Skip to content

Commit

Permalink
feat: add POST REST handler for policy check
Browse files Browse the repository at this point in the history
  • Loading branch information
aeneasr committed Feb 20, 2021
1 parent e0485af commit 7d89860
Show file tree
Hide file tree
Showing 4 changed files with 47 additions and 5 deletions.
2 changes: 2 additions & 0 deletions go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,8 @@ replace google.golang.org/protobuf v1.25.1-0.20201020201750-d3470999428b => goog

replace github.com/soheilhy/cmux => github.com/soheilhy/cmux v0.1.5-0.20210114230657-cdd3331e3e7c

replace github.com/ory/dockertest/v3 => github.com/ory/dockertest/v3 v3.6.3

require (
github.com/HdrHistogram/hdrhistogram-go v1.0.1 // indirect
github.com/asaskevich/govalidator v0.0.0-20200428143746-21a406dcc535 // indirect
Expand Down
6 changes: 6 additions & 0 deletions go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -916,6 +916,8 @@ github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh
github.com/mitchellh/mapstructure v1.2.2/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
github.com/mitchellh/mapstructure v1.3.2 h1:mRS76wmkOn3KkKAyXDu42V+6ebnXWIztFSYGN7GeoRg=
github.com/mitchellh/mapstructure v1.3.2/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
github.com/moby/term v0.0.0-20200915141129-7f0af18e79f2 h1:SPoLlS9qUUnXcIY4pvA4CTwYjk0Is5f4UPEkeESr53k=
github.com/moby/term v0.0.0-20200915141129-7f0af18e79f2/go.mod h1:TjQg8pa4iejrUrjiz0MCtMV38jdMNW4doKSiBrEvCQQ=
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826/go.mod h1:TaXosZuwdSHYgviHp1DAtfrULt5eUgsSMsZf+YrPgl8=
Expand Down Expand Up @@ -971,6 +973,8 @@ github.com/ory/dockertest v3.3.5+incompatible h1:iLLK6SQwIhcbrG783Dghaaa3WPzGc+4
github.com/ory/dockertest v3.3.5+incompatible/go.mod h1:1vX4m9wsvi00u5bseYwXaSnhNrne+V0E6LAcBILJdPs=
github.com/ory/dockertest/v3 v3.5.4 h1:rYijlJuraj8D4OgC1DpYpCV8SGXrkviT3RVrjFy7OFc=
github.com/ory/dockertest/v3 v3.5.4/go.mod h1:J8ZUbNB2FOhm1cFZW9xBpDsODqsSWcyYgtJYVPcnF70=
github.com/ory/dockertest/v3 v3.6.3 h1:L8JWiGgR+fnj90AEOkTFIEp4j5uWAK72P3IUsYgn2cs=
github.com/ory/dockertest/v3 v3.6.3/go.mod h1:EFLcVUOl8qCwp9NyDAcCDtq/QviLtYswW/VbWzUnTNE=
github.com/ory/fosite v0.29.0/go.mod h1:0atSZmXO7CAcs6NPMI/Qtot8tmZYj04Nddoold4S2h0=
github.com/ory/go-acc v0.0.0-20181118080137-ddc355013f90 h1:Bpk3eqc3rbJT2mE+uS9ETzmi2cEL4RuIKz2iUeteh04=
github.com/ory/go-acc v0.0.0-20181118080137-ddc355013f90/go.mod h1:sxnvPCxChFuSmTJGj8FdMupeq1BezCiEpDjTUXQ4hf4=
Expand Down Expand Up @@ -1532,6 +1536,7 @@ golang.org/x/tools v0.0.0-20190614205625-5aca471b1d59/go.mod h1:/rFqwRUd4F7ZHNgw
golang.org/x/tools v0.0.0-20190617190820-da514acc4774/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
golang.org/x/tools v0.0.0-20190624190245-7f2218787638/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
golang.org/x/tools v0.0.0-20190624222133-a101b041ded4/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
golang.org/x/tools v0.0.0-20190711191110-9a621aea19f8/go.mod h1:jcCCGcm9btYwXyDqrUWc6MKQKKGJCWEQ3AfLSRIbEuI=
golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
Expand Down Expand Up @@ -1683,6 +1688,7 @@ gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776 h1:tQIYjPdBoyREyB9XMu+nnTclp
gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo=
gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw=
gotest.tools/v3 v3.0.2/go.mod h1:3SzNCllyD9/Y+b5r9JIKQ474KzkZyqLqEfYqMsX94Bk=
honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
Expand Down
25 changes: 25 additions & 0 deletions internal/check/handler.go
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,12 @@ package check

import (
"context"
"encoding/json"
"net/http"

