[Cosmos] Refactoring how the resource type and link are passed down to the auth policy #1861
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
In working on some stuff related to "offers" and throughput, I noticed that the way we were inferring the resource "link" when generating the payload to be signed for key-based auth wasn't going to work for offers since they use a specific format of link. So, I decided to do some refactoring here to make it so the values for generating signatures are passed in to the policy (through the context) rather than inferred. The resource type was already being passed in, so I added a new type to represent the resource link (it'll need some special case stuff for offers, but this way that can be centralized there) and updated the authorization policy to use that value when generating the signature.
The value we put in the context is
ResourceLink
, which wraps up:The
ResourceLink
type also handles URL encoding to ensure that URL-unsafe characters are encoded before the URL and signature are generated. I've included APIs to allow you to build child feed/item links out of parent links.