amqp_api_server/api/input/
authorizer.rs

1use crate::api::input::request::Request;
2use crate::api::input::request_header::RequestHeader;
3use crate::api::input::token_validator;
4use crate::api::input::token_validator::TokenValidator;
5use crate::config::openid_connect_config::OpenIdConnectConfig;
6use crate::error::Error;
7
8pub struct Authorizer {
9    token_validator: TokenValidator,
10}
11
12impl Authorizer {
13    pub fn new(token_validator: TokenValidator) -> Authorizer {
14        Authorizer { token_validator }
15    }
16
17    pub fn authorize(&self, mut request: Request) -> Result<Request, Error> {
18        let raw_token = request.try_get_token()?;
19
20        let token = self.token_validator.validate(raw_token.as_str())?;
21
22        let header = request.try_get_header()?;
23
24        let required_permission = permission_from_header(header);
25
26        token.has_permission(&required_permission)?;
27
28        request.authorized_token = Some(token);
29
30        Ok(request)
31    }
32}
33
34fn permission_from_header(header: RequestHeader) -> String {
35    format!("{}:{}", header.action(), header.element())
36}
37
38pub async fn try_generate_authorizer(
39    openid_connect: OpenIdConnectConfig,
40) -> Result<Authorizer, Error> {
41    let token_validator = token_validator::try_generate_token_validator(openid_connect).await?;
42
43    Ok(Authorizer::new(token_validator))
44}
amqp_api_server/api/input/authorizer.rs

amqp_api_server/api/input/
authorizer.rs
