HaimKortovich
6a68c348bd
All checks were successful
Build and Publish / build-release (push) Successful in 1m12s
64 lines
1.7 KiB
Elixir
64 lines
1.7 KiB
Elixir
defmodule PolicyServiceWeb.Router do
|
|
use PolicyServiceWeb, :router
|
|
|
|
alias PolicyServiceWeb.PolicyController
|
|
alias PolicyServiceWeb.HealthController
|
|
|
|
pipeline :api do
|
|
plug OpenApiSpex.Plug.PutApiSpec, module: PolicyServiceWeb.ApiSpec
|
|
end
|
|
|
|
pipeline :authorize do
|
|
plug Oidcc.Plug.ExtractAuthorization
|
|
plug Oidcc.Plug.RequireAuthorization
|
|
|
|
plug PolicyServiceWeb.Plugs.RequireOrganizationId
|
|
plug PolicyServiceWeb.Plugs.ExtractOrganizationId
|
|
|
|
plug :introspect
|
|
plug :authorize_roles
|
|
end
|
|
|
|
get "/health", HealthController, :health
|
|
get "/health/ready", HealthController, :ready
|
|
|
|
scope "/api" do
|
|
pipe_through [:api]
|
|
|
|
get "/openapi", OpenApiSpex.Plug.RenderSpec, []
|
|
|
|
scope "/v1" do
|
|
pipe_through [:authorize]
|
|
|
|
get "/policies", PolicyController, :index, required_permission: ["policy:read"]
|
|
|
|
get "/policies/:application_id", PolicyController, :show,
|
|
required_permissions: ["policy:read"]
|
|
|
|
post "/policies", PolicyController, :create, required_permissions: ["policy:create_request"]
|
|
|
|
post "/policies/:application_id/accept", PolicyController, :accept,
|
|
required_permission: ["policy:submit_solicitation"]
|
|
end
|
|
end
|
|
|
|
scope "/swaggerui" do
|
|
get "/", OpenApiSpex.Plug.SwaggerUI, path: "/api/openapi"
|
|
end
|
|
|
|
def introspect(conn, _opts) do
|
|
zitadel = Application.get_env(:policy_service, :zitadel)
|
|
|
|
Oidcc.Plug.IntrospectToken.call(conn, %{
|
|
provider: PolicyService.ZitadelProvider,
|
|
client_id: zitadel[:client_id],
|
|
client_secret: zitadel[:client_secret]
|
|
})
|
|
end
|
|
|
|
def authorize_roles(conn, _opts) do
|
|
zitadel = Application.get_env(:policy_service, :zitadel)
|
|
PolicyServiceWeb.Plugs.AuthorizeRoles.call(conn, %{roles_claim: zitadel[:roles_claim]})
|
|
end
|
|
end
|