Commit 68aaeca

mo khan <mo@mokhan.ca>
2025-03-06 19:27:03
feat: remove standalone gRPC server
main
1 parent 534c909
Changed files (8)
bin
api
idp
rpc
lib
authx
rpc
ability_handler.rb
ability_pb.rb
ability_services_pb.rb
authx.rb
magefile.go
bin/api
@@ -5,8 +5,9 @@ require 'bundler/inline'
 gemfile do
   source 'https://rubygems.org'
 
+  gem "declarative_policy", "~> 1.0"
   gem "erb", "~> 4.0"
-  gem "grpc", "~> 1.0"
+  gem "google-protobuf", "~> 3.0"
   gem "json", "~> 2.0"
   gem "logger", "~> 1.0"
   gem "rack", "~> 3.0"
@@ -21,7 +22,6 @@ $LOAD_PATH.unshift(lib_path) unless $LOAD_PATH.include?(lib_path)
 
 require 'authx'
 
-GRPC.logger = Logger.new($stderr, level: :debug)
 $scheme = ENV.fetch("SCHEME", "http")
 $port = ENV.fetch("PORT", 8284).to_i
 $host = ENV.fetch("HOST", "localhost:#{$port}")
@@ -80,21 +80,10 @@ class API
   def authorized?(request, permission)
     # TODO:: Check the JWT for the appropriate claim
     # Connect to the Authz RPC endpoint Ability.allowed?(subject, permission, resource)
-    if twirp?
-      client = ::Authx::Rpc::AbilityClient.new("http://idp.example.com:8080/twirp")
-      response = client.allowed(subject: "", permission: permission, resource: "")
-      puts response.inspect
-      response&.error&.nil? && response&.data&.result
-    else
-      client = ::Authx::Rpc::Ability::Stub.new('localhost:50051', :this_channel_is_insecure) # TODO:: memorize client
-      reply = client.allowed(::Authx::Rpc::AllowRequest.new(subject: "", permission: permission, resource: ""))
-      puts reply.inspect
-      reply&.result
-    end
-  end
-
-  def twirp?
-    true
+    client = ::Authx::Rpc::AbilityClient.new("http://idp.example.com:8080/twirp")
+    response = client.allowed(subject: "", permission: permission, resource: "")
+    puts response.inspect
+    response&.error&.nil? && response&.data&.result
   end
 
   def json_not_found
bin/idp
@@ -5,6 +5,8 @@ require "bundler/inline"
 gemfile do
   source "https://rubygems.org"
 
+  gem "declarative_policy", "~> 1.0"
+  gem "google-protobuf", "~> 3.0"
   gem "erb", "~> 4.0"
   gem "rack", "~> 3.0"
   gem "rackup", "~> 2.0"
bin/rpc
@@ -1,51 +0,0 @@
-#!/usr/bin/env ruby
-
-require "bundler/inline"
-
-gemfile do
-  source "https://rubygems.org"
-
-  gem "declarative_policy", "~> 1.0"
-  gem "grpc", "~> 1.0"
-  gem "grpc-tools", "~> 1.0"
-  gem "logger", "~> 1.0"
-end
-
-lib_path = Pathname.new(__FILE__).parent.parent.join('lib/authx/rpc').realpath.to_s
-$LOAD_PATH.unshift(lib_path) unless $LOAD_PATH.include?(lib_path)
-
-require 'ability_services_pb'
-
-class ProjectPolicy < DeclarativePolicy::Base
-  condition(:owner) { @subject.owner?(@user) }
-
-  rule { owner }.enable :create_project
-end
-
-class RawAbilityHandler < ::Authx::Rpc::Ability::Service
-  def allowed(request, _call)
-    puts [request, _call].inspect
-    GRPC.logger.info([request, _call].inspect)
-
-    ::Authx::Rpc::AllowReply.new(result: true)
-    # TODO:: entrypoint to declarative policies
-    # AllowReply.new(result: policy_for(request).can?(request.permission))
-  end
-
-  private
-
-  def policy_for(request)
-    # TODO:: convert subject in form of GlobalID to Resource Type
-    DeclarativePolicy.policy_for(request.subject, request.resource)
-  end
-end
-
-host = ENV.fetch("HOST", "localhost")
-port = ENV.fetch("PORT", "50051")
-bind_addr = "#{host}:#{port}"
-server = GRPC::RpcServer.new
-server.add_http2_port(bind_addr, :this_port_is_insecure)
-GRPC.logger = Logger.new($stderr, level: :debug)
-GRPC.logger.info("... running insecurely on #{bind_addr}")
-server.handle(RawAbilityHandler.new)
-server.run_till_terminated_or_interrupted([1, 'int', 'SIGQUIT'])
lib/authx/rpc/ability_handler.rb
@@ -7,9 +7,20 @@ module Authx
         puts [request, env].inspect
 
