From 4ef1eeabf72a3fae6ca32660c4991f1376f1609b Mon Sep 17 00:00:00 2001 From: vrag99 Date: Sat, 23 Dec 2023 02:00:52 +0530 Subject: [PATCH 1/4] initialize keto client + add a test rbac route --- api/main.go | 2 ++ api/rbac.go | 49 +++++++++++++++++++++++++++++++++++++++++++ config.sample.yaml | 2 ++ config/keto.go | 27 ++++++++++++++++++++++++ config/types.go | 2 ++ go.mod | 20 +++++++++++------- go.sum | 52 ++++++++++++++++++++++++++++++++++++++++++++++ 7 files changed, 146 insertions(+), 8 deletions(-) create mode 100644 api/rbac.go create mode 100644 config/keto.go diff --git a/api/main.go b/api/main.go index 1ae8209..fb0e7da 100644 --- a/api/main.go +++ b/api/main.go @@ -37,6 +37,8 @@ func Start() { r.GET("/mfa", HandleGetMFAFlow) r.POST("/mfa", HandlePostMFAFlow) + r.GET("/rbac", HandleRbac) + r.POST("/create-identity", c.CreateIdentity) r.GET("/get-identity", c.GetIdentity) r.POST("/delete-identity", c.DeleteIdentity) diff --git a/api/rbac.go b/api/rbac.go new file mode 100644 index 0000000..facb153 --- /dev/null +++ b/api/rbac.go @@ -0,0 +1,49 @@ +package api + +import ( + "context" + "net/http" + "strconv" + "strings" + + "github.com/gin-gonic/gin" + client "github.com/ory/client-go" + "github.com/sdslabs/nymeria/config" + "github.com/sdslabs/nymeria/log" +) + +func HandleRbac(c *gin.Context) { + log.Logger.Debug("RBAC") + cookie, err := c.Cookie("sdslabs_session") + + if err != nil { + log.ErrorLogger("Initialize Rbac Failed", err) + errCode, _ := strconv.Atoi(strings.Split(err.Error(), " ")[0]) + c.JSON(errCode, gin.H{ + "error": err.Error(), + "message": "Initialize Rbac failed.", + }) + return + } + + apiClient := client.NewAPIClient(config.KratosClientConfig) + session, _, err := apiClient.V0alpha2Api.ToSession(context.Background()).Cookie(cookie).Execute() + if err != nil { + log.ErrorLogger("Invalid Cookie", err) + c.JSON(http.StatusInternalServerError, gin.H{ + "error": err.Error(), + "message": "Initialize Rbac failed.", + }) + return + } + + identity := session.GetIdentity() + traits := identity.GetTraits() + role := traits.(map[string]interface{})["role"] + + c.JSON(http.StatusOK, gin.H{ + "message": "RBAC passed", + "traits": traits, + "role": role, + }) +} diff --git a/config.sample.yaml b/config.sample.yaml index c92e008..466c13e 100644 --- a/config.sample.yaml +++ b/config.sample.yaml @@ -4,6 +4,8 @@ url: frontend_url: "http://localhost:4455" kratos_url: "http://localhost:4433" domain: "https://someaddress.com" + keto_read_url: "http://localhost:4466" + keto_write_url: "http://localhost:4467" db: dsn: "" diff --git a/config/keto.go b/config/keto.go new file mode 100644 index 0000000..e96031a --- /dev/null +++ b/config/keto.go @@ -0,0 +1,27 @@ +package config + +import ( + client "github.com/ory/client-go" +) + +func getKetoClientConfig() (*client.Configuration, *client.Configuration){ + readConfiguration := client.NewConfiguration() + readConfiguration.Servers = []client.ServerConfiguration{ + { + URL: NymeriaConfig.URL.KetoReadURL, + }, + } + + writeConfiguration := client.NewConfiguration() + writeConfiguration.Servers = []client.ServerConfiguration{ + { + URL: NymeriaConfig.URL.KetoWriteURL, + }, + } + + return readConfiguration, writeConfiguration +} + +var ( + KetoReadConfig, KetoWriteConfig = getKetoClientConfig() +) diff --git a/config/types.go b/config/types.go index b5a1033..2fd424e 100644 --- a/config/types.go +++ b/config/types.go @@ -8,6 +8,8 @@ type NymeriaCfg struct { type URL struct { FrontendURL string `yaml:"frontend_url"` KratosURL string `yaml:"kratos_url"` + KetoReadURL string `yaml:"keto_read_url"` + KetoWriteURL string `yaml:"keto_write_url"` Domain string `yaml:"domain"` } diff --git a/go.mod b/go.mod index cd6b9d0..91661aa 100644 --- a/go.mod +++ b/go.mod @@ -15,7 +15,7 @@ require ( require ( github.com/google/go-cmp v0.5.9 // indirect github.com/rogpeppe/go-internal v1.9.0 // indirect - github.com/stretchr/testify v1.8.1 // indirect + github.com/stretchr/testify v1.8.4 // indirect ) require ( @@ -23,19 +23,23 @@ require ( github.com/go-playground/locales v0.14.0 // indirect github.com/go-playground/universal-translator v0.18.0 // indirect github.com/go-playground/validator/v10 v10.11.0 // indirect - github.com/golang/protobuf v1.5.2 // indirect + github.com/golang/protobuf v1.5.3 // indirect github.com/json-iterator/go v1.1.12 // indirect github.com/leodido/go-urn v1.2.1 // indirect github.com/mattn/go-isatty v0.0.16 // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.2 // indirect + github.com/ory/keto/proto v0.11.1-alpha.0 // indirect + github.com/ory/keto/proto/ory/keto/acl/v1alpha1 v0.0.0-20210616104402-80e043246cf9 // indirect github.com/pelletier/go-toml/v2 v2.0.5 // indirect github.com/ugorji/go/codec v1.2.7 // indirect - golang.org/x/crypto v0.1.0 // indirect - golang.org/x/net v0.3.0 // indirect - golang.org/x/oauth2 v0.3.0 // indirect - golang.org/x/sys v0.3.0 // indirect - golang.org/x/text v0.5.0 // indirect + golang.org/x/crypto v0.16.0 // indirect + golang.org/x/net v0.19.0 // indirect + golang.org/x/oauth2 v0.15.0 // indirect + golang.org/x/sys v0.15.0 // indirect + golang.org/x/text v0.14.0 // indirect google.golang.org/appengine v1.6.7 // indirect - google.golang.org/protobuf v1.28.1 // indirect + google.golang.org/genproto v0.0.0-20230131230820-1c016267d619 // indirect + google.golang.org/grpc v1.52.3 // indirect + google.golang.org/protobuf v1.31.0 // indirect ) diff --git a/go.sum b/go.sum index 65b9caf..a639205 100644 --- a/go.sum +++ b/go.sum @@ -40,6 +40,7 @@ github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5P github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= +github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= @@ -47,6 +48,8 @@ github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSs github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98= +github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk= +github.com/envoyproxy/go-control-plane v0.9.9-0.20210217033140-668b12f5399d/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= github.com/gin-contrib/cors v1.4.0 h1:oJ6gwtUl3lqV0WEIwM/LxPF1QZ5qe2lGWdY2+bz7y0g= github.com/gin-contrib/cors v1.4.0/go.mod h1:bs9pNM0x/UsmHPBWT2xZz9ROh8xYjYkiURUfmBoMlcs= @@ -95,6 +98,8 @@ github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= github.com/golang/protobuf v1.5.2 h1:ROPKBNFfQgOUMifHyP+KYbvpjbdoFNs+aK7DXlji0Tw= github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= +github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg= +github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= @@ -119,6 +124,7 @@ github.com/google/pprof v0.0.0-20200229191704-1ebb73c60ed3/go.mod h1:ZgVRPoUq/hf github.com/google/pprof v0.0.0-20200430221834-fc25d7d30c6d/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= github.com/google/pprof v0.0.0-20200708004538-1a94d8640e99/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= +github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= @@ -151,6 +157,12 @@ github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9G github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= github.com/ory/client-go v0.2.0-alpha.60 h1:sMAqrKP5eUNYyyOYbSjDTwr8EucDxYLGrQC093ZX5pU= github.com/ory/client-go v0.2.0-alpha.60/go.mod h1:dWbi9DBEjiDXwyuJ1+A2WT1/bIp9HwvVxZxzHzp4YHU= +github.com/ory/client-go v1.4.6 h1:tW9najNBiWwC3KgU2tq2kCZ1zRCDCNao60a9M1/V71k= +github.com/ory/client-go v1.4.6/go.mod h1:DfrTIlME7tgrdgpn4UN07s4OJ1SwzHfrkz+C6C0Lbm0= +github.com/ory/keto/proto v0.11.1-alpha.0 h1:xVpFRnnIAGGvP9lYIUwjSWmrO7qVoLn20bT6NxzYQy4= +github.com/ory/keto/proto v0.11.1-alpha.0/go.mod h1:M9J/kybmyLKRmvvSqYzmRVYx2avY3yDMdUPinsck1q0= +github.com/ory/keto/proto/ory/keto/acl/v1alpha1 v0.0.0-20210616104402-80e043246cf9 h1:gP86NkMkUlqMOTjFQ8lt8T1HbHtCJGGeeeh/6c+nla0= +github.com/ory/keto/proto/ory/keto/acl/v1alpha1 v0.0.0-20210616104402-80e043246cf9/go.mod h1:8IoeBQqIRKWU5L6dTKQTlTwVhlUawpqSBJZWfLLN4FM= github.com/pelletier/go-toml/v2 v2.0.1/go.mod h1:r9LEWfGN8R5k0VXJ+0BkIe7MYkRdwZOjgMj2KwnJFUo= github.com/pelletier/go-toml/v2 v2.0.5 h1:ipoSadvV8oGUjnUbMub59IDPPwfxF694nG/jwbMiyQg= github.com/pelletier/go-toml/v2 v2.0.5/go.mod h1:OMHamSCAODeSsVrwwvcJOaoN0LIUIaFVNZzmWyNfXas= @@ -170,12 +182,14 @@ github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSS github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= +github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= github.com/stretchr/testify v1.8.1 h1:w7B6lhMri9wdJUVmEZPGGhZzrYTPvgJArz7wNPgYKsk= github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= +github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= github.com/ugorji/go v1.2.7 h1:qYhyWUUd6WbiM+C6JZAUkIJt/1WrjzNHY9+KCIjVqTo= github.com/ugorji/go v1.2.7/go.mod h1:nF9osbDWLy6bDVv/Rtoh6QgnvNDpmCalQV5urGCCS6M= github.com/ugorji/go/codec v1.2.7 h1:YPXUKf7fYbp/y8xloBqZOw2qaVggbfwMlI8WM3wZUJ0= @@ -183,6 +197,7 @@ github.com/ugorji/go/codec v1.2.7/go.mod h1:WGN1fab3R1fzQlVQTkfxVtIBhWDRqOviHU95 github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= +github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8= @@ -199,6 +214,8 @@ golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5y golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.1.0 h1:MDRAIl0xIo9Io2xV565hzXHw3zVseKrJKodhohM5CjU= golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw= +golang.org/x/crypto v0.16.0 h1:mMMrFzRSCF0GvB7Ne27XVtVAaXLrPmgPC7/v0tkwHaY= +golang.org/x/crypto v0.16.