software-engineering/policy-service
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor auth
Some checks failed
Build and Publish / build-release (push) Failing after 1m49s
Details

Browse Source
This commit is contained in:
HaimKortovich
2026-05-13 13:04:31 -05:00
parent 07a232c131
commit 20d5e86975
12 changed files with 183 additions and 518 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
lib/policy_service_web/router.ex
View File

@@ -4,17 +4,26 @@ defmodule PolicyServiceWeb.Router do
alias PolicyServiceWeb.PolicyController
alias PolicyServiceWeb.HealthController
@zitadel Application.fetch_env!(:policy_service, :zitadel)
pipeline :api do
plug OpenApiSpex.Plug.PutApiSpec, module: PolicyServiceWeb.ApiSpec
end
pipeline :authenticated do
plug PolicyServiceWeb.Plugs.AuthenticationPlug,
provider: PolicyService.ZitadelProvider
end
pipeline :authorize do
plug Oidcc.Plug.ExtractAuthorization
plug Oidcc.Plug.RequireAuthorization
pipeline :authorized do
plug PolicyServiceWeb.Plugs.AuthorizationPlug
plug PolicyServiceWeb.Plugs.RequireOrganizationId
plug PolicyServiceWeb.Plugs.ExtractOrganizationId
plug Oidcc.Plug.IntrospectToken,
provider: PolicyService.ZitadelProvider,
client_id: @zitadel[:client_id],
client_secret: @zitadel[:client_secret]
plug PolicyServiceWeb.Plugs.AuthorizeRoles,
roles_claim: @zitadel[:roles_claim]
end
get "/health", HealthController, :health
@@ -26,14 +35,17 @@ defmodule PolicyServiceWeb.Router do
get "/openapi", OpenApiSpex.Plug.RenderSpec, []
scope "/v1" do
pipe_through [:authenticated, :authorized]
pipe_through [:authorize]
get "/policies", PolicyController, :index, required_permission: "policy:read"
get "/policies/:application_id", PolicyController, :show, required_permission: "policy:read"
post "/policies", PolicyController, :create, required_permission: "policy:create_request"
get "/policies", PolicyController, :index, required_permission: ["policy:read"]
get "/policies/:application_id", PolicyController, :show,
required_permissions: ["policy:read"]
post "/policies", PolicyController, :create, required_permissions: ["policy:create_request"]
post "/policies/:application_id/accept", PolicyController, :accept,
required_permission: "policy:submit_solicitation"
required_permission: ["policy:submit_solicitation"]
end
end