func (h *Handler) Create(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
var p = ladon.DefaultPolicy{
Conditions: ladon.Conditions{},
}
ctx := herodot.NewContext()
if _, err := h.W.HTTPActionAllowed(ctx, r, &ladon.Request{
Resource: policyResource,
Action: "create",
}, scope); err != nil {
h.H.WriteError(ctx, w, r, err)
return
}
if err := json.NewDecoder(r.Body).Decode(&p); err != nil {
h.H.WriteError(ctx, w, r, errors.New(err))
return
}
if p.ID == "" {
p.ID = uuid.New()
}
if err := h.Manager.Create(&p); err != nil {
h.H.WriteError(ctx, w, r, errors.New(err))
return
}
h.H.WriteCreated(ctx, w, r, "/policies/"+p.ID, &p)
}
func (h *WardenHandler) Authorized(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
ctx := herodot.NewContext()
clientCtx, err := h.authorizeClient(ctx, w, r, "an:hydra:warden:authorized")
if err != nil {
h.H.WriteError(ctx, w, r, err)
return
}
var ar WardenAuthorizedRequest
if err := json.NewDecoder(r.Body).Decode(&ar); err != nil {
h.H.WriteError(ctx, w, r, err)
return
}
defer r.Body.Close()
authContext, err := h.Warden.Authorized(ctx, ar.Assertion, ar.Scopes...)
if err != nil {
h.H.WriteError(ctx, w, r, err)
return
}
authContext.Audience = clientCtx.Subject
h.H.Write(ctx, w, r, authContext)
}
func (h *Handler) Get(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
ctx := herodot.NewContext()
if _, err := h.W.HTTPActionAllowed(ctx, r, &ladon.Request{
Resource: fmt.Sprintf(policiesResource, ps.ByName("id")),
Action: "get",
}, scope); err != nil {
h.H.WriteError(ctx, w, r, err)
return
}
policy, err := h.Manager.Get(ps.ByName("id"))
if err != nil {
h.H.WriteError(ctx, w, r, errors.New(err))
return
}
h.H.Write(ctx, w, r, policy)
}
func (h *Handler) GetAll(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
var ctx = herodot.NewContext()
if _, err := h.W.HTTPActionAllowed(ctx, r, &ladon.Request{
Resource: ClientsResource,
Action: "get",
}, Scope); err != nil {
h.H.WriteError(ctx, w, r, err)
return
}
c, err := h.Manager.GetClients()
if err != nil {
h.H.WriteError(ctx, w, r, err)
return
}
h.H.Write(ctx, w, r, c)
}
func (h *Handler) Delete(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
var ctx = herodot.NewContext()
var id = ps.ByName("id")
if _, err := h.W.HTTPActionAllowed(ctx, r, &ladon.Request{
Resource: fmt.Sprintf(ClientResource, id),
Action: "delete",
}, Scope); err != nil {
h.H.WriteError(ctx, w, r, err)
return
}
if err := h.Manager.DeleteClient(id); err != nil {
h.H.WriteError(ctx, w, r, err)
return
}
w.WriteHeader(http.StatusNoContent)
}
func (h *Handler) Delete(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
ctx := herodot.NewContext()
id := ps.ByName("id")
if _, err := h.W.HTTPActionAllowed(ctx, r, &ladon.Request{
Resource: fmt.Sprintf(policiesResource, id),
Action: "get",
}, scope); err != nil {
h.H.WriteError(ctx, w, r, err)
return
}
if err := h.Manager.Delete(id); err != nil {
h.H.WriteError(ctx, w, r, errors.New("Could not delete client"))
return
}
w.WriteHeader(http.StatusNoContent)
}
func (h *Handler) Find(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
var subject = r.URL.Query().Get("subject")
var ctx = herodot.NewContext()
if subject == "" {
h.H.WriteErrorCode(ctx, w, r, http.StatusBadRequest, errors.New("Missing query parameter subject"))
}
if _, err := h.W.HTTPActionAllowed(ctx, r, &ladon.Request{
Resource: policyResource,
Action: "find",
}, scope); err != nil {
h.H.WriteError(ctx, w, r, err)
return
}
policies, err := h.Manager.FindPoliciesForSubject(subject)
if err != nil {
h.H.WriteError(ctx, w, r, errors.New(err))
return
}
h.H.Write(ctx, w, r, policies)
}
func (h *Handler) Get(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
var ctx = herodot.NewContext()
var id = ps.ByName("id")
c, err := h.Manager.GetClient(id)
if err != nil {
h.H.WriteError(ctx, w, r, err)
return
}
if _, err := h.W.HTTPActionAllowed(ctx, r, &ladon.Request{
Resource: fmt.Sprintf(ClientResource, id),
Action: "get",
Context: ladon.Context{
"owner": c.GetOwner(),
},
}, Scope); err != nil {
h.H.WriteError(ctx, w, r, err)
return
}
h.H.Write(ctx, w, r, c)
}
func (h *Handler) Create(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
var c fosite.DefaultClient
var ctx = herodot.NewContext()
if err := json.NewDecoder(r.Body).Decode(&c); err != nil {
h.H.WriteError(ctx, w, r, errors.New(err))
return
}
if _, err := h.W.HTTPActionAllowed(ctx, r, &ladon.Request{
Resource: ClientsResource,
Action: "create",
Context: ladon.Context{
"owner": c.Owner,
},
}, Scope); err != nil {
h.H.WriteError(ctx, w, r, err)
return
}
if len(c.Secret) < 6 {
secret, err := sequence.RuneSequence(12, []rune("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890_-.,:;$%!&/()=?+*#<>"))
if err != nil {
h.H.WriteError(ctx, w, r, errors.New(err))
return
}
c.Secret = []byte(string(secret))
}
if err := h.Manager.CreateClient(&c); err != nil {
h.H.WriteError(ctx, w, r, err)
return
}
h.H.WriteCreated(ctx, w, r, ClientsHandlerPath+"/"+c.GetID(), &c)
}