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -221,6 +238,7 @@ golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHl golang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f/go.mod h1:5qLYkcX4OjUUV8bRuDixDT3tpyyb+LUpUlRWLxfhWrs= golang.org/x/lint v0.0.0-20200130185559-910be7a94367/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= +golang.org/x/lint v0.0.0-20201208152925-83fdc39ff7b5/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE= golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o= golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc= @@ -256,12 +274,18 @@ golang.org/x/net v0.0.0-20200520182314-0ba52f642ac2/go.mod h1:qpuaurCH72eLCgpAm/ golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= +golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= +golang.org/x/net v0.0.0-20210316092652-d523dce5a7f4/go.mod h1:RBQZq4jEuRlivfhVLdyRGr576XBO4/greRjx4P4O3yc= golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco= golang.org/x/net v0.3.0 h1:VWL6FNY2bEEmsGVKabSlHu5Irp34xmMRoqb/9lF9lxk= golang.org/x/net v0.3.0/go.mod h1:MBQ8lrhLObU/6UmLb4fmbmk5OcyYmqtbGd/9yIeKjEE= +golang.org/x/net v0.7.0 h1:rJrUqqhjsgNp7KqAIc25s9pZnjU7TUcSY7HcVZjdn1g= +golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= +golang.org/x/net v0.19.0 h1:zTwKpTd2XuCqf8huc7Fo2iSy+4RHPd10s4KzeTnVr1c= +golang.org/x/net v0.19.0/go.mod h1:CfAk/cbD4CthTvqiEl8NpboMuiuOYsAr/7NOjZJtv1U= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -270,6 +294,8 @@ golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4Iltr golang.org/x/oauth2 v0.0.0-20210323180902-22b0adad7558/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.3.0 h1:6l90koy8/LaBLmLu8jpHeHexzMwEita0zFfYlggy2F8= golang.org/x/oauth2 v0.3.0/go.mod h1:rQrIauxkUhJ6CuwEXwymO2/eh4xz2ZWF1nBkcxS+tGk= +golang.org/x/oauth2 v0.15.0 h1:s8pnnxNVzjWyrvYdFUQq5llS1PX2zhPXmccZv99h7uQ= +golang.org/x/oauth2 v0.15.0/go.mod h1:q48ptWNTY5XWf+JNten23lcvHpLJ0ZSxF5ttTHKVCAM= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -278,6 +304,7 @@ golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -304,7 +331,11 @@ golang.org/x/sys v0.0.0-20200511232937-7e40ca221e25/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20200515095857-1151b9dac4a9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200803210538-64077c9b5642/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210315160823-c6e025ad8005/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210320140829-1e4c9ba3b0c4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= @@ -316,6 +347,10 @@ golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.3.0 h1:w8ZOecv6NaNa/zC8944JTU3vz4u6Lagfk4RPQxv92NQ= golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.5.0 h1:MUK/U/4lj1t1oPg0HfuXDN/Z1wv31ZJ/YcPiGccS4DU= +golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.15.0 h1:h48lPFYpsTvQJZF4EKyI4aLHaev3CxivZmv7yZig9pc= +golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= @@ -325,11 +360,16 @@ golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.5.0 h1:OLmvp0KP+FVG99Ct/qFiL/Fhk4zp4QQnZ7b2U+5piUM= golang.org/x/text v0.5.