partition by org_id and add auth
All checks were successful
Build and Publish / build-release (push) Successful in 3m7s
All checks were successful
Build and Publish / build-release (push) Successful in 3m7s
This commit is contained in:
@@ -1,5 +1,6 @@
|
||||
defmodule CustomerServiceWeb.Router do
|
||||
use CustomerServiceWeb, :router
|
||||
|
||||
alias CustomerServiceWeb.{CustomerController, LeadController}
|
||||
|
||||
pipeline :api do
|
||||
@@ -7,28 +8,86 @@ defmodule CustomerServiceWeb.Router do
|
||||
plug OpenApiSpex.Plug.PutApiSpec, module: CustomerServiceWeb.ApiSpec
|
||||
end
|
||||
|
||||
get("/health", CustomerServiceWeb.HealthController, :health)
|
||||
get("/health/ready", CustomerServiceWeb.HealthController, :ready)
|
||||
pipeline :auth do
|
||||
plug Oidcc.Plug.ExtractAuthorization
|
||||
plug Oidcc.Plug.RequireAuthorization
|
||||
|
||||
plug CustomerServiceWeb.Plugs.RequireOrganizationId
|
||||
plug CustomerServiceWeb.Plugs.ExtractOrganizationId
|
||||
|
||||
plug :introspect
|
||||
end
|
||||
|
||||
pipeline :customer_create do
|
||||
plug :authorize_roles, required_permissions: ["customer:create"]
|
||||
end
|
||||
|
||||
pipeline :customer_read do
|
||||
plug :authorize_roles, required_permissions: ["customer:read"]
|
||||
end
|
||||
|
||||
pipeline :customer_update do
|
||||
plug :authorize_roles, required_permissions: ["customer:update"]
|
||||
end
|
||||
|
||||
pipeline :lead_create do
|
||||
plug :authorize_roles, required_permissions: ["lead:create"]
|
||||
end
|
||||
|
||||
pipeline :lead_read do
|
||||
plug :authorize_roles, required_permissions: ["lead:read"]
|
||||
end
|
||||
|
||||
pipeline :lead_update do
|
||||
plug :authorize_roles, required_permissions: ["lead:update"]
|
||||
end
|
||||
|
||||
get "/health", CustomerServiceWeb.HealthController, :health
|
||||
get "/health/ready", CustomerServiceWeb.HealthController, :ready
|
||||
|
||||
scope "/api" do
|
||||
pipe_through :api
|
||||
pipe_through [:api]
|
||||
|
||||
get "/openapi", OpenApiSpex.Plug.RenderSpec, []
|
||||
|
||||
scope "/v1" do
|
||||
post "/customers", CustomerController, :create
|
||||
post "/customers/individual", CustomerController, :create
|
||||
post "/customers/corporate", CustomerController, :create_corporate
|
||||
get "/customers", CustomerController, :index
|
||||
get "/customers/:id", CustomerController, :show
|
||||
put "/customers/individual/:id", CustomerController, :update
|
||||
put "/customers/corporate/:id", CustomerController, :update_corporate
|
||||
pipe_through [:auth]
|
||||
|
||||
post "/leads", LeadController, :create
|
||||
get "/leads", LeadController, :index
|
||||
get "/leads/:id", LeadController, :show
|
||||
put "/leads/:id", LeadController, :update
|
||||
put "/leads/:id/status", LeadController, :update_status
|
||||
scope "/" do
|
||||
pipe_through [:customer_create]
|
||||
post "/customers", CustomerController, :create
|
||||
post "/customers/individual", CustomerController, :create
|
||||
post "/customers/corporate", CustomerController, :create_corporate
|
||||
end
|
||||
|
||||
scope "/" do
|
||||
pipe_through [:customer_read]
|
||||
get "/customers", CustomerController, :index
|
||||
get "/customers/:id", CustomerController, :show
|
||||
end
|
||||
|
||||
scope "/" do
|
||||
pipe_through [:customer_update]
|
||||
put "/customers/individual/:id", CustomerController, :update
|
||||
put "/customers/corporate/:id", CustomerController, :update_corporate
|
||||
end
|
||||
|
||||
scope "/" do
|
||||
pipe_through [:lead_create]
|
||||
post "/leads", LeadController, :create
|
||||
end
|
||||
|
||||
scope "/" do
|
||||
pipe_through [:lead_read]
|
||||
get "/leads", LeadController, :index
|
||||
get "/leads/:id", LeadController, :show
|
||||
end
|
||||
|
||||
scope "/" do
|
||||
pipe_through [:lead_update]
|
||||
put "/leads/:id", LeadController, :update
|
||||
put "/leads/:id/status", LeadController, :update_status
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
@@ -37,4 +96,27 @@ defmodule CustomerServiceWeb.Router do
|
||||
get "/", OpenApiSpex.Plug.SwaggerUI, path: "/api/openapi"
|
||||
end
|
||||
end
|
||||
|
||||
def introspect(conn, _opts) do
|
||||
zitadel = Application.get_env(:customer_service, :zitadel)
|
||||
|
||||
opts =
|
||||
Oidcc.Plug.IntrospectToken.init(
|
||||
provider: CustomerService.ZitadelProvider,
|
||||
client_id: zitadel[:client_id],
|
||||
client_secret: zitadel[:client_secret],
|
||||
token_introspection_opts: %{client_self_only: false}
|
||||
)
|
||||
|
||||
Oidcc.Plug.IntrospectToken.call(conn, opts)
|
||||
end
|
||||
|
||||
def authorize_roles(conn, opts) do
|
||||
zitadel = Application.get_env(:customer_service, :zitadel)
|
||||
|
||||
o =
|
||||
CustomerServiceWeb.Plugs.AuthorizeRoles.init(roles_claim: zitadel[:roles_claim])
|
||||
|
||||
CustomerServiceWeb.Plugs.AuthorizeRoles.call(conn, Keyword.merge(opts, o))
|
||||
end
|
||||
end
|
||||
|
||||
Reference in New Issue
Block a user