HaimKortovich
c81b1673d4
Some checks failed
Build and Publish / build-release (push) Has been cancelled
99 lines
2.7 KiB
Elixir
99 lines
2.7 KiB
Elixir
defmodule WorkloadServiceWeb.Router do
|
|
use WorkloadServiceWeb, :router
|
|
|
|
alias WorkloadServiceWeb.TaskController
|
|
alias WorkloadServiceWeb.HealthController
|
|
|
|
pipeline :api do
|
|
plug(OpenApiSpex.Plug.PutApiSpec, module: WorkloadServiceWeb.ApiSpec)
|
|
end
|
|
|
|
pipeline :auth do
|
|
plug(Oidcc.Plug.ExtractAuthorization)
|
|
plug(Oidcc.Plug.RequireAuthorization)
|
|
|
|
plug(WorkloadServiceWeb.Plugs.RequireOrganizationId)
|
|
plug(WorkloadServiceWeb.Plugs.ExtractOrganizationId)
|
|
|
|
plug(:introspect)
|
|
end
|
|
|
|
pipeline(:read, do: plug(:authorize_roles, required_permissions: ["task:read"]))
|
|
pipeline(:submit, do: plug(:authorize_roles, required_permissions: ["task:submit"]))
|
|
|
|
pipeline(:request_approval,
|
|
do: plug(:authorize_roles, required_permissions: ["task:request_approval"])
|
|
)
|
|
|
|
pipeline(:approve, do: plug(:authorize_roles, required_permissions: ["task:approve"]))
|
|
pipeline(:complete, do: plug(:authorize_roles, required_permissions: ["task:complete"]))
|
|
|
|
get("/health", HealthController, :health)
|
|
get("/health/ready", HealthController, :ready)
|
|
|
|
scope "/api" do
|
|
pipe_through([:api])
|
|
|
|
get("/openapi", OpenApiSpex.Plug.RenderSpec, [])
|
|
|
|
scope "/v1" do
|
|
pipe_through([:auth])
|
|
|
|
scope "/" do
|
|
pipe_through([:read])
|
|
get("/tasks", TaskController, :list)
|
|
get("/tasks/:id", TaskController, :show)
|
|
end
|
|
|
|
scope "/" do
|
|
pipe_through([:submit])
|
|
post("/tasks/:id/submit", TaskController, :submit)
|
|
end
|
|
|
|
scope "/" do
|
|
pipe_through([:request_approval])
|
|
post("/tasks/:id/request_approval", TaskController, :request_approval)
|
|
end
|
|
|
|
scope "/" do
|
|
pipe_through([:approve])
|
|
post("/tasks/:id/approve", TaskController, :approve)
|
|
end
|
|
|
|
scope "/" do
|
|
pipe_through([:complete])
|
|
post("/tasks/:id/complete", TaskController, :complete)
|
|
end
|
|
end
|
|
end
|
|
|
|
if Mix.env() == :dev do
|
|
scope "/swaggerui" do
|
|
get("/", OpenApiSpex.Plug.SwaggerUI, path: "/api/openapi")
|
|
end
|
|
end
|
|
|
|
def introspect(conn, _opts) do
|
|
zitadel = Application.get_env(:workload_service, :zitadel)
|
|
|
|
opts =
|
|
Oidcc.Plug.IntrospectToken.init(
|
|
provider: WorkloadService.ZitadelProvider,
|
|
client_id: zitadel[:client_id],
|
|
client_secret: zitadel[:client_secret],
|
|
token_introspection_opts: %{client_self_only: false}
|
|
)
|
|
|
|
Oidcc.Plug.IntrospectToken.call(conn, opts)
|
|
end
|
|
|
|
def authorize_roles(conn, opts) do
|
|
zitadel = Application.get_env(:workload_service, :zitadel)
|
|
|
|
o =
|
|
WorkloadServiceWeb.Plugs.AuthorizeRoles.init(roles_claim: zitadel[:roles_claim])
|
|
|
|
WorkloadServiceWeb.Plugs.AuthorizeRoles.call(conn, Keyword.merge(opts, o))
|
|
end
|
|
end
|