move cors up

allow all
set cors in api pipeline
2026-05-14 10:40:48 -05:00 · 2026-05-14 10:20:32 -05:00 · 2026-05-14 10:16:50 -05:00 · 2026-05-13 17:57:24 -05:00 · 2026-05-13 17:51:32 -05:00 · 2026-05-13 17:48:30 -05:00
5 changed files with 24 additions and 40 deletions
--- a/config/runtime.exs
+++ b/config/runtime.exs
@@ -35,26 +35,6 @@ if amqp_url do
  config :policy_service, :amqp_url, amqp_url
 end
 cors_origin = System.get_env("CORS_ORIGIN", "*")
 config :cors_plug,
  origin: cors_origin,
  headers: [
    "Authorization",
    "x-organization-id",
    "Content-Type",
    "Accept",
    "Origin",
    "User-Agent",
    "DNT",
    "Cache-Control",
    "X-Mx-ReqToken",
    "Keep-Alive",
    "X-Requested-With",
    "If-Modified-Since",
    "X-CSRF-Token"
  ]
 # Zitadel Configuration
 # ## Using releases
--- a/lib/policy_service_web/controllers/policy_controller.ex
+++ b/lib/policy_service_web/controllers/policy_controller.ex
@@ -31,7 +31,7 @@ defmodule PolicyServiceWeb.PolicyController do
  )
  def index(conn, params) do
-    org_id = conn.assigns[:org_id]
+    org_id = conn.private[PolicyServiceWeb.Plugs.ExtractOrganizationId]
    case PolicyQueries.list_by_org(org_id, params) do
      {:ok, {policies, meta}} ->
@@ -63,7 +63,7 @@ defmodule PolicyServiceWeb.PolicyController do
  )
  def show(conn, %{"application_id" => application_id}) do
-    org_id = conn.assigns[:org_id]
+    org_id = conn.private[PolicyServiceWeb.Plugs.ExtractOrganizationId]
    case PolicyQueries.get_by_application_id(org_id, application_id) do
      {:ok, policy} ->
@@ -89,7 +89,7 @@ defmodule PolicyServiceWeb.PolicyController do
  def create(conn, params) do
    application_id = Ecto.UUID.generate()
-    org_id = conn.assigns[:org_id]
+    org_id = conn.private[PolicyServiceWeb.Plugs.ExtractOrganizationId]
    submitted_by = conn.assigns[:user_id]
    with {:ok, policy_type} <- parse_policy_type(params["policy_type"]),
@@ -173,7 +173,7 @@ defmodule PolicyServiceWeb.PolicyController do
  )
  def accept(conn, %{"application_id" => application_id} = params) do
-    org_id = conn.assigns[:org_id]
+    org_id = conn.private[PolicyServiceWeb.Plugs.ExtractOrganizationId]
    with {:ok, policy} <- PolicyQueries.get_by_application_id(org_id, application_id) do
      command =
--- a/lib/policy_service_web/endpoint.ex
+++ b/lib/policy_service_web/endpoint.ex
@@ -25,8 +25,7 @@ defmodule PolicyServiceWeb.Endpoint do
    from: :policy_service,
    gzip: not code_reloading?,
    only: PolicyServiceWeb.static_paths(),
-    raise_on_missing_only: code_reloading?,
+    raise_on_missing_only: code_reloading?
