Consider AuthInfo as optional in check (warrant-dev#53)

* Run go mod tidy

* Update GetAuthInfoFromRequestContext to handle cases when AuthInfo doesn't exist

* Update check handlers and service to work with or without AuthInfo

* Remove logger Warn call on some errors

* Remove unused IsImplicit attribute on WarrantSpec

* Remove participle as a dependency

pkg/authz/check/handlers.go

@@ -25,8 +25,7 @@ func (svc CheckService) GetRoutes() []service.Route {
 
 func authorize(env service.Env, w http.ResponseWriter, r *http.Request) error {
 	authInfo := service.GetAuthInfoFromRequestContext(r.Context())
-
-	if authInfo.UserId != "" {
+	if authInfo != nil && authInfo.UserId != "" {
 		var sessionCheckManySpec SessionCheckManySpec
 		err := service.ParseJSONBody(r.Body, &sessionCheckManySpec)
 		if err != nil {
@@ -54,7 +53,7 @@ func authorize(env service.Env, w http.ResponseWriter, r *http.Request) error {
 			Debug:          sessionCheckManySpec.Debug,
 		}
 
-		checkResult, err := NewService(env, &authInfo).CheckMany(r.Context(), &checkManySpec)
+		checkResult, err := NewService(env, authInfo).CheckMany(r.Context(), &checkManySpec)
 		if err != nil {
 			return err
 		}
@@ -69,7 +68,7 @@ func authorize(env service.Env, w http.ResponseWriter, r *http.Request) error {
 		return err
 	}
 
-	checkResult, err := NewService(env, &authInfo).CheckMany(r.Context(), &checkManySpec)
+	checkResult, err := NewService(env, authInfo).CheckMany(r.Context(), &checkManySpec)
 	if err != nil {
 		return err
 	}

pkg/authz/check/service.go

@@ -77,7 +77,7 @@ func (svc CheckService) getMatchingSubjects(ctx context.Context, objectType stri
 		wntCtx.ToHash(),
 	)
 	if err != nil {
-		log.Warn().Err(err).Msg("Error fetching warrants for object")
+		log.Err(err).Msg("Error fetching warrants for object")
 		return warrantSpecs, err
 	}
 
@@ -97,7 +97,7 @@ func (svc CheckService) getMatchingSubjects(ctx context.Context, objectType stri
 		wntCtx.ToHash(),
 	)
 	if err != nil {
-		log.Warn().Err(err).Msg("Error fetching warrants matching wildcard")
+		log.Err(err).Msg("Error fetching warrants matching wildcard")
 		return warrantSpecs, err
 	}
 
@@ -326,7 +326,7 @@ func (svc CheckService) Check(ctx context.Context, warrantCheck CheckSpec) (matc
 	log.Debug().Msgf("Checking for warrant %s", warrantCheck.String())
 
 	// Used to automatically append tenant context for session token w/ tenantId checks
-	if svc.authInfo.TenantId != "" {
+	if svc.authInfo != nil && svc.authInfo.TenantId != "" {
 		svc.appendTenantContext(&warrantCheck)
 	}
 

pkg/authz/object/mysql.go

@@ -44,7 +44,7 @@ func (repo MySQLRepository) Create(ctx context.Context, object Object) (int64, e
 
 	newObjectId, err := result.LastInsertId()
 	if err != nil {
-		log.Warn().Err(err).Msg("Unable to create object")
+		log.Err(err).Msg("Unable to create object")
 		return 0, service.NewInternalError("Unable to create object")
 	}
 

pkg/authz/warrant/spec.go

@@ -95,7 +95,6 @@ type WarrantSpec struct {
 	Relation   string                 `json:"relation" validate:"required,valid_relation"`
 	Subject    *SubjectSpec           `json:"subject" validate:"required"`
 	Context    context.ContextSetSpec `json:"context,omitempty"`
-	IsImplicit *bool                  `json:"isImplicit,omitempty"`
 	CreatedAt  time.Time              `json:"createdAt"`
 }
 

pkg/service/auth.go

@@ -165,6 +165,12 @@ func AuthMiddleware(next http.Handler, config *config.Config, enableSessionAuth
 }
 
 // GetAuthInfoFromRequestContext returns the AuthInfo object from the given context
-func GetAuthInfoFromRequestContext(context context.Context) AuthInfo {
-	return context.Value(authInfoKey).(AuthInfo)
+func GetAuthInfoFromRequestContext(context context.Context) *AuthInfo {
+	contextVal := context.Value(authInfoKey)
+	if contextVal != nil {
+		authInfo := context.Value(authInfoKey).(AuthInfo)
+		return &authInfo
+	}
+
+	return nil
 }