"github.com/ory/herodot"
"github.com/pkg/errors"

acl "github.com/ory/keto/proto/ory/keto/acl/v1alpha1"

"google.golang.org/grpc"
Expand Down Expand Up @@ -36,6 +40,7 @@ const RouteBase = "/check"

func (h *Handler) RegisterReadRoutes(r *x.ReadRouter) {
r.GET(RouteBase, h.getCheck)
r.POST(RouteBase, h.postCheck)
}

func (h *Handler) RegisterWriteRoutes(_ *x.WriteRouter) {}
Expand Down Expand Up @@ -66,6 +71,26 @@ func (h *Handler) getCheck(w http.ResponseWriter, r *http.Request, _ httprouter.
h.d.Writer().WriteCode(w, r, http.StatusForbidden, "rejected")
}

func (h *Handler) postCheck(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
var tuple relationtuple.InternalRelationTuple
if err := json.NewDecoder(r.Body).Decode(&tuple); err != nil {
h.d.Writer().WriteError(w, r, errors.WithStack(herodot.ErrBadRequest.WithReasonf("Unable to decode JSON payload: %s", err)))
}

allowed, err := h.d.PermissionEngine().SubjectIsAllowed(r.Context(), &tuple)
if err != nil {
h.d.Writer().WriteError(w, r, err)
return
}

if allowed {
h.d.Writer().WriteCode(w, r, http.StatusOK, "allowed")
return
}

h.d.Writer().WriteCode(w, r, http.StatusForbidden, "rejected")
}

func (h *Handler) Check(ctx context.Context, req *acl.CheckRequest) (*acl.CheckResponse, error) {
tuple, err := (&relationtuple.InternalRelationTuple{}).FromDataProvider(req)
if err != nil {
Expand Down
19 changes: 14 additions & 5 deletions internal/e2e/rest_client_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -80,15 +80,24 @@ func (rc *restClient) queryTuple(t require.TestingT, q *relationtuple.RelationQu
}

func (rc *restClient) check(t require.TestingT, r *relationtuple.InternalRelationTuple) bool {
body, code := rc.makeRequest(t, http.MethodGet, fmt.Sprintf("%s?%s", check.RouteBase, r.ToURLQuery().Encode()), "", false)
bodyGet, codeGet := rc.makeRequest(t, http.MethodGet, fmt.Sprintf("%s?%s", check.RouteBase, r.ToURLQuery().Encode()), "", false)

if code == http.StatusOK {
assert.Equal(t, `"allowed"`, body) // JSON string, therefore quoted
j, err := json.Marshal(r)
require.NoError(t, err)
bodyPost, codePost := rc.makeRequest(t, http.MethodPost, check.RouteBase, string(j), false)

if codeGet == http.StatusOK && codePost == http.StatusOK {
// JSON string, therefore quoted
assert.Equal(t, `"allowed"`, bodyGet)
assert.Equal(t, `"allowed"`, bodyPost) // JSON string, therefore quoted
return true
}

assert.Equal(t, http.StatusForbidden, code)
assert.Equal(t, `"rejected"`, body) // JSON string, therefore quoted
assert.Equal(t, http.StatusForbidden, codeGet)
assert.Equal(t, http.StatusForbidden, codePost)
// JSON string, therefore quoted
assert.Equal(t, `"rejected"`, bodyGet)
assert.Equal(t, `"rejected"`, bodyPost)
return false
}

Expand Down

0 comments on commit 7d89860

Please sign in to comment.