    headers: %{"Access-Control-Allow-Origin" => "*"}
  # Code reloading can be explicitly enabled under the
  # :code_reloader configuration of your endpoint.
@@ -46,5 +45,10 @@ defmodule PolicyServiceWeb.Endpoint do
  plug Plug.MethodOverride
  plug Plug.Head
  plug Plug.Session, @session_options
  plug CORSPlug,
    origin: ["*"],
    headers: ["*"]
  plug PolicyServiceWeb.Router
 end
--- a/lib/policy_service_web/plugs/authorize_roles.ex
+++ b/lib/policy_service_web/plugs/authorize_roles.ex
@@ -26,13 +26,16 @@ defmodule PolicyServiceWeb.Plugs.AuthorizeRoles do
    do:
      opts
      |> Keyword.validate!([
-        :roles_claim,
+        :roles_claim
        :required_permissions
      ])
  @impl Plug
  def call(conn, opts) do
-    if authorized?(conn, opts.roles_claim, opts.required_permissions) do
+    if authorized?(
         conn,
         Keyword.get(opts, :roles_claim),
         Keyword.get(opts, :required_permissions)
       ) do
      conn
    else
      conn
@@ -61,8 +64,8 @@ defmodule PolicyServiceWeb.Plugs.AuthorizeRoles do
  defp get_roles_map(conn, roles_claim) do
    case conn.private[Oidcc.Plug.IntrospectToken] do
-      %{extra: %{^roles_claim => %{} = roles_map}} ->
+      %Oidcc.TokenIntrospection{extra: extra} ->
-        Map.get(roles_map, roles_claim, %{})
+        Map.get(extra, roles_claim, %{})
      _ ->
        %{}
--- a/lib/policy_service_web/router.ex
+++ b/lib/policy_service_web/router.ex
@@ -19,15 +19,15 @@ defmodule PolicyServiceWeb.Router do
  end
  pipeline :read do
-    plug :authorize_roles, required_permission: ["policy:read"]
+    plug :authorize_roles, required_permissions: ["policy:read"]
  end
  pipeline :submit_solicitation do
-    plug :authorize_roles, required_permission: ["policy:submit_solicitation"]
+    plug :authorize_roles, required_permissions: ["policy:submit_solicitation"]
  end
  pipeline :create_request do
-    plug :authorize_roles, required_permission: ["policy:create_request"]
+    plug :authorize_roles, required_permissions: ["policy:create_request"]
  end
  get "/health", HealthController, :health
@@ -83,12 +83,9 @@ defmodule PolicyServiceWeb.Router do
  def authorize_roles(conn, opts) do
    zitadel = Application.get_env(:policy_service, :zitadel)
-    opts =
+    o =
-      PolicyServiceWeb.Plugs.AuthorizeRoles.init(
+      PolicyServiceWeb.Plugs.AuthorizeRoles.init(roles_claim: zitadel[:roles_claim])
        roles_claim: zitadel[:roles_claim],
        required_permissions: opts.required_permissions
      )
-    PolicyServiceWeb.Plugs.AuthorizeRoles.call(conn, opts)
+    PolicyServiceWeb.Plugs.AuthorizeRoles.call(conn, Keyword.merge(opts, o))
  end
 end
Author	SHA1	Message	Date
HaimKortovich	a83563a576	move cors up All checks were successful Build and Publish / build-release (push) Successful in 1m13s Details	2026-05-14 10:40:48 -05:00
HaimKortovich	c3eb2471dc	allow all All checks were successful Build and Publish / build-release (push) Successful in 3m17s Details	2026-05-14 10:20:32 -05:00
HaimKortovich	90f8ef00fa	set cors in api pipeline Some checks failed Build and Publish / build-release (push) Failing after 10s Details	2026-05-14 10:16:50 -05:00
HaimKortovich	cd0c0b21b4	add corsplug All checks were successful Build and Publish / build-release (push) Successful in 1m12s Details	2026-05-13 17:57:24 -05:00
HaimKortovich	39f5671b2c	use correct org_id All checks were successful Build and Publish / build-release (push) Successful in 1m12s Details	2026-05-13 17:51:32 -05:00
HaimKortovich	8b979f7956	fix roles claim All checks were successful Build and Publish / build-release (push) Successful in 1m13s Details	2026-05-13 17:48:30 -05:00
HaimKortovich	f829088b5b	use keyword methods All checks were successful Build and Publish / build-release (push) Successful in 1m34s Details	2026-05-13 17:39:00 -05:00
HaimKortovich	1692fa29da	fix keyword All checks were successful Build and Publish / build-release (push) Successful in 1m12s Details	2026-05-13 17:34:59 -05:00
HaimKortovich	921a9da748	merge keywoards All checks were successful Build and Publish / build-release (push) Successful in 1m10s Details	2026-05-13 17:32:47 -05:00
HaimKortovich	2e6784b50b	cmon All checks were successful Build and Publish / build-release (push) Successful in 1m16s Details	2026-05-13 17:24:01 -05:00
HaimKortovich	47385cf827	deconstruct All checks were successful Build and Publish / build-release (push) Successful in 1m14s Details	2026-05-13 17:19:04 -05:00