3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-06-02 10:52:49 +02:00
Code Issues Projects Releases Packages Wiki Activity

authorize: use opa for policy engine (#474)

Browse source 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
This commit is contained in:
Bobby DeSimone 2020-02-02 11:18:22 -08:00 committed by GitHub
parent 111aa8f4d5
commit 2f13488598
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
45 changed files with 1022 additions and 872 deletions
Download patch file Download diff file Expand all files Collapse all files

8
proxy/handlers.go
View file

@ -87,12 +87,12 @@ func (p *Proxy) SignOut(w http.ResponseWriter, r *http.Request) {
// It also contains certain administrative actions like user impersonation.
// Nota bene: This endpoint does authentication, not authorization.
func (p *Proxy) UserDashboard(w http.ResponseWriter, r *http.Request) error {
session, err := sessions.FromContext(r.Context())
session, jwt, err := sessions.FromContext(r.Context())
if err != nil {
return err
}
isAdmin, err := p.AuthorizeClient.IsAdmin(r.Context(), session)
isAdmin, err := p.AuthorizeClient.IsAdmin(r.Context(), jwt)
if err != nil {
return err
}
@ -112,11 +112,11 @@ func (p *Proxy) UserDashboard(w http.ResponseWriter, r *http.Request) error {
// to the user's current user sessions state if the user is currently an
// administrative user. Requests are redirected back to the user dashboard.
func (p *Proxy) Impersonate(w http.ResponseWriter, r *http.Request) error {
session, err := sessions.FromContext(r.Context())
session, jwt, err := sessions.FromContext(r.Context())
if err != nil {
return err
}
isAdmin, err := p.AuthorizeClient.IsAdmin(r.Context(), session)
isAdmin, err := p.AuthorizeClient.IsAdmin(r.Context(), jwt)
if err != nil {
return err
}