractObject{
 			Name: o.GetStringDefault("NAME", "local"),
 		},
-		PublicKey: conf.GetConfig().PublicKeyPath,
+		PublicKey: file,
 		State:     peer.SELF,
 	}
-	data := oclib.StoreOne(oclib.LibDataEnum(oclib.PEER), peer.Serialize())
+	data := requester.StoreOne(peer.Serialize(peer))
 	if data.Err != "" {
 		return errors.New(data.Err)
 	}
@@ -97,7 +102,6 @@ func generateSelfPeer() error {
 }

 func discovery() {
-	fmt.Println("Discovered")
 	api := tools.API{}
 	conn := infrastructure.GetPermissionConnector()

--- a/BIN
+++ b/BIN
--- a/routers/commentsRouter.go
+++ b/routers/commentsRouter.go
@@ -7,6 +7,78 @@ import (

 func init() {

+    beego.GlobalControllerRouter["oc-auth/controllers:GroupController"] = append(beego.GlobalControllerRouter["oc-auth/controllers:GroupController"],
+        beego.ControllerComments{
+            Method: "GetAll",
+            Router: `/`,
+            AllowHTTPMethods: []string{"get"},
+            MethodParams: param.Make(),
+            Filters: nil,
+            Params: nil})
+
+    beego.GlobalControllerRouter["oc-auth/controllers:GroupController"] = append(beego.GlobalControllerRouter["oc-auth/controllers:GroupController"],
+        beego.ControllerComments{
+            Method: "Post",
+            Router: `/:id`,
+            AllowHTTPMethods: []string{"post"},
+            MethodParams: param.Make(),
+            Filters: nil,
+            Params: nil})
+
+    beego.GlobalControllerRouter["oc-auth/controllers:GroupController"] = append(beego.GlobalControllerRouter["oc-auth/controllers:GroupController"],
+        beego.ControllerComments{
+            Method: "Get",
+            Router: `/:id`,
+            AllowHTTPMethods: []string{"get"},
+            MethodParams: param.Make(),
+            Filters: nil,
+            Params: nil})
+
+    beego.GlobalControllerRouter["oc-auth/controllers:GroupController"] = append(beego.GlobalControllerRouter["oc-auth/controllers:GroupController"],
+        beego.ControllerComments{
+            Method: "Delete",
+            Router: `/:id`,
+            AllowHTTPMethods: []string{"delete"},
+            MethodParams: param.Make(),
+            Filters: nil,
+            Params: nil})
+
+    beego.GlobalControllerRouter["oc-auth/controllers:GroupController"] = append(beego.GlobalControllerRouter["oc-auth/controllers:GroupController"],
+        beego.ControllerComments{
+            Method: "Bind",
+            Router: `/:user_id/:group_id`,
+            AllowHTTPMethods: []string{"post"},
+            MethodParams: param.Make(),
+            Filters: nil,
+            Params: nil})
+
+    beego.GlobalControllerRouter["oc-auth/controllers:GroupController"] = append(beego.GlobalControllerRouter["oc-auth/controllers:GroupController"],
+        beego.ControllerComments{
+            Method: "UnBind",
+            Router: `/:user_id/:group_id`,
+            AllowHTTPMethods: []string{"delete"},
+            MethodParams: param.Make(),
+            Filters: nil,
+            Params: nil})
+
+    beego.GlobalControllerRouter["oc-auth/controllers:GroupController"] = append(beego.GlobalControllerRouter["oc-auth/controllers:GroupController"],
+        beego.ControllerComments{
+            Method: "Clear",
+            Router: `/clear`,
+            AllowHTTPMethods: []string{"delete"},
+            MethodParams: param.Make(),
+            Filters: nil,
+            Params: nil})
+
+    beego.GlobalControllerRouter["oc-auth/controllers:GroupController"] = append(beego.GlobalControllerRouter["oc-auth/controllers:GroupController"],
+        beego.ControllerComments{
+            Method: "GetByUser",
+            Router: `/user/:id`,
+            AllowHTTPMethods: []string{"get"},
+            MethodParams: param.Make(),
+            Filters: nil,
+            Params: nil})
+
    beego.GlobalControllerRouter["oc-auth/controllers:OAuthController"] = append(beego.GlobalControllerRouter["oc-auth/controllers:OAuthController"],
        beego.ControllerComments{
            Method: "InternalAuthForward",
--- a/routers/router.go
+++ b/routers/router.go
@@ -18,6 +18,11 @@ func init() {
 		beego.NSInclude(
 			&controllers.OAuthController{},
 		),
+		beego.NSNamespace("/group",
+			beego.NSInclude(
+				&controllers.GroupController{},
+			),
+		),
 		beego.NSNamespace("/role",
 			beego.NSInclude(
 				&controllers.RoleController{},
--- a/swagger/swagger.json
+++ b/swagger/swagger.json
@@ -37,6 +37,180 @@
                }
            }
        },
+        "/group/": {
+            "get": {
+                "tags": [
+                    "group"
+                ],
+                "description": "find groups\n\u003cbr\u003e",
+                "operationId": "GroupController.GetAll",
+                "responses": {
+                    "200": {
+                        "description": "{group} string"
+                    }
+                }
+            }
+        },
+        "/group/clear": {
+            "delete": {
+                "tags": [
+                    "group"
+                ],
+                "description": "clear the group\n\u003cbr\u003e",
+                "operationId": "GroupController.Clear",
+                "responses": {
+                    "200": {
+                        "description": "{string} delete success!"
