HaimKortovich
1692fa29da
All checks were successful
Build and Publish / build-release (push) Successful in 1m12s
92 lines
2.3 KiB
Elixir
92 lines
2.3 KiB
Elixir
defmodule PolicyServiceWeb.Router do
|
|
use PolicyServiceWeb, :router
|
|
|
|
alias PolicyServiceWeb.PolicyController
|
|
alias PolicyServiceWeb.HealthController
|
|
|
|
pipeline :api do
|
|
plug OpenApiSpex.Plug.PutApiSpec, module: PolicyServiceWeb.ApiSpec
|
|
end
|
|
|
|
pipeline :auth do
|
|
plug Oidcc.Plug.ExtractAuthorization
|
|
plug Oidcc.Plug.RequireAuthorization
|
|
|
|
plug PolicyServiceWeb.Plugs.RequireOrganizationId
|
|
plug PolicyServiceWeb.Plugs.ExtractOrganizationId
|
|
|
|
plug :introspect
|
|
end
|
|
|
|
pipeline :read do
|
|
plug :authorize_roles, required_permissions: ["policy:read"]
|
|
end
|
|
|
|
pipeline :submit_solicitation do
|
|
plug :authorize_roles, required_permissions: ["policy:submit_solicitation"]
|
|
end
|
|
|
|
pipeline :create_request do
|
|
plug :authorize_roles, required_permissions: ["policy:create_request"]
|
|
end
|
|
|
|
get "/health", HealthController, :health
|
|
get "/health/ready", HealthController, :ready
|
|
|
|
scope "/swaggerui" do
|
|
get "/", OpenApiSpex.Plug.SwaggerUI, path: "/api/openapi"
|
|
end
|
|
|
|
scope "/api" do
|
|
pipe_through [:api]
|
|
|
|
get "/openapi", OpenApiSpex.Plug.RenderSpec, []
|
|
|
|
scope "/v1" do
|
|
pipe_through [:auth]
|
|
|
|
scope "/" do
|
|
pipe_through [:read]
|
|
get "/policies", PolicyController, :index
|
|
get "/policies/:application_id", PolicyController, :show
|
|
end
|
|
|
|
scope "/" do
|
|
pipe_through [:create_request]
|
|
post "/policies", PolicyController, :create
|
|
end
|
|
|
|
scope "/" do
|
|
pipe_through [:submit_solicitation]
|
|
post "/policies/:application_id/accept", PolicyController, :accept
|
|
end
|
|
end
|
|
end
|
|
|
|
def introspect(conn, _opts) do
|
|
zitadel = Application.get_env(:policy_service, :zitadel)
|
|
|
|
opts =
|
|
Oidcc.Plug.IntrospectToken.init(
|
|
provider: PolicyService.ZitadelProvider,
|
|
client_id: zitadel[:client_id],
|
|
client_secret: zitadel[:client_secret],
|
|
token_introspection_opts: %{client_self_only: false}
|
|
)
|
|
|
|
Oidcc.Plug.IntrospectToken.call(
|
|
conn,
|
|
opts
|
|
)
|
|
end
|
|
|
|
def authorize_roles(conn, opts) do
|
|
zitadel = Application.get_env(:policy_service, :zitadel)
|
|
|
|
o =
|
|
PolicyServiceWeb.Plugs.AuthorizeRoles.init(roles_claim: zitadel[:roles_claim])
|
|
|
|
PolicyServiceWeb.Plugs.AuthorizeRoles.call(conn, Keyword.merge(opts, o))
|
|
end
|
|
end
|