mirror of
https://github.com/zitadel/zitadel.git
synced 2024-12-13 03:24:26 +00:00
61 lines
1.4 KiB
Go
61 lines
1.4 KiB
Go
package auth
|
|
|
|
import (
|
|
"context"
|
|
|
|
"github.com/caos/logging"
|
|
)
|
|
|
|
type key int
|
|
|
|
var (
|
|
permissionsKey key
|
|
dataKey key
|
|
)
|
|
|
|
type CtxData struct {
|
|
UserID string
|
|
OrgID string
|
|
ProjectID string
|
|
AgentID string
|
|
}
|
|
|
|
func (ctxData CtxData) IsZero() bool {
|
|
return ctxData.UserID == "" || ctxData.OrgID == ""
|
|
}
|
|
|
|
type Grants []*Grant
|
|
|
|
type Grant struct {
|
|
OrgID string
|
|
Roles []string
|
|
}
|
|
|
|
type TokenVerifier interface {
|
|
VerifyAccessToken(ctx context.Context, token string) (string, string, string, error)
|
|
ResolveGrants(ctx context.Context, sub, orgID string) ([]*Grant, error)
|
|
GetProjectIDByClientID(ctx context.Context, clientID string) (string, error)
|
|
}
|
|
|
|
func VerifyTokenAndWriteCtxData(ctx context.Context, token, orgID string, t TokenVerifier) (_ context.Context, err error) {
|
|
userID, clientID, agentID, err := verifyAccessToken(ctx, token, t)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
projectID, err := t.GetProjectIDByClientID(ctx, clientID)
|
|
logging.LogWithFields("AUTH-GfAoV", "clientID", clientID).OnError(err).Warn("could not read projectid by clientid")
|
|
|
|
return context.WithValue(ctx, dataKey, CtxData{UserID: userID, OrgID: orgID, ProjectID: projectID, AgentID: agentID}), nil
|
|
}
|
|
|
|
func GetCtxData(ctx context.Context) CtxData {
|
|
ctxData, _ := ctx.Value(dataKey).(CtxData)
|
|
return ctxData
|
|
}
|
|
|
|
func GetPermissionsFromCtx(ctx context.Context) []string {
|
|
ctxPermission, _ := ctx.Value(permissionsKey).([]string)
|
|
return ctxPermission
|
|
}
|