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= +golang.org/x/text v0.7.0 h1:4BRB4x83lYWy72KwLD/qYDuTu7q9PjSagHvijDw7cLo= +golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= +golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= +golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= @@ -373,6 +413,7 @@ golang.org/x/tools v0.0.0-20200618134242-20370b0cb4b2/go.mod h1:EkVYQZoAsY45+roY golang.org/x/tools v0.0.0-20200729194436-6467de6f59a7/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= +golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -431,6 +472,9 @@ google.golang.org/genproto v0.0.0-20200618031413-b414f8b61790/go.mod h1:jDfRM7Fc google.golang.org/genproto v0.0.0-20200729003335-053ba62fc06f/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20200804131852-c06518451d9c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/genproto v0.0.0-20210503173045-b96a97608f20/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A= +google.golang.org/genproto v0.0.0-20230131230820-1c016267d619 h1:p0kMzw6AG0JEzd7Z+kXqOiLhC6gjUQTbtS2zR0Q3DbI= +google.golang.org/genproto v0.0.0-20230131230820-1c016267d619/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= @@ -443,6 +487,10 @@ google.golang.org/grpc v1.28.0/go.mod h1:rpkK4SK4GF4Ach/+MFLZUBavHOvF2JJB5uozKKa google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk= google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= +google.golang.org/grpc v1.36.1/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= +google.golang.org/grpc v1.37.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= +google.golang.org/grpc v1.52.3 h1:pf7sOysg4LdgBqduXveGKrcEwbStiK2rtfghdzlUYDQ= +google.golang.org/grpc v1.52.3/go.mod h1:pu6fVzoFb+NBYNAvQL08ic+lvB2IojljRYuun5vorUY= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= @@ -458,6 +506,10 @@ google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQ google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= google.golang.org/protobuf v1.28.1 h1:d0NfwRgPtno5B1Wa6L2DAG+KivqkdutMf1UhdNx175w= google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= +google.golang.org/protobuf v1.29.0 h1:44S3JjaKmLEE4YIkjzexaP+NzZsudE3Zin5Njn/pYX0= +google.golang.org/protobuf v1.29.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= +google.golang.org/protobuf v1.31.0 h1:g0LDEJHgrBl9N9r17Ru3sqWhkIx2NB67okBHPwC7hs8= +google.golang.org/protobuf v1.31.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= From c80f7920b65d8a6f9a040e24c9de84bb56bc02ac Mon Sep 17 00:00:00 2001 From: vrag99 Date: Sat, 23 Dec 2023 15:50:33 +0530 Subject: [PATCH 2/4] implement rbac on test route --- api/rbac.go | 45 ++++++++++++++++++++++++++++++++++++++++++++- config/keto.go | 4 +++- 2 files changed, 47 insertions(+), 2 deletions(-) diff --git a/api/rbac.go b/api/rbac.go index facb153..39824cc 100644 --- a/api/rbac.go +++ b/api/rbac.go @@ -1,7 +1,10 @@ package api import ( + "bytes" "context" + "encoding/json" + "io" "net/http" "strconv" "strings" @@ -12,6 +15,26 @@ import ( "github.com/sdslabs/nymeria/log" ) +func getResponse(method string, endpoint string, query *bytes.Buffer) (string, error) { + req, _ := http.NewRequest(method, endpoint, query) + req.Header.Set("Content-Type", "application/json") + + client := http.Client{} + res, err := client.Do(req) + + if err != nil { + return "", err + } + defer res.Body.Close() + + body, err := io.ReadAll(res.Body) + if err != nil { + return "", err + } + + return string(body), nil +} + func HandleRbac(c *gin.Context) { log.Logger.Debug("RBAC") cookie, err := c.Cookie("sdslabs_session") @@ -41,9 +64,29 @@ func HandleRbac(c *gin.Context) { traits := identity.GetTraits() role := traits.