software-engineering/policy-service
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: software-engineering:0957c18d21cab7df6bf2a277de72b14aeb3456e1
Branches Tags
software-engineering:main
..
compare: software-engineering:main
Branches Tags
software-engineering:main

13 Commits
0957c18d21 ... main

Author SHA1 Message Date
HaimKortovich
a83563a576 move cors up
All checks were successful
Build and Publish / build-release (push) Successful in 1m13s
Details
2026-05-14 10:40:48 -05:00
HaimKortovich
c3eb2471dc allow all
All checks were successful
Build and Publish / build-release (push) Successful in 3m17s
Details
2026-05-14 10:20:32 -05:00
HaimKortovich
90f8ef00fa set cors in api pipeline
Some checks failed
Build and Publish / build-release (push) Failing after 10s
Details
2026-05-14 10:16:50 -05:00
HaimKortovich
cd0c0b21b4 add corsplug
All checks were successful
Build and Publish / build-release (push) Successful in 1m12s
Details
2026-05-13 17:57:24 -05:00
HaimKortovich
39f5671b2c use correct org_id
All checks were successful
Build and Publish / build-release (push) Successful in 1m12s
Details
2026-05-13 17:51:32 -05:00
HaimKortovich
8b979f7956 fix roles claim
All checks were successful
Build and Publish / build-release (push) Successful in 1m13s
Details
2026-05-13 17:48:30 -05:00
HaimKortovich
f829088b5b use keyword methods
All checks were successful
Build and Publish / build-release (push) Successful in 1m34s
Details
2026-05-13 17:39:00 -05:00
HaimKortovich
1692fa29da fix keyword
All checks were successful
Build and Publish / build-release (push) Successful in 1m12s
Details
2026-05-13 17:34:59 -05:00
HaimKortovich
921a9da748 merge keywoards
All checks were successful
Build and Publish / build-release (push) Successful in 1m10s
Details
2026-05-13 17:32:47 -05:00
HaimKortovich
2e6784b50b cmon
All checks were successful
Build and Publish / build-release (push) Successful in 1m16s
Details
2026-05-13 17:24:01 -05:00
HaimKortovich
47385cf827 deconstruct
All checks were successful
Build and Publish / build-release (push) Successful in 1m14s
Details
2026-05-13 17:19:04 -05:00
HaimKortovich
9e6a9e4a48 fix auth
All checks were successful
Build and Publish / build-release (push) Successful in 1m10s
Details
2026-05-13 17:14:57 -05:00
HaimKortovich
db732c0af0 remove corsplug 2026-05-13 16:32:27 -05:00
5 changed files with 53 additions and 52 deletions
Expand all files Collapse all files

20
config/runtime.exs
View File

@@ -35,26 +35,6 @@ if amqp_url do
config :policy_service, :amqp_url, amqp_url config :policy_service, :amqp_url, amqp_url
end end
cors_origin = System.get_env("CORS_ORIGIN", "*")
config :cors_plug,
origin: cors_origin,
headers: [
"Authorization",
"x-organization-id",
"Content-Type",
"Accept",
"Origin",
"User-Agent",
"DNT",
"Cache-Control",
"X-Mx-ReqToken",
"Keep-Alive",
"X-Requested-With",
"If-Modified-Since",
"X-CSRF-Token"
]
# Zitadel Configuration # Zitadel Configuration
# ## Using releases # ## Using releases

8
lib/policy_service_web/controllers/policy_controller.ex
View File

@@ -31,7 +31,7 @@ defmodule PolicyServiceWeb.PolicyController do
) )
def index(conn, params) do def index(conn, params) do
org_id = conn.assigns[:org_id] org_id = conn.private[PolicyServiceWeb.Plugs.ExtractOrganizationId]
case PolicyQueries.list_by_org(org_id, params) do case PolicyQueries.list_by_org(org_id, params) do
{:ok, {policies, meta}} -> {:ok, {policies, meta}} ->
@@ -63,7 +63,7 @@ defmodule PolicyServiceWeb.PolicyController do
) )
def show(conn, %{"application_id" => application_id}) do def show(conn, %{"application_id" => application_id}) do
org_id = conn.assigns[:org_id] org_id = conn.private[PolicyServiceWeb.Plugs.ExtractOrganizationId]
case PolicyQueries.get_by_application_id(org_id, application_id) do case PolicyQueries.get_by_application_id(org_id, application_id) do
{:ok, policy} -> {:ok, policy} ->
@@ -89,7 +89,7 @@ defmodule PolicyServiceWeb.PolicyController do
def create(conn, params) do def create(conn, params) do
application_id = Ecto.UUID.generate() application_id = Ecto.UUID.generate()
org_id = conn.assigns[:org_id] org_id = conn.private[PolicyServiceWeb.Plugs.ExtractOrganizationId]
submitted_by = conn.assigns[:user_id] submitted_by = conn.assigns[:user_id]
with {:ok, policy_type} <- parse_policy_type(params["policy_type"]), with {:ok, policy_type} <- parse_policy_type(params["policy_type"]),
@@ -173,7 +173,7 @@ defmodule PolicyServiceWeb.PolicyController do
) )
def accept(conn, %{"application_id" => application_id} = params) do def accept(conn, %{"application_id" => application_id} = params) do
org_id = conn.assigns[:org_id] org_id = conn.private[PolicyServiceWeb.Plugs.ExtractOrganizationId]
with {:ok, policy} <- PolicyQueries.get_by_application_id(org_id, application_id) do with {:ok, policy} <- PolicyQueries.get_by_application_id(org_id, application_id) do
command = command =

