diff --git a/go.mod b/go.mod index 7ec66fe1c..65613e6ff 100644 --- a/go.mod +++ b/go.mod @@ -4,6 +4,8 @@ replace google.golang.org/protobuf v1.25.1-0.20201020201750-d3470999428b => goog replace github.com/soheilhy/cmux => github.com/soheilhy/cmux v0.1.5-0.20210114230657-cdd3331e3e7c +replace github.com/ory/dockertest/v3 => github.com/ory/dockertest/v3 v3.6.3 + require ( github.com/HdrHistogram/hdrhistogram-go v1.0.1 // indirect github.com/asaskevich/govalidator v0.0.0-20200428143746-21a406dcc535 // indirect diff --git a/go.sum b/go.sum index 3ed2a47de..c4d555de9 100644 --- a/go.sum +++ b/go.sum @@ -916,6 +916,8 @@ github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh github.com/mitchellh/mapstructure v1.2.2/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= github.com/mitchellh/mapstructure v1.3.2 h1:mRS76wmkOn3KkKAyXDu42V+6ebnXWIztFSYGN7GeoRg= github.com/mitchellh/mapstructure v1.3.2/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= +github.com/moby/term v0.0.0-20200915141129-7f0af18e79f2 h1:SPoLlS9qUUnXcIY4pvA4CTwYjk0Is5f4UPEkeESr53k= +github.com/moby/term v0.0.0-20200915141129-7f0af18e79f2/go.mod h1:TjQg8pa4iejrUrjiz0MCtMV38jdMNW4doKSiBrEvCQQ= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826/go.mod h1:TaXosZuwdSHYgviHp1DAtfrULt5eUgsSMsZf+YrPgl8= @@ -971,6 +973,8 @@ github.com/ory/dockertest v3.3.5+incompatible h1:iLLK6SQwIhcbrG783Dghaaa3WPzGc+4 github.com/ory/dockertest v3.3.5+incompatible/go.mod h1:1vX4m9wsvi00u5bseYwXaSnhNrne+V0E6LAcBILJdPs= github.com/ory/dockertest/v3 v3.5.4 h1:rYijlJuraj8D4OgC1DpYpCV8SGXrkviT3RVrjFy7OFc= github.com/ory/dockertest/v3 v3.5.4/go.mod h1:J8ZUbNB2FOhm1cFZW9xBpDsODqsSWcyYgtJYVPcnF70= +github.com/ory/dockertest/v3 v3.6.3 h1:L8JWiGgR+fnj90AEOkTFIEp4j5uWAK72P3IUsYgn2cs= +github.com/ory/dockertest/v3 v3.6.3/go.mod h1:EFLcVUOl8qCwp9NyDAcCDtq/QviLtYswW/VbWzUnTNE= github.com/ory/fosite v0.29.0/go.mod h1:0atSZmXO7CAcs6NPMI/Qtot8tmZYj04Nddoold4S2h0= github.com/ory/go-acc v0.0.0-20181118080137-ddc355013f90 h1:Bpk3eqc3rbJT2mE+uS9ETzmi2cEL4RuIKz2iUeteh04= github.com/ory/go-acc v0.0.0-20181118080137-ddc355013f90/go.mod h1:sxnvPCxChFuSmTJGj8FdMupeq1BezCiEpDjTUXQ4hf4= @@ -1532,6 +1536,7 @@ golang.org/x/tools v0.0.0-20190614205625-5aca471b1d59/go.mod h1:/rFqwRUd4F7ZHNgw golang.org/x/tools v0.0.0-20190617190820-da514acc4774/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= golang.org/x/tools v0.0.0-20190624190245-7f2218787638/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= +golang.org/x/tools v0.0.0-20190624222133-a101b041ded4/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= golang.org/x/tools v0.0.0-20190711191110-9a621aea19f8/go.mod h1:jcCCGcm9btYwXyDqrUWc6MKQKKGJCWEQ3AfLSRIbEuI= golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= @@ -1683,6 +1688,7 @@ gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776 h1:tQIYjPdBoyREyB9XMu+nnTclp gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo= gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw= +gotest.tools/v3 v3.0.2/go.mod h1:3SzNCllyD9/Y+b5r9JIKQ474KzkZyqLqEfYqMsX94Bk= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= diff --git a/internal/check/handler.go b/internal/check/handler.go index 80acad57f..f571cea37 100644 --- a/internal/check/handler.go +++ b/internal/check/handler.go @@ -2,8 +2,12 @@ package check import ( "context" + "encoding/json" "net/http" + "github.com/ory/herodot" + "github.com/pkg/errors" + acl "github.com/ory/keto/proto/ory/keto/acl/v1alpha1" "google.golang.org/grpc" @@ -36,6 +40,7 @@ const RouteBase = "/check" func (h *Handler) RegisterReadRoutes(r *x.ReadRouter) { r.GET(RouteBase, h.getCheck) + r.POST(RouteBase, h.postCheck) } func (h *Handler) RegisterWriteRoutes(_ *x.WriteRouter) {} @@ -66,6 +71,26 @@ func (h *Handler) getCheck(w http.ResponseWriter, r *http.Request, _ httprouter. h.d.Writer().WriteCode(w, r, http.StatusForbidden, "rejected") } +func (h *Handler) postCheck(w http.ResponseWriter, r *http.Request, _ httprouter.Params) { + var tuple relationtuple.InternalRelationTuple + if err := json.NewDecoder(r.Body).Decode(&tuple); err != nil { + h.d.Writer().WriteError(w, r, errors.WithStack(herodot.ErrBadRequest.WithReasonf("Unable to decode JSON payload: %s", err))) + } + + allowed, err := h.d.PermissionEngine().SubjectIsAllowed(r.Context(), &tuple) + if err != nil { + h.d.Writer().WriteError(w, r, err) + return + } + + if allowed { + h.d.Writer().WriteCode(w, r, http.StatusOK, "allowed") + return + } + + h.d.Writer().WriteCode(w, r, http.StatusForbidden, "rejected") +} + func (h *Handler) Check(ctx context.Context, req *acl.CheckRequest) (*acl.CheckResponse, error) { tuple, err := (&relationtuple.InternalRelationTuple{}).FromDataProvider(req) if err != nil { diff --git a/internal/e2e/rest_client_test.go b/internal/e2e/rest_client_test.go index 2fc3653f8..426ab08c6 100644 --- a/internal/e2e/rest_client_test.go +++ b/internal/e2e/rest_client_test.go @@ -80,15 +80,24 @@ func (rc *restClient) queryTuple(t require.TestingT, q *relationtuple.RelationQu } func (rc *restClient) check(t require.TestingT, r *relationtuple.InternalRelationTuple) bool { - body, code := rc.makeRequest(t, http.MethodGet, fmt.Sprintf("%s?%s", check.RouteBase, r.ToURLQuery().Encode()), "", false) + bodyGet, codeGet := rc.makeRequest(t, http.MethodGet, fmt.Sprintf("%s?%s", check.RouteBase, r.ToURLQuery().Encode()), "", false) - if code == http.StatusOK { - assert.Equal(t, `"allowed"`, body) // JSON string, therefore quoted + j, err := json.Marshal(r) + require.NoError(t, err) + bodyPost, codePost := rc.makeRequest(t, http.MethodPost, check.RouteBase, string(j), false) + + if codeGet == http.StatusOK && codePost == http.StatusOK { + // JSON string, therefore quoted + assert.Equal(t, `"allowed"`, bodyGet) + assert.Equal(t, `"allowed"`, bodyPost) // JSON string, therefore quoted return true } - assert.Equal(t, http.StatusForbidden, code) - assert.Equal(t, `"rejected"`, body) // JSON string, therefore quoted + assert.Equal(t, http.StatusForbidden, codeGet) + assert.Equal(t, http.StatusForbidden, codePost) + // JSON string, therefore quoted + assert.Equal(t, `"rejected"`, bodyGet) + assert.Equal(t, `"rejected"`, bodyPost) return false }