bouncer/internal/proxy/director/layer/authn/rules.go

package authn

import (
	"net/http"

	"forge.cadoles.com/cadoles/bouncer/internal/rule"
	ruleHTTP "forge.cadoles.com/cadoles/bouncer/internal/rule/http"
	"github.com/expr-lang/expr"
	"github.com/pkg/errors"
)

type Env struct {
	User *User `expr:"user"`
}

func (l *Layer) applyRules(r *http.Request, options *LayerOptions, user *User) error {
	rules := options.Rules
	if len(rules) == 0 {
		return nil
	}

	engine, err := rule.NewEngine[*Env](
		rule.WithRules(options.Rules...),
		rule.WithExpr(getAuthnAPI()...),
		ruleHTTP.WithRequestFuncs(r),
	)
	if err != nil {
		return errors.WithStack(err)
	}

	env := &Env{
		User: user,
	}

	if _, err := engine.Apply(env); err != nil {
		return errors.WithStack(err)
	}

	return nil
}

func getAuthnAPI() []expr.Option {
	options := make([]expr.Option, 0)

	// forbidden() allows the layer to hijack the current request and return a 403 Forbidden HTTP status
	forbidden := expr.Function(
		"forbidden",
		func(params ...any) (any, error) {
			return true, errors.WithStack(ErrForbidden)
		},
		new(func() bool),
	)

	options = append(options, forbidden)

	return options
}
feat: new openid connect authentication layer 2024-04-12 16:41:11 +02:00			`package authn`

			`import (`
			`"net/http"`

refactor: use new rule engine package 2024-06-26 13:52:49 +02:00			`"forge.cadoles.com/cadoles/bouncer/internal/rule"`
			`ruleHTTP "forge.cadoles.com/cadoles/bouncer/internal/rule/http"`
feat: new openid connect authentication layer 2024-04-12 16:41:11 +02:00			`"github.com/expr-lang/expr"`
			`"github.com/pkg/errors"`
			`)`

refactor: use new rule engine package 2024-06-26 13:52:49 +02:00			`type Env struct {`
			User *User `expr:"user"`
feat: new openid connect authentication layer 2024-04-12 16:41:11 +02:00			`}`

feat: add authn-basic layer 2024-05-21 12:10:52 +02:00			`func (l Layer) applyRules(r http.Request, options LayerOptions, user User) error {`
			`rules := options.Rules`
feat: new openid connect authentication layer 2024-04-12 16:41:11 +02:00			`if len(rules) == 0 {`
			`return nil`
			`}`

refactor: use new rule engine package 2024-06-26 13:52:49 +02:00			`engine, err := rule.NewEngine[*Env](`
			`rule.WithRules(options.Rules...),`
			`rule.WithExpr(getAuthnAPI()...),`
			`ruleHTTP.WithRequestFuncs(r),`
			`)`
			`if err != nil {`
			`return errors.WithStack(err)`
			`}`

			`env := &Env{`
			`User: user,`
feat: new openid connect authentication layer 2024-04-12 16:41:11 +02:00			`}`

refactor: use new rule engine package 2024-06-26 13:52:49 +02:00			`if _, err := engine.Apply(env); err != nil {`
			`return errors.WithStack(err)`
			`}`

			`return nil`
			`}`
feat: add authn-basic layer 2024-05-21 12:10:52 +02:00
refactor: use new rule engine package 2024-06-26 13:52:49 +02:00			`func getAuthnAPI() []expr.Option {`
			`options := make([]expr.Option, 0)`

			`// forbidden() allows the layer to hijack the current request and return a 403 Forbidden HTTP status`
feat: add authn-basic layer 2024-05-21 12:10:52 +02:00			`forbidden := expr.Function(`
			`"forbidden",`
			`func(params ...any) (any, error) {`
refactor: use new rule engine package 2024-06-26 13:52:49 +02:00			`return true, errors.WithStack(ErrForbidden)`
feat: add authn-basic layer 2024-05-21 12:10:52 +02:00			`},`
			`new(func() bool),`
			`)`

refactor: use new rule engine package 2024-06-26 13:52:49 +02:00			`options = append(options, forbidden)`
feat: add authn-basic layer 2024-05-21 12:10:52 +02:00
refactor: use new rule engine package 2024-06-26 13:52:49 +02:00			`return options`
feat: new openid connect authentication layer 2024-04-12 16:41:11 +02:00			`}`