+                    }
+                }
+            }
+        },
+        "/group/user/{id}": {
+            "get": {
+                "tags": [
+                    "group"
+                ],
+                "description": "find group by user id\n\u003cbr\u003e",
+                "operationId": "GroupController.GetByUser",
+                "parameters": [
+                    {
+                        "in": "path",
+                        "name": "id",
+                        "description": "the id you want to get",
+                        "required": true,
+                        "type": "string"
+                    }
+                ],
+                "responses": {
+                    "200": {
+                        "description": "{auth} string"
+                    }
+                }
+            }
+        },
+        "/group/{id}": {
+            "get": {
+                "tags": [
+                    "group"
+                ],
+                "description": "find group by id\n\u003cbr\u003e",
+                "operationId": "GroupController.Get",
+                "parameters": [
+                    {
+                        "in": "path",
+                        "name": "id",
+                        "description": "the id you want to get",
+                        "required": true,
+                        "type": "string"
+                    }
+                ],
+                "responses": {
+                    "200": {
+                        "description": "{group} string"
+                    }
+                }
+            },
+            "post": {
+                "tags": [
+                    "group"
+                ],
+                "description": "create group\n\u003cbr\u003e",
+                "operationId": "GroupController.Create",
+                "parameters": [
+                    {
+                        "in": "path",
+                        "name": "id",
+                        "description": "the id you want to get",
+                        "required": true,
+                        "type": "string"
+                    }
+                ],
+                "responses": {
+                    "200": {
+                        "description": "{auth} create success!"
+                    }
+                }
+            },
+            "delete": {
+                "tags": [
+                    "group"
+                ],
+                "description": "delete the group\n\u003cbr\u003e",
+                "operationId": "GroupController.Delete",
+                "parameters": [
+                    {
+                        "in": "path",
+                        "name": "id",
+                        "description": "The id you want to delete",
+                        "required": true,
+                        "type": "string"
+                    }
+                ],
+                "responses": {
+                    "200": {
+                        "description": "{string} delete success!"
+                    }
+                }
+            }
+        },
+        "/group/{user_id}/{group_id}": {
+            "post": {
+                "tags": [
+                    "group"
+                ],
+                "description": "bind the group to user\n\u003cbr\u003e",
+                "operationId": "GroupController.Bind",
+                "parameters": [
+                    {
+                        "in": "path",
+                        "name": "user_id",
+                        "description": "The user_id you want to bind",
+                        "required": true,
+                        "type": "string"
+                    },
+                    {
+                        "in": "path",
+                        "name": "group_id",
+                        "description": "The group_id you want to bind",
+                        "required": true,
+                        "type": "string"
+                    }
+                ],
+                "responses": {
+                    "200": {
+                        "description": "{string} bind success!"
+                    }
+                }
+            },
+            "delete": {
+                "tags": [
+                    "group"
+                ],
+                "description": "unbind the group to user\n\u003cbr\u003e",
+                "operationId": "GroupController.UnBind",
+                "parameters": [
+                    {
+                        "in": "path",
+                        "name": "group_id",
+                        "description": "The group_id you want to unbind",
+                        "required": true,
+                        "type": "string"
+                    },
+                    {
+                        "in": "path",
+                        "name": "group_id",
+                        "description": "The user_id you want to unbind",
+                        "required": true,
+                        "type": "string"
+                    }
+                ],
+                "responses": {
+                    "200": {
+                        "description": "{string} bind success!"