(map[string]interface{})["role"] + queryRelationEndpoint := config.KetoReadURL + "/relation-tuples" + query, _ := json.Marshal(map[string]interface{}{ + "namespace": "accounts", + "relation": "view", + "subject_id": role, + }) + + jsonQuery := bytes.NewBuffer(query) + + res, err := getResponse("GET", queryRelationEndpoint, jsonQuery) + + if err != nil { + log.ErrorLogger("Failed to query keto", err) + c.JSON(http.StatusInternalServerError, gin.H{ + "error": err.Error(), + "message": "Initialize Rbac failed.", + }) + return + } + c.JSON(http.StatusOK, gin.H{ "message": "RBAC passed", - "traits": traits, "role": role, + "res": res, }) } diff --git a/config/keto.go b/config/keto.go index e96031a..c86361a 100644 --- a/config/keto.go +++ b/config/keto.go @@ -4,7 +4,7 @@ import ( client "github.com/ory/client-go" ) -func getKetoClientConfig() (*client.Configuration, *client.Configuration){ +func getKetoClientConfig() (*client.Configuration, *client.Configuration) { readConfiguration := client.NewConfiguration() readConfiguration.Servers = []client.ServerConfiguration{ { @@ -24,4 +24,6 @@ func getKetoClientConfig() (*client.Configuration, *client.Configuration){ var ( KetoReadConfig, KetoWriteConfig = getKetoClientConfig() + KetoReadURL = NymeriaConfig.URL.KetoReadURL + KetoWriteURL = NymeriaConfig.URL.KetoWriteURL ) From 28a3499eaa6f04e494b86bda6fc517010aae1aa2 Mon Sep 17 00:00:00 2001 From: vrag99 Date: Tue, 26 Dec 2023 15:34:28 +0530 Subject: [PATCH 3/4] make keto wrapper --- api/rbac.go | 45 ++++++++-------------------------- config/types.go | 8 +++--- pkg/wrapper/keto/endpoints.go | 22 +++++++++++++++++ pkg/wrapper/keto/http_utils.go | 33 +++++++++++++++++++++++++ pkg/wrapper/keto/types.go | 6 +++++ 5 files changed, 75 insertions(+), 39 deletions(-) create mode 100644 pkg/wrapper/keto/endpoints.go create mode 100644 pkg/wrapper/keto/http_utils.go create mode 100644 pkg/wrapper/keto/types.go diff --git a/api/rbac.go b/api/rbac.go index 39824cc..687c590 100644 --- a/api/rbac.go +++ b/api/rbac.go @@ -1,46 +1,25 @@ package api import ( - "bytes" "context" - "encoding/json" - "io" "net/http" "strconv" "strings" "github.com/gin-gonic/gin" client "github.com/ory/client-go" + "github.com/sdslabs/nymeria/config" "github.com/sdslabs/nymeria/log" + "github.com/sdslabs/nymeria/pkg/wrapper/keto" ) -func getResponse(method string, endpoint string, query *bytes.Buffer) (string, error) { - req, _ := http.NewRequest(method, endpoint, query) - req.Header.Set("Content-Type", "application/json") - - client := http.Client{} - res, err := client.Do(req) - - if err != nil { - return "", err - } - defer res.Body.Close() - - body, err := io.ReadAll(res.Body) - if err != nil { - return "", err - } - - return string(body), nil -} - func HandleRbac(c *gin.Context) { log.Logger.Debug("RBAC") cookie, err := c.Cookie("sdslabs_session") if err != nil { - log.ErrorLogger("Initialize Rbac Failed", err) + log.ErrorLogger("Session cookie not found", err) errCode, _ := strconv.Atoi(strings.Split(err.Error(), " ")[0]) c.JSON(errCode, gin.H{ "error": err.Error(), @@ -64,22 +43,18 @@ func HandleRbac(c *gin.Context) { traits := identity.GetTraits() role := traits.