mirror of
https://github.com/mainflux/mainflux.git
synced 2025-04-28 13:48:49 +08:00
e5278c463f
* MF-1348 - Add go-kit transport level logging Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com> * Fix reviews Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com> * Fix reviews Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com> * Fix merge Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com> * Fix remark Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com> * Fix go test flags Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com> * Use httputil errors in things and http service Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com> * Fix SDK tests Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com> * Use httputil errors in certs and provision service Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com> * Use httputil errors in consumers service Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com> * General renaming and add ErrMissingToken Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com> * Rename httputil -> apiutil and use errors in users servive Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com> * Use apiutil errors in auth, bootstrap, readers, things and twins Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com> * Replace errors.Contain by comparison Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com> * Fix remarks Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com> * Simplify validateID Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com> * Simplify validateID Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com> * Simplify and rename ExtractAuthToken -> ExtractBearerToken Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com> * Fix readers Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com> * Fix auth key test and remarks Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com> * Improve comment Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com> * Simplify validateUUID check Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com> * Fix typo Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com> Co-authored-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com>
164 lines
3.9 KiB
Go
164 lines
3.9 KiB
Go
// Copyright (c) Mainflux
|
|
// SPDX-License-Identifier: Apache-2.0
|
|
|
|
package grpc
|
|
|
|
import (
|
|
"context"
|
|
"time"
|
|
|
|
"github.com/go-kit/kit/endpoint"
|
|
"github.com/mainflux/mainflux/auth"
|
|
)
|
|
|
|
func issueEndpoint(svc auth.Service) endpoint.Endpoint {
|
|
return func(ctx context.Context, request interface{}) (interface{}, error) {
|
|
req := request.(issueReq)
|
|
if err := req.validate(); err != nil {
|
|
return issueRes{}, err
|
|
}
|
|
|
|
key := auth.Key{
|
|
Type: req.keyType,
|
|
Subject: req.email,
|
|
IssuerID: req.id,
|
|
IssuedAt: time.Now().UTC(),
|
|
}
|
|
|
|
_, secret, err := svc.Issue(ctx, "", key)
|
|
if err != nil {
|
|
return issueRes{}, err
|
|
}
|
|
|
|
return issueRes{secret}, nil
|
|
}
|
|
}
|
|
|
|
func identifyEndpoint(svc auth.Service) endpoint.Endpoint {
|
|
return func(ctx context.Context, request interface{}) (interface{}, error) {
|
|
req := request.(identityReq)
|
|
if err := req.validate(); err != nil {
|
|
return identityRes{}, err
|
|
}
|
|
|
|
id, err := svc.Identify(ctx, req.token)
|
|
if err != nil {
|
|
return identityRes{}, err
|
|
}
|
|
|
|
ret := identityRes{
|
|
id: id.ID,
|
|
email: id.Email,
|
|
}
|
|
return ret, nil
|
|
}
|
|
}
|
|
|
|
func authorizeEndpoint(svc auth.Service) endpoint.Endpoint {
|
|
return func(ctx context.Context, request interface{}) (interface{}, error) {
|
|
req := request.(authReq)
|
|
|
|
if err := req.validate(); err != nil {
|
|
return authorizeRes{}, err
|
|
}
|
|
|
|
err := svc.Authorize(ctx, auth.PolicyReq{Subject: req.Sub, Object: req.Obj, Relation: req.Act})
|
|
if err != nil {
|
|
return authorizeRes{}, err
|
|
}
|
|
return authorizeRes{authorized: true}, err
|
|
}
|
|
}
|
|
|
|
func addPolicyEndpoint(svc auth.Service) endpoint.Endpoint {
|
|
return func(ctx context.Context, request interface{}) (interface{}, error) {
|
|
req := request.(policyReq)
|
|
if err := req.validate(); err != nil {
|
|
return addPolicyRes{}, err
|
|
}
|
|
|
|
err := svc.AddPolicy(ctx, auth.PolicyReq{Subject: req.Sub, Object: req.Obj, Relation: req.Act})
|
|
if err != nil {
|
|
return addPolicyRes{}, err
|
|
}
|
|
return addPolicyRes{authorized: true}, err
|
|
}
|
|
}
|
|
|
|
func deletePolicyEndpoint(svc auth.Service) endpoint.Endpoint {
|
|
return func(ctx context.Context, request interface{}) (interface{}, error) {
|
|
req := request.(policyReq)
|
|
if err := req.validate(); err != nil {
|
|
return deletePolicyRes{}, err
|
|
}
|
|
|
|
err := svc.DeletePolicy(ctx, auth.PolicyReq{Subject: req.Sub, Object: req.Obj, Relation: req.Act})
|
|
if err != nil {
|
|
return deletePolicyRes{}, err
|
|
}
|
|
return deletePolicyRes{deleted: true}, nil
|
|
}
|
|
}
|
|
|
|
func listPoliciesEndpoint(svc auth.Service) endpoint.Endpoint {
|
|
return func(ctx context.Context, request interface{}) (interface{}, error) {
|
|
req := request.(listPoliciesReq)
|
|
|
|
page, err := svc.ListPolicies(ctx, auth.PolicyReq{Subject: req.Sub, Object: req.Obj, Relation: req.Act})
|
|
if err != nil {
|
|
return deletePolicyRes{}, err
|
|
}
|
|
return listPoliciesRes{policies: page.Policies}, nil
|
|
}
|
|
}
|
|
|
|
func assignEndpoint(svc auth.Service) endpoint.Endpoint {
|
|
return func(ctx context.Context, request interface{}) (interface{}, error) {
|
|
req := request.(assignReq)
|
|
|
|
if err := req.validate(); err != nil {
|
|
return emptyRes{}, err
|
|
}
|
|
|
|
_, err := svc.Identify(ctx, req.token)
|
|
if err != nil {
|
|
return emptyRes{}, err
|
|
}
|
|
|
|
err = svc.Assign(ctx, req.token, req.memberID, req.groupID, req.groupType)
|
|
if err != nil {
|
|
return emptyRes{}, err
|
|
}
|
|
return emptyRes{}, nil
|
|
|
|
}
|
|
}
|
|
|
|
func membersEndpoint(svc auth.Service) endpoint.Endpoint {
|
|
return func(ctx context.Context, request interface{}) (interface{}, error) {
|
|
req := request.(membersReq)
|
|
if err := req.validate(); err != nil {
|
|
return membersRes{}, err
|
|
}
|
|
|
|
pm := auth.PageMetadata{
|
|
Offset: req.offset,
|
|
Limit: req.limit,
|
|
}
|
|
mp, err := svc.ListMembers(ctx, req.token, req.groupID, req.memberType, pm)
|
|
if err != nil {
|
|
return membersRes{}, err
|
|
}
|
|
var members []string
|
|
for _, m := range mp.Members {
|
|
members = append(members, m.ID)
|
|
}
|
|
return membersRes{
|
|
offset: req.offset,
|
|
limit: req.limit,
|
|
total: mp.PageMetadata.Total,
|
|
members: members,
|
|
}, nil
|
|
}
|
|
}
|