+                    }
+                }
+            }
+        },
        "/introspect": {
            "get": {
                "tags": [
@@ -518,6 +692,10 @@
            "name": "oc-auth/controllersOAuthController",
            "description": "Operations about auth\n"
        },
+        {
+            "name": "group",
+            "description": "Operations about auth\n"
+        },
        {
            "name": "role",
            "description": "Operations about auth\n"
--- a/swagger/swagger.yml
+++ b/swagger/swagger.yml
@@ -28,6 +28,137 @@ paths:
      responses:
        "200":
          description: '{string}'
+  /group/:
+    get:
+      tags:
+      - group
+      description: |-
+        find groups
+        <br>
+      operationId: GroupController.GetAll
+      responses:
+        "200":
+          description: '{group} string'
+  /group/{id}:
+    get:
+      tags:
+      - group
+      description: |-
+        find group by id
+        <br>
+      operationId: GroupController.Get
+      parameters:
+      - in: path
+        name: id
+        description: the id you want to get
+        required: true
+        type: string
+      responses:
+        "200":
+          description: '{group} string'
+    post:
+      tags:
+      - group
+      description: |-
+        create group
+        <br>
+      operationId: GroupController.Create
+      parameters:
+      - in: path
+        name: id
+        description: the id you want to get
+        required: true
+        type: string
+      responses:
+        "200":
+          description: '{auth} create success!'
+    delete:
+      tags:
+      - group
+      description: |-
+        delete the group
+        <br>
+      operationId: GroupController.Delete
+      parameters:
+      - in: path
+        name: id
+        description: The id you want to delete
+        required: true
+        type: string
+      responses:
+        "200":
+          description: '{string} delete success!'
+  /group/{user_id}/{group_id}:
+    post:
+      tags:
+      - group
+      description: |-
+        bind the group to user
+        <br>
+      operationId: GroupController.Bind
+      parameters:
+      - in: path
+        name: user_id
+        description: The user_id you want to bind
+        required: true
+        type: string
+      - in: path
+        name: group_id
+        description: The group_id you want to bind
+        required: true
+        type: string
+      responses:
+        "200":
+          description: '{string} bind success!'
+    delete:
+      tags:
+      - group
+      description: |-
+        unbind the group to user
+        <br>
+      operationId: GroupController.UnBind
+      parameters:
+      - in: path
+        name: group_id
+        description: The group_id you want to unbind
+        required: true
+        type: string
+      - in: path
+        name: group_id
+        description: The user_id you want to unbind
+        required: true
+        type: string
+      responses:
+        "200":
+          description: '{string} bind success!'
+  /group/clear:
+    delete:
+      tags:
+      - group
+      description: |-
+        clear the group
+        <br>
+      operationId: GroupController.Clear
+      responses:
+        "200":
+          description: '{string} delete success!'
+  /group/user/{id}:
+    get:
+      tags:
+      - group
+      description: |-
+        find group by user id
+        <br>
+      operationId: GroupController.GetByUser
+      parameters:
+      - in: path
+        name: id
+        description: the id you want to get
+        required: true
+        type: string
+      responses:
+        "200":
+          description: '{auth} string'
  /introspect:
    get:
      tags:
@@ -386,6 +517,9 @@ tags:
 - name: oc-auth/controllersOAuthController
  description: |
    Operations about auth
+- name: group
+  description: |
+    Operations about auth
 - name: role
  description: |
    Operations about auth
Author	SHA1	Message	Date
pb	28e6f1e043	trying to apply oclib changes	2025-01-03 16:55:12 +01:00
plm	4498afabac	Fix dependencies version	2024-12-16 14:26:47 +01:00
plm	f10615888c	Pointing on last issue#4 commit to use oc-lib env var fix, removing useless log in Dockerfile building phase	2024-12-16 10:18:23 +01:00
plm	2ce3a380f0	Updating dependencies + fix dockerfile for quicker build + Introducing top Makefile script as unique entry point for building, deployment and high level tasks	2024-12-16 09:14:40 +01:00
plm	36e843d343	Fixing perm connector key (cant be based on perm service url)	2024-12-16 09:12:28 +01:00
plm	3a30e265cf	Remove production binary from conf	2024-12-16 09:11:35 +01:00
plm	4add83b0d6	Removing debug binary from conf	2024-12-16 09:11:01 +01:00
mr	fd65220b91	add groups in claims	2024-11-27 12:36:37 +01:00
mr	1722980514	simplify code	2024-11-27 11:54:25 +01:00
mr	01daaae766	Add Group To Keto	2024-11-27 11:12:46 +01:00
mr	be071ec328	oclib + perms naming	2024-11-21 11:07:19 +01:00
mr	9a86604564	test	2024-11-18 15:16:58 +01:00
mr	cc91341547	public key bug	2024-11-18 14:58:26 +01:00
mr	2a8349b0c7	new peer url	2024-11-15 09:40:24 +01:00