(map[string]interface{})["role"] - queryRelationEndpoint := config.KetoReadURL + "/relation-tuples" - query, _ := json.Marshal(map[string]interface{}{ - "namespace": "accounts", - "relation": "view", + data := map[string]interface{}{ + "namespace": "accounts", + "relation": "view", "subject_id": role, - }) - - jsonQuery := bytes.NewBuffer(query) - - res, err := getResponse("GET", queryRelationEndpoint, jsonQuery) + } + res, err := keto.MakeRequest(keto.QueryRelationshipsEndpoint, data) if err != nil { - log.ErrorLogger("Failed to query keto", err) + log.ErrorLogger("Error in making request to keto", err) c.JSON(http.StatusInternalServerError, gin.H{ "error": err.Error(), - "message": "Initialize Rbac failed.", + "message": "Creating relationship failed.", }) return } diff --git a/config/types.go b/config/types.go index 2fd424e..9c8b26b 100644 --- a/config/types.go +++ b/config/types.go @@ -6,11 +6,11 @@ type NymeriaCfg struct { DB DB `yaml:"db"` } type URL struct { - FrontendURL string `yaml:"frontend_url"` - KratosURL string `yaml:"kratos_url"` - KetoReadURL string `yaml:"keto_read_url"` + FrontendURL string `yaml:"frontend_url"` + KratosURL string `yaml:"kratos_url"` + KetoReadURL string `yaml:"keto_read_url"` KetoWriteURL string `yaml:"keto_write_url"` - Domain string `yaml:"domain"` + Domain string `yaml:"domain"` } type DB struct { diff --git a/pkg/wrapper/keto/endpoints.go b/pkg/wrapper/keto/endpoints.go new file mode 100644 index 0000000..02d70bf --- /dev/null +++ b/pkg/wrapper/keto/endpoints.go @@ -0,0 +1,22 @@ +package keto + +import ( + "net/http" + + "github.com/sdslabs/nymeria/config" +) + +var ( + CreateRelationshipEndpoint = Endpoint{ + URL: config.KetoWriteURL + "/admin/relation-tuples", + Method: http.MethodPut, + } + QueryRelationshipsEndpoint = Endpoint{ + URL: config.KetoReadURL + "/relation-tuples", + Method: http.MethodGet, + } + DeleteRelationshipsEndpoint = Endpoint{ + URL: config.KetoWriteURL + "/admin/relation-tuples", + Method: http.MethodDelete, + } +) diff --git a/pkg/wrapper/keto/http_utils.go b/pkg/wrapper/keto/http_utils.go new file mode 100644 index 0000000..e5580db --- /dev/null +++ b/pkg/wrapper/keto/http_utils.go @@ -0,0 +1,33 @@ +package keto + +import ( + "bytes" + "encoding/json" + "io" + "net/http" +) + +func MakeRequest(endpoint Endpoint, data map[string]interface{}) (map[string]interface{}, error) { + jsonData, err := json.Marshal(data) + if err != nil { + return nil, err + } + + request, _ := http.NewRequest(endpoint.Method, endpoint.URL, bytes.NewBuffer(jsonData)) + request.Header.Set("Content-Type", "application/json") + client := http.Client{} + response, err := client.Do(request) + if err != nil { + return nil, err + } + defer response.Body.Close() + + jsonBody, err := io.ReadAll(response.Body) + if err != nil { + return nil, err + } + var body map[string]interface{} + json.Unmarshal(jsonBody, &body) + + return body, nil +} diff --git a/pkg/wrapper/keto/types.go b/pkg/wrapper/keto/types.go new file mode 100644 index 0000000..9fad9a3 --- /dev/null +++ b/pkg/wrapper/keto/types.go @@ -0,0 +1,6 @@ +package keto + +type Endpoint struct { + URL string + Method string +} From e9f9d1cdc8fb21fcb32e5afc1ed452b27f4c292c Mon Sep 17 00:00:00 2001 From: vrag99 Date: Fri, 29 Dec 2023 03:23:35 +0530 