From c966608d3f7c3d157713f72128da4fe255405c51 Mon Sep 17 00:00:00 2001 From: Karan Kajla Date: Mon, 3 Apr 2023 10:26:53 -0700 Subject: [PATCH] Consider AuthInfo as optional in check (#53) * Run go mod tidy * Update GetAuthInfoFromRequestContext to handle cases when AuthInfo doesn't exist * Update check handlers and service to work with or without AuthInfo * Remove logger Warn call on some errors * Remove unused IsImplicit attribute on WarrantSpec * Remove participle as a dependency --- pkg/authz/check/handlers.go | 7 +++---- pkg/authz/check/service.go | 6 +++--- pkg/authz/object/mysql.go | 2 +- pkg/authz/warrant/spec.go | 1 - pkg/service/auth.go | 10 ++++++++-- 5 files changed, 15 insertions(+), 11 deletions(-) diff --git a/pkg/authz/check/handlers.go b/pkg/authz/check/handlers.go index 6793c359..e640e923 100644 --- a/pkg/authz/check/handlers.go +++ b/pkg/authz/check/handlers.go @@ -25,8 +25,7 @@ func (svc CheckService) GetRoutes() []service.Route { func authorize(env service.Env, w http.ResponseWriter, r *http.Request) error { authInfo := service.GetAuthInfoFromRequestContext(r.Context()) - - if authInfo.UserId != "" { + if authInfo != nil && authInfo.UserId != "" { var sessionCheckManySpec SessionCheckManySpec err := service.ParseJSONBody(r.Body, &sessionCheckManySpec) if err != nil { @@ -54,7 +53,7 @@ func authorize(env service.Env, w http.ResponseWriter, r *http.Request) error { Debug: sessionCheckManySpec.Debug, } - checkResult, err := NewService(env, &authInfo).CheckMany(r.Context(), &checkManySpec) + checkResult, err := NewService(env, authInfo).CheckMany(r.Context(), &checkManySpec) if err != nil { return err } @@ -69,7 +68,7 @@ func authorize(env service.Env, w http.ResponseWriter, r *http.Request) error { return err } - checkResult, err := NewService(env, &authInfo).CheckMany(r.Context(), &checkManySpec) + checkResult, err := NewService(env, authInfo).CheckMany(r.Context(), &checkManySpec) if err != nil { return err } diff --git a/pkg/authz/check/service.go b/pkg/authz/check/service.go index 9f312cff..aa4d14af 100644 --- a/pkg/authz/check/service.go +++ b/pkg/authz/check/service.go @@ -77,7 +77,7 @@ func (svc CheckService) getMatchingSubjects(ctx context.Context, objectType stri wntCtx.ToHash(), ) if err != nil { - log.Warn().Err(err).Msg("Error fetching warrants for object") + log.Err(err).Msg("Error fetching warrants for object") return warrantSpecs, err } @@ -97,7 +97,7 @@ func (svc CheckService) getMatchingSubjects(ctx context.Context, objectType stri wntCtx.ToHash(), ) if err != nil { - log.Warn().Err(err).Msg("Error fetching warrants matching wildcard") + log.Err(err).Msg("Error fetching warrants matching wildcard") return warrantSpecs, err } @@ -326,7 +326,7 @@ func (svc CheckService) Check(ctx context.Context, warrantCheck CheckSpec) (matc log.Debug().Msgf("Checking for warrant %s", warrantCheck.String()) // Used to automatically append tenant context for session token w/ tenantId checks - if svc.authInfo.TenantId != "" { + if svc.authInfo != nil && svc.authInfo.TenantId != "" { svc.appendTenantContext(&warrantCheck) } diff --git a/pkg/authz/object/mysql.go b/pkg/authz/object/mysql.go index 2f50dbd4..711388f6 100644 --- a/pkg/authz/object/mysql.go +++ b/pkg/authz/object/mysql.go @@ -44,7 +44,7 @@ func (repo MySQLRepository) Create(ctx context.Context, object Object) (int64, e newObjectId, err := result.LastInsertId() if err != nil { - log.Warn().Err(err).Msg("Unable to create object") + log.Err(err).Msg("Unable to create object") return 0, service.NewInternalError("Unable to create object") } diff --git a/pkg/authz/warrant/spec.go b/pkg/authz/warrant/spec.go index ff5b26a0..48d0d84d 100644 --- a/pkg/authz/warrant/spec.go +++ b/pkg/authz/warrant/spec.go @@ -95,7 +95,6 @@ type WarrantSpec struct { Relation string `json:"relation" validate:"required,valid_relation"` Subject *SubjectSpec `json:"subject" validate:"required"` Context context.ContextSetSpec `json:"context,omitempty"` - IsImplicit *bool `json:"isImplicit,omitempty"` CreatedAt time.Time `json:"createdAt"` } diff --git a/pkg/service/auth.go b/pkg/service/auth.go index 38675709..abdbdc4b 100644 --- a/pkg/service/auth.go +++ b/pkg/service/auth.go @@ -165,6 +165,12 @@ func AuthMiddleware(next http.Handler, config *config.Config, enableSessionAuth } // GetAuthInfoFromRequestContext returns the AuthInfo object from the given context -func GetAuthInfoFromRequestContext(context context.Context) AuthInfo { - return context.Value(authInfoKey).(AuthInfo) +func GetAuthInfoFromRequestContext(context context.Context) *AuthInfo { + contextVal := context.Value(authInfoKey) + if contextVal != nil { + authInfo := context.Value(authInfoKey).(AuthInfo) + return &authInfo + } + + return nil }