6
lib/policy_service_web/endpoint.ex
View File

@@ -42,9 +42,13 @@ defmodule PolicyServiceWeb.Endpoint do
pass: ["*/*"], pass: ["*/*"],
json_decoder: Phoenix.json_library() json_decoder: Phoenix.json_library()
plug CORSPlug
plug Plug.MethodOverride plug Plug.MethodOverride
plug Plug.Head plug Plug.Head
plug Plug.Session, @session_options plug Plug.Session, @session_options
plug CORSPlug,
origin: ["*"],
headers: ["*"]
plug PolicyServiceWeb.Router plug PolicyServiceWeb.Router
end end

17
lib/policy_service_web/plugs/authorize_roles.ex
View File

@@ -31,14 +31,11 @@ defmodule PolicyServiceWeb.Plugs.AuthorizeRoles do
@impl Plug @impl Plug
def call(conn, opts) do def call(conn, opts) do
IO.inspect(conn.private) if authorized?(
conn,
required_permissions = Keyword.get(opts, :roles_claim),
conn.private[Phoenix.Router.Route] Keyword.get(opts, :required_permissions)
|> Map.get(:options, %{}) ) do
|> Map.get(:required_permissions, [])
if authorized?(conn, opts.roles_claim, required_permissions) do
conn conn
else else
conn conn
@@ -67,8 +64,8 @@ defmodule PolicyServiceWeb.Plugs.AuthorizeRoles do
defp get_roles_map(conn, roles_claim) do defp get_roles_map(conn, roles_claim) do
case conn.private[Oidcc.Plug.IntrospectToken] do case conn.private[Oidcc.Plug.IntrospectToken] do
%{extra: %{^roles_claim => %{} = roles_map}} -> %Oidcc.TokenIntrospection{extra: extra} ->
Map.get(roles_map, roles_claim, %{}) Map.get(extra, roles_claim, %{})
_ -> _ ->
%{} %{}

54
lib/policy_service_web/router.ex
View File

@@ -8,7 +8,7 @@ defmodule PolicyServiceWeb.Router do
plug OpenApiSpex.Plug.PutApiSpec, module: PolicyServiceWeb.ApiSpec plug OpenApiSpex.Plug.PutApiSpec, module: PolicyServiceWeb.ApiSpec
end end
pipeline :authorize do pipeline :auth do
plug Oidcc.Plug.ExtractAuthorization plug Oidcc.Plug.ExtractAuthorization
plug Oidcc.Plug.RequireAuthorization plug Oidcc.Plug.RequireAuthorization
@@ -16,36 +16,53 @@ defmodule PolicyServiceWeb.Router do
plug PolicyServiceWeb.Plugs.ExtractOrganizationId plug PolicyServiceWeb.Plugs.ExtractOrganizationId
plug :introspect plug :introspect
plug :authorize_roles end
pipeline :read do
plug :authorize_roles, required_permissions: ["policy:read"]
end
pipeline :submit_solicitation do
plug :authorize_roles, required_permissions: ["policy:submit_solicitation"]
end
pipeline :create_request do
plug :authorize_roles, required_permissions: ["policy:create_request"]
end end
get "/health", HealthController, :health get "/health", HealthController, :health
get "/health/ready", HealthController, :ready get "/health/ready", HealthController, :ready
scope "/swaggerui" do
get "/", OpenApiSpex.Plug.SwaggerUI, path: "/api/openapi"
end
scope "/api" do scope "/api" do
pipe_through [:api] pipe_through [:api]
get "/openapi", OpenApiSpex.Plug.RenderSpec, [] get "/openapi", OpenApiSpex.Plug.RenderSpec, []
scope "/v1" do scope "/v1" do
pipe_through [:authorize] pipe_through [:auth]
get "/policies", PolicyController, :index, required_permission: ["policy:read"] scope "/" do
pipe_through [:read]
get "/policies", PolicyController, :index
get "/policies/:application_id", PolicyController, :show
end
get "/policies/:application_id", PolicyController, :show, scope "/" do
required_permissions: ["policy:read"] pipe_through [:create_request]
post "/policies", PolicyController, :create
end
post "/policies", PolicyController, :create, required_permissions: ["policy:create_request"] scope "/" do
pipe_through [:submit_solicitation]
post "/policies/:application_id/accept", PolicyController, :accept, post "/policies/:application_id/accept", PolicyController, :accept
required_permission: ["policy:submit_solicitation"] end
end end
end end
scope "/swaggerui" do
get "/", OpenApiSpex.Plug.SwaggerUI, path: "/api/openapi"
end
def introspect(conn, _opts) do def introspect(conn, _opts) do
zitadel = Application.get_env(:policy_service, :zitadel) zitadel = Application.get_env(:policy_service, :zitadel)
@@ -63,9 +80,12 @@ defmodule PolicyServiceWeb.Router do
) )
end end
def authorize_roles(conn, _opts) do def authorize_roles(conn, opts) do
zitadel = Application.get_env(:policy_service, :zitadel) zitadel = Application.get_env(:policy_service, :zitadel)
opts = PolicyServiceWeb.Plugs.AuthorizeRoles.init(roles_claim: zitadel[:roles_claim])
PolicyServiceWeb.Plugs.AuthorizeRoles.call(conn, opts) o =
PolicyServiceWeb.Plugs.AuthorizeRoles.init(roles_claim: zitadel[:roles_claim])
PolicyServiceWeb.Plugs.AuthorizeRoles.call(conn, Keyword.merge(opts, o))
end end
end end