Implement basic API scoping

2023-05-04 15:13:51 +02:00 · 2023-05-04 15:13:51 +02:00 · 9db53d39c4
commit 9db53d39c4
parent 064ae2f564
21 changed files with 519 additions and 264 deletions
--- a/internal/dis/component/auth/scopes/admin.go
+++ b/internal/dis/component/auth/scopes/admin.go
@ -18,9 +18,13 @@ var (
 	_ component.ScopeProvider = (*UserLoggedIn)(nil)
 )

+const (
+	ScopeAdminLoggedIn Scope = "login.admin"
+)
+
 func (*AdminLoggedIn) Scope() component.ScopeInfo {
 	return component.ScopeInfo{
-		Scope:         component.ScopeAdminLoggedIn,
+		Scope:         ScopeAdminLoggedIn,
 		Description:   "session has a signed in admin",
 		DeniedMessage: "user must be signed into an admin account with TOTP enabled",
 		TakesParam:    false,
--- a/internal/dis/component/auth/scopes/instances.go
+++ b/internal/dis/component/auth/scopes/instances.go
@ -0,0 +1,38 @@
+package scopes
+
+import (
+	"net/http"
+
+	"github.com/FAU-CDI/wisski-distillery/internal/dis/component"
+	"github.com/FAU-CDI/wisski-distillery/internal/dis/component/auth"
+)
+
+type ListInstancesScope struct {
+	component.Base
+	Dependencies struct {
+		Auth *auth.Auth
+	}
+}
+
+var (
+	_ component.ScopeProvider = (*ListInstancesScope)(nil)
+)
+
+const (
+	ScopeInstanceDirectory Scope = "instances.directory"
+)
+
+func (*ListInstancesScope) Scope() component.ScopeInfo {
+	return component.ScopeInfo{
+		Scope:         ScopeInstanceDirectory,
+		Description:   "get a public directory of instances",
+		DeniedMessage: "",
+		TakesParam:    false,
+	}
+}
+
+func (lis *ListInstancesScope) HasScope(param string, r *http.Request) (bool, error) {
+	// TODO: at the moment everyone has this permission
+	// this should change in the future!
+	return true, nil
+}
--- a/internal/dis/component/auth/scopes/news.go
+++ b/internal/dis/component/auth/scopes/news.go
@ -0,0 +1,37 @@
+package scopes
+
+import (
+	"net/http"
+
+	"github.com/FAU-CDI/wisski-distillery/internal/dis/component"
+	"github.com/FAU-CDI/wisski-distillery/internal/dis/component/auth"
+)
+
+type ListNewsScope struct {
+	component.Base
+	Dependencies struct {
+		Auth *auth.Auth
+	}
+}
+
+var (
+	_ component.ScopeProvider = (*ListNewsScope)(nil)
+)
+
+const (
+	ScopeListNews Scope = "news.list"
+)
+
+func (*ListNewsScope) Scope() component.ScopeInfo {
+	return component.ScopeInfo{
+		Scope:         ScopeListNews,
+		Description:   "list news items",
+		DeniedMessage: "",
+		TakesParam:    false,
+	}
+}
+
+func (lns *ListNewsScope) HasScope(param string, r *http.Request) (bool, error) {
+	// TODO: at the moment everyone has this permission
+	return true, nil
+}
--- a/internal/dis/component/auth/scopes/scopes.go
+++ b/internal/dis/component/auth/scopes/scopes.go
@ -0,0 +1,6 @@
+// Package scopes implements and provides scopes used by the API
+package scopes
+
+import "github.com/FAU-CDI/wisski-distillery/internal/dis/component"
+
+type Scope = component.Scope
--- a/internal/dis/component/auth/scopes/user.go
+++ b/internal/dis/component/auth/scopes/user.go
@ -18,9 +18,13 @@ var (
 	_ component.ScopeProvider = (*UserLoggedIn)(nil)
 )

+const (
+	ScopeUserLoggedIn Scope = "login.user"
+)
+
 func (*UserLoggedIn) Scope() component.ScopeInfo {
 	return component.ScopeInfo{
-		Scope:       component.ScopeUserLoggedIn,
+		Scope:       ScopeUserLoggedIn,
 		Description: "session has an associated user",
 		TakesParam:  false,
 	}