Verify Namespace

This commit is contained in:
Ben Toogood 2020-05-21 18:11:35 +01:00
parent 12061bd006
commit 1fce0f02b6
3 changed files with 15 additions and 4 deletions

View File

@ -225,6 +225,14 @@ func NewTokenOptions(opts ...TokenOption) TokenOptions {
return options return options
} }
type VerifyOptions struct{} type VerifyOptions struct {
Namespace string
}
type VerifyOption func(o *VerifyOptions) type VerifyOption func(o *VerifyOptions)
func VerifyNamespace(ns string) VerifyOption {
return func(o *VerifyOptions) {
o.Namespace = ns
}
}

View File

@ -123,12 +123,15 @@ func (s *svc) Verify(acc *auth.Account, res *auth.Resource, opts ...auth.VerifyO
for _, o := range opts { for _, o := range opts {
o(&options) o(&options)
} }
if len(options.Namespace) == 0 {
options.Namespace = s.options.Namespace
}
// load the rules if none are loaded // load the rules if none are loaded
s.loadRulesIfEmpty(s.Options().Namespace) s.loadRulesIfEmpty(options.Namespace)
// verify the request using the rules // verify the request using the rules
return rules.Verify(s.rules[s.Options().Namespace], acc, res) return rules.Verify(s.rules[options.Namespace], acc, res)
} }
// Inspect a token // Inspect a token

View File

@ -221,7 +221,7 @@ func AuthHandler(fn func() auth.Auth) server.HandlerWrapper {
} }
// Verify the caller has access to the resource // Verify the caller has access to the resource
err := a.Verify(account, res) err := a.Verify(account, res, auth.VerifyNamespace(ns))
if err != nil && account != nil { if err != nil && account != nil {
return errors.Forbidden(req.Service(), "Forbidden call made to %v:%v by %v", req.Service(), req.Endpoint(), account.ID) return errors.Forbidden(req.Service(), "Forbidden call made to %v:%v by %v", req.Service(), req.Endpoint(), account.ID)
} else if err != nil { } else if err != nil {