edge/pkg/module/auth/option.go
William Petit d2472623f2
All checks were successful
arcad/edge/pipeline/pr-master This commit looks good
feat(storage-server): jwt based authentication
2023-10-01 19:56:38 -06:00

81 lines
1.6 KiB
Go

package auth
import (
"context"
"fmt"
"net/http"
"forge.cadoles.com/arcad/edge/pkg/jwtutil"
"github.com/pkg/errors"
)
type GetClaimFunc func(ctx context.Context, r *http.Request, name string) (string, error)
type Option struct {
GetClaim GetClaimFunc
ProfileClaims []string
}
type OptionFunc func(*Option)
func defaultOptions() *Option {
return &Option{
GetClaim: dummyGetClaim,
ProfileClaims: []string{
ClaimSubject,
ClaimIssuer,
ClaimEdgeEntrypoint,
ClaimEdgeRole,
ClaimPreferredUsername,
ClaimEdgeTenant,
},
}
}
func dummyGetClaim(ctx context.Context, r *http.Request, name string) (string, error) {
return "", errors.Errorf("dummy getclaim func cannot retrieve claim '%s'", name)
}
func WithGetClaims(fn GetClaimFunc) OptionFunc {
return func(o *Option) {
o.GetClaim = fn
}
}
func WithProfileClaims(claims ...string) OptionFunc {
return func(o *Option) {
o.ProfileClaims = claims
}
}
func WithJWT(getKeySet jwtutil.GetKeySetFunc) OptionFunc {
funcs := []jwtutil.FindTokenOptionFunc{
jwtutil.WithFinders(
jwtutil.FindTokenFromAuthorizationHeader,
jwtutil.FindTokenFromQueryString(CookieName),
jwtutil.FindTokenFromCookie(CookieName),
),
}
return func(o *Option) {
o.GetClaim = func(ctx context.Context, r *http.Request, name string) (string, error) {
token, err := jwtutil.FindToken(r, getKeySet, funcs...)
if err != nil {
return "", errors.WithStack(err)
}
tokenMap, err := token.AsMap(ctx)
if err != nil {
return "", errors.WithStack(err)
}
value, exists := tokenMap[name]
if !exists {
return "", nil
}
return fmt.Sprintf("%v", value), nil
}
}
}