mirror of
https://github.com/zitadel/zitadel.git
synced 2024-12-14 20:08:02 +00:00
c2cb84cd24
* backup new protoc plugin * backup * session * backup * initial implementation * change to specific events * implement tests * cleanup * refactor: use new protoc plugin for api v2 * change package * simplify code * cleanup * cleanup * fix merge * start queries * fix tests * improve returned values * add token to projection * tests * test db map * update query * permission checks * fix tests and linting * rework token creation * i18n * refactor token check and fix tests * session to PB test * request to query tests * cleanup proto * test user check * add comment * simplify database map type * Update docs/docs/guides/integrate/access-zitadel-system-api.md Co-authored-by: Tim Möhlmann <tim+github@zitadel.com> * fix test * cleanup * docs --------- Co-authored-by: Tim Möhlmann <tim+github@zitadel.com>
55 lines
1.8 KiB
Go
55 lines
1.8 KiB
Go
package middleware
|
|
|
|
import (
|
|
"context"
|
|
|
|
"google.golang.org/grpc"
|
|
"google.golang.org/grpc/codes"
|
|
"google.golang.org/grpc/status"
|
|
|
|
"github.com/zitadel/zitadel/internal/api/authz"
|
|
grpc_util "github.com/zitadel/zitadel/internal/api/grpc"
|
|
"github.com/zitadel/zitadel/internal/api/http"
|
|
"github.com/zitadel/zitadel/internal/telemetry/tracing"
|
|
object "github.com/zitadel/zitadel/pkg/grpc/object/v2alpha"
|
|
)
|
|
|
|
func AuthorizationInterceptor(verifier *authz.TokenVerifier, authConfig authz.Config) grpc.UnaryServerInterceptor {
|
|
return func(ctx context.Context, req interface{}, info *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (interface{}, error) {
|
|
return authorize(ctx, req, info, handler, verifier, authConfig)
|
|
}
|
|
}
|
|
|
|
func authorize(ctx context.Context, req interface{}, info *grpc.UnaryServerInfo, handler grpc.UnaryHandler, verifier *authz.TokenVerifier, authConfig authz.Config) (_ interface{}, err error) {
|
|
authOpt, needsToken := verifier.CheckAuthMethod(info.FullMethod)
|
|
if !needsToken {
|
|
return handler(ctx, req)
|
|
}
|
|
|
|
authCtx, span := tracing.NewServerInterceptorSpan(ctx)
|
|
defer func() { span.EndWithError(err) }()
|
|
|
|
authToken := grpc_util.GetAuthorizationHeader(authCtx)
|
|
if authToken == "" {
|
|
return nil, status.Error(codes.Unauthenticated, "auth header missing")
|
|
}
|
|
|
|
var orgDomain string
|
|
orgID := grpc_util.GetHeader(authCtx, http.ZitadelOrgID)
|
|
if o, ok := req.(OrganisationFromRequest); ok {
|
|
orgID = o.OrganisationFromRequest().GetOrgId()
|
|
orgDomain = o.OrganisationFromRequest().GetOrgDomain()
|
|
}
|
|
|
|
ctxSetter, err := authz.CheckUserAuthorization(authCtx, req, authToken, orgID, orgDomain, verifier, authConfig, authOpt, info.FullMethod)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
span.End()
|
|
return handler(ctxSetter(ctx), req)
|
|
}
|
|
|
|
type OrganisationFromRequest interface {
|
|
OrganisationFromRequest() *object.Organisation
|
|
}
|