server/handler/auth/auth.go - servicecomb-service-center - Git at Google

 /*
  * Licensed to the Apache Software Foundation (ASF) under one or more
  * contributor license agreements.  See the NOTICE file distributed with
  * this work for additional information regarding copyright ownership.
  * The ASF licenses this file to You under the Apache License, Version 2.0
  * (the "License"); you may not use this file except in compliance with
  * the License.  You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */

 package auth

 import (
 	"net/http"

 	"github.com/go-chassis/cari/discovery"
 	"github.com/go-chassis/cari/pkg/errsvc"
 	"github.com/go-chassis/cari/rbac"

 	"github.com/apache/servicecomb-service-center/pkg/chain"
 	"github.com/apache/servicecomb-service-center/pkg/log"
 	"github.com/apache/servicecomb-service-center/pkg/rest"
 	"github.com/apache/servicecomb-service-center/pkg/util"
 	"github.com/apache/servicecomb-service-center/server/plugin/auth"
 	"github.com/apache/servicecomb-service-center/server/response"
 )

 const (
 	CtxResourceLabels util.CtxKey = "_resource_labels"
 	CtxResourceScopes util.CtxKey = "_resource_scopes"
 )

 type Handler struct {
 }

 func (h *Handler) Handle(i *chain.Invocation) {
 	r := i.Context().Value(rest.CtxRequest).(*http.Request)

 	i.WithContext(CtxResourceScopes, auth.ResourceScopes(r))

 	if err := auth.Identify(r); err != nil {
 		log.Errorf(err, "authenticate request failed, %s %s", r.Method, r.RequestURI)
 		if e, ok := err.(*errsvc.Error); ok {
 			i.Fail(e)
 			return
 		}
 		i.Fail(discovery.NewError(rbac.ErrUnauthorized, err.Error()))
 		return
 	}

 	i.Next(chain.WithFunc(func(ret chain.Result) {
 		if !ret.OK {
 			return
 		}
 		apiPath, obj := i.Context().Value(rest.CtxMatchPattern).(string),
 			i.Context().Value(rest.CtxResponseObject)
 		// obj set empty string if CtxResponseObject not exist
 		if _, ok := obj.(string); ok || obj == nil {
 			return
 		}

 		labels, ok := i.Context().Value(CtxResourceLabels).([]map[string]string)
 		if !ok {
 			return
 		}
 		if len(labels) == 0 {
 			// all allowed
 			return
 		}
 		obj = response.Filter(apiPath, obj, labels)

 		w := i.Context().Value(rest.CtxResponse).(http.ResponseWriter)
 		rest.WriteResponse(w, r, nil, obj)
 	}))
 }

 func RegisterHandlers() {
 	chain.RegisterHandler(rest.ServerChainName, &Handler{})
 }
	/*
	* Licensed to the Apache Software Foundation (ASF) under one or more
	* contributor license agreements. See the NOTICE file distributed with
	* this work for additional information regarding copyright ownership.
	* The ASF licenses this file to You under the Apache License, Version 2.0
	* (the "License"); you may not use this file except in compliance with
	* the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/

	package auth

	import (
	"net/http"

	"github.com/go-chassis/cari/discovery"
	"github.com/go-chassis/cari/pkg/errsvc"
	"github.com/go-chassis/cari/rbac"

	"github.com/apache/servicecomb-service-center/pkg/chain"
	"github.com/apache/servicecomb-service-center/pkg/log"
	"github.com/apache/servicecomb-service-center/pkg/rest"
	"github.com/apache/servicecomb-service-center/pkg/util"
	"github.com/apache/servicecomb-service-center/server/plugin/auth"
	"github.com/apache/servicecomb-service-center/server/response"
	)

	const (
	CtxResourceLabels util.CtxKey = "_resource_labels"
	CtxResourceScopes util.CtxKey = "_resource_scopes"
	)

	type Handler struct {
	}

	func (h Handler) Handle(i chain.Invocation) {
	r := i.Context().Value(rest.CtxRequest).(*http.Request)

	i.WithContext(CtxResourceScopes, auth.ResourceScopes(r))

	if err := auth.Identify(r); err != nil {
	log.Errorf(err, "authenticate request failed, %s %s", r.Method, r.RequestURI)
	if e, ok := err.(*errsvc.Error); ok {
	i.Fail(e)
	return
	}
	i.Fail(discovery.NewError(rbac.ErrUnauthorized, err.Error()))
	return
	}

	i.Next(chain.WithFunc(func(ret chain.Result) {
	if !ret.OK {
	return
	}
	apiPath, obj := i.Context().Value(rest.CtxMatchPattern).(string),
	i.Context().Value(rest.CtxResponseObject)
	// obj set empty string if CtxResponseObject not exist
	if _, ok := obj.(string); ok \|\| obj == nil {
	return
	}

	labels, ok := i.Context().Value(CtxResourceLabels).([]map[string]string)
	if !ok {
	return
	}
	if len(labels) == 0 {
	// all allowed
	return
	}
	obj = response.Filter(apiPath, obj, labels)

	w := i.Context().Value(rest.CtxResponse).(http.ResponseWriter)
	rest.WriteResponse(w, r, nil, obj)
	}))
	}

	func RegisterHandlers() {
	chain.RegisterHandler(rest.ServerChainName, &Handler{})
	}