main
1package authz
2
3import (
4 "net"
5 "net/http"
6
7 cedar "github.com/cedar-policy/cedar-go"
8 "github.com/xlgmokha/x/pkg/log"
9 "gitlab.com/mokhax/spike/pkg/gid"
10 "gitlab.com/mokhax/spike/pkg/policies"
11)
12
13func WithCedar() Authorizer {
14 return AuthorizerFunc(func(r *http.Request) bool {
15 host, _, err := net.SplitHostPort(r.Host)
16 if err != nil {
17 log.WithFields(r.Context(), log.Fields{"error": err})
18 return false
19 }
20 subject, found := TokenFrom(r).Subject()
21 if !found {
22 subject = "gid://example/User/*"
23 }
24
25 return policies.Allowed(cedar.Request{
26 Principal: gid.NewEntityUID(subject),
27 Action: cedar.NewEntityUID("HttpMethod", cedar.String(r.Method)),
28 Resource: cedar.NewEntityUID("HttpPath", cedar.String(r.URL.Path)),
29 Context: cedar.NewRecord(cedar.RecordMap{
30 "host": cedar.String(host),
31 }),
32 })
33 })
34}