         {
-          result: true
+          result: can?(request)
         }
       end
+
+      private
+
+      def can?(request)
+        policy_for(request).can?(request.permission)
+      end
+
+      def policy_for(request)
+        # TODO:: convert subject in form of GlobalID to Resource Type
+        DeclarativePolicy.policy_for(request.subject, request.resource)
+      end
     end
   end
 end
lib/authx/rpc/ability_pb.rb
@@ -1,14 +1,20 @@
-# frozen_string_literal: true
 # Generated by the protocol buffer compiler.  DO NOT EDIT!
 # source: ability.proto
 
 require 'google/protobuf'
 
-
-descriptor_data = "\n\rability.proto\x12\tauthx.rpc\"E\n\x0c\x41llowRequest\x12\x0f\n\x07subject\x18\x01 \x01(\t\x12\x12\n\npermission\x18\x02 \x01(\t\x12\x10\n\x08resource\x18\x03 \x01(\t\"\x1c\n\nAllowReply\x12\x0e\n\x06result\x18\x01 \x01(\x08\x32\x46\n\x07\x41\x62ility\x12;\n\x07\x41llowed\x12\x17.authx.rpc.AllowRequest\x1a\x15.authx.rpc.AllowReply\"\x00\x62\x06proto3"
-
-pool = Google::Protobuf::DescriptorPool.generated_pool
-pool.add_serialized_file(descriptor_data)
+Google::Protobuf::DescriptorPool.generated_pool.build do
+  add_file("ability.proto", :syntax => :proto3) do
+    add_message "authx.rpc.AllowRequest" do
+      optional :subject, :string, 1
+      optional :permission, :string, 2
+      optional :resource, :string, 3
+    end
+    add_message "authx.rpc.AllowReply" do
+      optional :result, :bool, 1
+    end
+  end
+end
 
 module Authx
   module Rpc
lib/authx/rpc/ability_services_pb.rb
@@ -1,24 +0,0 @@
-# Generated by the protocol buffer compiler.  DO NOT EDIT!
-# Source: ability.proto for package 'authx.rpc'
-
-require 'grpc'
-require 'ability_pb'
-
-module Authx
-  module Rpc
-    module Ability
-      class Service
-
-        include ::GRPC::GenericService
-
-        self.marshal_class_method = :encode
-        self.unmarshal_class_method = :decode
-        self.service_name = 'authx.rpc.Ability'
-
-        rpc :Allowed, ::Authx::Rpc::AllowRequest, ::Authx::Rpc::AllowReply
-      end
-
-      Stub = Service.rpc_stub_class
-    end
-  end
-end
lib/authx.rb
@@ -1,3 +1,13 @@
 # frozen_string_literal: true
 
+require "declarative_policy"
+
 require "authx/rpc"
+
+module Authx
+  class ProjectPolicy < DeclarativePolicy::Base
+    condition(:owner) { true }
+
+    rule { owner }.enable :create_project
+  end
+end
magefile.go
@@ -56,15 +56,6 @@ func Api() error {
 	return sh.RunWithV(env, "ruby", "./bin/api")
 }
 
-// Run the gRPC Server
-func Rpc() error {
-	env := map[string]string{
-		"PORT": "50051",
-		"HOST": "localhost",
-	}
-	return sh.RunWithV(env, "ruby", "./bin/rpc")
-}
-
 // Open a web browser to the login page
 func Browser() error {
 	url := "http://localhost:8080/ui/sessions/new"
@@ -77,11 +68,9 @@ func Browser() error {
 
 // Generate gRPC from protocal buffers
 func Protos() error {
-	files := x.Must(filepath.Glob("./protos/*.proto"))
 	outDir := "lib/authx/rpc"
-	for _, file := range files {
-		var err error
-		if err = sh.RunV(
+	for _, file := range x.Must(filepath.Glob("./protos/*.proto")) {
+		if err := sh.RunV(
 			"protoc",
 			"--proto_path=./protos",
 			"--ruby_out="+outDir,
@@ -90,15 +79,6 @@ func Protos() error {
 		); err != nil {
 			return err
 		}
-		if err = sh.RunV(
-			"grpc_tools_ruby_protoc",
-			"--proto_path=./protos",
-			"--ruby_out="+outDir,
-			"--grpc_out="+outDir,
-			file,
-		); err != nil {
-			return err
-		}
 	}
 
 	return nil
@@ -106,5 +86,5 @@ func Protos() error {
 
 // Run All the servers
 func Run(ctx context.Context) {
-	mg.CtxDeps(ctx, Idp, UI, Api, Rpc, Gateway)
+	mg.CtxDeps(ctx, Idp, UI, Api, Gateway)
 }