bouncer/internal/proxy/director/layer/authn/rules.go

package authn

import (
	"context"
	"net/http"

	ruleHTTP "forge.cadoles.com/cadoles/bouncer/internal/rule/http"
	"forge.cadoles.com/cadoles/bouncer/internal/store"
	"github.com/expr-lang/expr"
	"github.com/pkg/errors"
)

type Vars struct {
	User *User `expr:"user"`
}

func (l *Layer) applyRules(ctx context.Context, r *http.Request, layer *store.Layer, options *LayerOptions, user *User) error {
	key := string(layer.Proxy) + "-" + string(layer.Name)
	revisionedEngine := l.ruleEngineCache.Get(key)

	engine, err := revisionedEngine.Get(ctx, layer.Revision, options)
	if err != nil {
		return errors.WithStack(err)
	}

	vars := &Vars{
		User: user,
	}

	ctx = ruleHTTP.WithRequest(ctx, r)

	if _, err := engine.Apply(ctx, vars); err != nil {
		return errors.WithStack(err)
	}

	return nil
}

func getAuthnAPI() []expr.Option {
	options := make([]expr.Option, 0)

	// forbidden() allows the layer to hijack the current request and return a 403 Forbidden HTTP status
	forbidden := expr.Function(
		"forbidden",
		func(params ...any) (any, error) {
			return true, errors.WithStack(ErrForbidden)
		},
		new(func() bool),
	)

	options = append(options, forbidden)

	return options
}
feat: new openid connect authentication layer 2024-04-12 16:41:11 +02:00			`package authn`

			`import (`
feat: reusable rule engine to prevent memory reallocation 2024-09-24 15:46:42 +02:00			`"context"`
feat: new openid connect authentication layer 2024-04-12 16:41:11 +02:00			`"net/http"`

refactor: use new rule engine package 2024-06-26 13:52:49 +02:00			`ruleHTTP "forge.cadoles.com/cadoles/bouncer/internal/rule/http"`
fix(rewriter): prevent mixing of cached rule engines (#44) 2024-10-21 13:48:59 +02:00			`"forge.cadoles.com/cadoles/bouncer/internal/store"`
feat: new openid connect authentication layer 2024-04-12 16:41:11 +02:00			`"github.com/expr-lang/expr"`
			`"github.com/pkg/errors"`
			`)`

feat: reusable rule engine to prevent memory reallocation 2024-09-24 15:46:42 +02:00			`type Vars struct {`
refactor: use new rule engine package 2024-06-26 13:52:49 +02:00			User *User `expr:"user"`
feat: new openid connect authentication layer 2024-04-12 16:41:11 +02:00			`}`

fix(rewriter): prevent mixing of cached rule engines (#44) 2024-10-21 13:48:59 +02:00			`func (l Layer) applyRules(ctx context.Context, r http.Request, layer store.Layer, options LayerOptions, user *User) error {`
			`key := string(layer.Proxy) + "-" + string(layer.Name)`
			`revisionedEngine := l.ruleEngineCache.Get(key)`
feat: new openid connect authentication layer 2024-04-12 16:41:11 +02:00
fix(rewriter): prevent mixing of cached rule engines (#44) 2024-10-21 13:48:59 +02:00			`engine, err := revisionedEngine.Get(ctx, layer.Revision, options)`
refactor: use new rule engine package 2024-06-26 13:52:49 +02:00			`if err != nil {`
			`return errors.WithStack(err)`
			`}`

feat: reusable rule engine to prevent memory reallocation 2024-09-24 15:46:42 +02:00			`vars := &Vars{`
refactor: use new rule engine package 2024-06-26 13:52:49 +02:00			`User: user,`
feat: new openid connect authentication layer 2024-04-12 16:41:11 +02:00			`}`

feat: reusable rule engine to prevent memory reallocation 2024-09-24 15:46:42 +02:00			`ctx = ruleHTTP.WithRequest(ctx, r)`

			`if _, err := engine.Apply(ctx, vars); err != nil {`
refactor: use new rule engine package 2024-06-26 13:52:49 +02:00			`return errors.WithStack(err)`
			`}`

			`return nil`
			`}`
feat: add authn-basic layer 2024-05-21 12:10:52 +02:00
refactor: use new rule engine package 2024-06-26 13:52:49 +02:00			`func getAuthnAPI() []expr.Option {`
			`options := make([]expr.Option, 0)`

			`// forbidden() allows the layer to hijack the current request and return a 403 Forbidden HTTP status`
feat: add authn-basic layer 2024-05-21 12:10:52 +02:00			`forbidden := expr.Function(`
			`"forbidden",`
			`func(params ...any) (any, error) {`
refactor: use new rule engine package 2024-06-26 13:52:49 +02:00			`return true, errors.WithStack(ErrForbidden)`
feat: add authn-basic layer 2024-05-21 12:10:52 +02:00			`},`
			`new(func() bool),`
			`)`

refactor: use new rule engine package 2024-06-26 13:52:49 +02:00			`options = append(options, forbidden)`
feat: add authn-basic layer 2024-05-21 12:10:52 +02:00
refactor: use new rule engine package 2024-06-26 13:52:49 +02:00			`return options`
feat: new openid connect authentication layer 2024-04-12 16:41:11 +02:00			`}`