Subject: [PATCH 4/4] implement keto-rbac middleware for a route --- api/main.go | 2 +- go.sum | 2 ++ pkg/middleware/keto_rolecheck.go | 47 ++++++++++++++++++++++++++++++++ pkg/wrapper/keto/endpoints.go | 5 ++++ 4 files changed, 55 insertions(+), 1 deletion(-) create mode 100644 pkg/middleware/keto_rolecheck.go diff --git a/api/main.go b/api/main.go index fb0e7da..0d9f3b6 100644 --- a/api/main.go +++ b/api/main.go @@ -37,7 +37,7 @@ func Start() { r.GET("/mfa", HandleGetMFAFlow) r.POST("/mfa", HandlePostMFAFlow) - r.GET("/rbac", HandleRbac) + r.GET("/rbac", middleware.CheckIfAllowed, HandleRbac) r.POST("/create-identity", c.CreateIdentity) r.GET("/get-identity", c.GetIdentity) diff --git a/go.sum b/go.sum index a639205..24dc842 100644 --- a/go.sum +++ b/go.sum @@ -159,6 +159,8 @@ github.com/ory/client-go v0.2.0-alpha.60 h1:sMAqrKP5eUNYyyOYbSjDTwr8EucDxYLGrQC0 github.com/ory/client-go v0.2.0-alpha.60/go.mod h1:dWbi9DBEjiDXwyuJ1+A2WT1/bIp9HwvVxZxzHzp4YHU= github.com/ory/client-go v1.4.6 h1:tW9najNBiWwC3KgU2tq2kCZ1zRCDCNao60a9M1/V71k= github.com/ory/client-go v1.4.6/go.mod h1:DfrTIlME7tgrdgpn4UN07s4OJ1SwzHfrkz+C6C0Lbm0= +github.com/ory/client-go v1.4.7 h1:uWPGGM5zVwpSBfcDIhvA6D+bu2YB7zF4STtpAvzkOco= +github.com/ory/client-go v1.4.7/go.mod h1:DfrTIlME7tgrdgpn4UN07s4OJ1SwzHfrkz+C6C0Lbm0= github.com/ory/keto/proto v0.11.1-alpha.0 h1:xVpFRnnIAGGvP9lYIUwjSWmrO7qVoLn20bT6NxzYQy4= github.com/ory/keto/proto v0.11.1-alpha.0/go.mod h1:M9J/kybmyLKRmvvSqYzmRVYx2avY3yDMdUPinsck1q0= github.com/ory/keto/proto/ory/keto/acl/v1alpha1 v0.0.0-20210616104402-80e043246cf9 h1:gP86NkMkUlqMOTjFQ8lt8T1HbHtCJGGeeeh/6c+nla0= diff --git a/pkg/middleware/keto_rolecheck.go b/pkg/middleware/keto_rolecheck.go new file mode 100644 index 0000000..160ca7a --- /dev/null +++ b/pkg/middleware/keto_rolecheck.go @@ -0,0 +1,47 @@ +package middleware + +import ( + "github.com/gin-gonic/gin" + "github.com/sdslabs/nymeria/log" + "github.com/sdslabs/nymeria/pkg/wrapper/keto" +) + +func CheckIfAllowed(c *gin.Context) { + session, err := GetSession(c) + if err != nil { + log.ErrorLogger("Couldn't retrieve session: ", err) + c.Abort() + return + } + identity := session.GetIdentity() + traits := identity.GetTraits() + role := traits.(map[string]interface{})["role"] + + requestedRoute := c.Request.URL.String() + + data := map[string]interface{}{ + "namespace": "accounts", + "object": requestedRoute, + "relation": "view", + "subject_id": role, + } + + response, err := keto.MakeRequest(keto.CheckPermissionEndpoint, data) + if err != nil { + log.ErrorLogger("Error in making request to keto", err) + c.Abort() + return + } + + if response["allowed"] == true { + c.Next() + return + } else { + c.JSON(403, gin.H{ + "error": "Forbidden", + "message": "You don't have permission to access this resource.", + }) + c.Abort() + return + } +} diff --git a/pkg/wrapper/keto/endpoints.go b/pkg/wrapper/keto/endpoints.go index 02d70bf..99e24b2 100644 --- a/pkg/wrapper/keto/endpoints.go +++ b/pkg/wrapper/keto/endpoints.go @@ -19,4 +19,9 @@ var ( URL: config.KetoWriteURL + "/admin/relation-tuples", Method: http.MethodDelete, } + + CheckPermissionEndpoint = Endpoint{ + URL: config.KetoReadURL + "/relation-tuples/check", + Method: http.MethodPost, + } )