3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-04-30 02:46:30 +02:00
Code Issues Projects Releases Packages Wiki Activity
pomerium/authorize/grpc.go
Bobby DeSimone acac2cee9a
authorize: s/gprc/grpc (#443) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
2019-12-30 10:48:26 -08:00

38 lines
1.2 KiB
Go
Raw Blame History

//go:generate protoc -I ../proto/authorize --go_out=plugins=grpc:../proto/authorize ../proto/authorize/authorize.proto
package authorize // import "github.com/pomerium/pomerium/authorize"
import (
"context"
"github.com/pomerium/pomerium/internal/telemetry/trace"
pb "github.com/pomerium/pomerium/proto/authorize"
)
// Authorize validates the user identity, device, and context of a request for
// a given route. Currently only checks identity.
func (a *Authorize) Authorize(ctx context.Context, in *pb.Identity) (*pb.AuthorizeReply, error) {
_, span := trace.StartSpan(ctx, "authorize.grpc.Authorize")
defer span.End()
ok := a.ValidIdentity(in.Route,
&Identity{
User: in.User,
Email: in.Email,
Groups: in.Groups,
ImpersonateEmail: in.ImpersonateEmail,
ImpersonateGroups: in.ImpersonateGroups,
})
return &pb.AuthorizeReply{IsValid: ok}, nil
}
// IsAdmin validates the user is an administrative user.
func (a *Authorize) IsAdmin(ctx context.Context, in *pb.Identity) (*pb.IsAdminReply, error) {
_, span := trace.StartSpan(ctx, "authorize.grpc.IsAdmin")
defer span.End()
ok := a.identityAccess.IsAdmin(
&Identity{
Email: in.Email,
Groups: in.Groups,
})
return &pb.IsAdminReply{IsAdmin: ok}, nil
}
Reference in a new issue View git blame Copy permalink