func NewFirewall(issuer string, subject string, scopes fosite.Arguments, p ...ladon.Policy) (firewall.Firewall, *http.Client) {
tokens := pkg.Tokens(1)
fositeStore := pkg.FositeStore()
ps := map[string]ladon.Policy{}
for _, x := range p {
ps[x.GetID()] = x
}
ladonWarden := pkg.LadonWarden(ps)
ar := fosite.NewAccessRequest(&Session{Subject: subject})
ar.GrantedScopes = scopes
fositeStore.CreateAccessTokenSession(nil, tokens[0][0], ar)
conf := &oauth2.Config{Scopes: scopes, Endpoint: oauth2.Endpoint{}}
return &warden.LocalWarden{
Warden: ladonWarden,
TokenValidator: &core.CoreValidator{
AccessTokenStrategy: pkg.HMACStrategy,
AccessTokenStorage: fositeStore,
},
Issuer: issuer,
},
conf.Client(oauth2.NoContext, &oauth2.Token{
AccessToken: tokens[0][1],
Expiry: time.Now().Add(time.Hour),
TokenType: "bearer",
})
}
)
var ts *httptest.Server
var wardens = map[string]firewall.Firewall{}
var ladonWarden = pkg.LadonWarden(map[string]ladon.Policy{
"1": &ladon.DefaultPolicy{
ID: "1",
Subjects: []string{"alice"},
Resources: []string{"matrix"},
Actions: []string{"create"},
Effect: ladon.AllowAccess,
},
"2": &ladon.DefaultPolicy{
ID: "2",
Subjects: []string{"siri"},
Resources: []string{"<.*>"},
Actions: []string{
"an:hydra:warden:allowed",
"an:hydra:warden:authorized",
},
Effect: ladon.AllowAccess,
},
})
var fositeStore = pkg.FositeStore()
var tokens = pkg.Tokens(2)
func init() {