1   /*
2    * Copyright 2017 LINE Corporation
3    *
4    * LINE Corporation licenses this file to you under the Apache License,
5    * version 2.0 (the "License"); you may not use this file except in compliance
6    * with the License. You may obtain a copy of the License at:
7    *
8    *   https://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
12   * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
13   * License for the specific language governing permissions and limitations
14   * under the License.
15   */
16  
17  package com.linecorp.centraldogma.server.internal.admin.auth;
18  
19  import java.util.concurrent.CompletableFuture;
20  import java.util.concurrent.CompletionStage;
21  
22  import com.linecorp.armeria.common.HttpRequest;
23  import com.linecorp.armeria.common.auth.OAuth2Token;
24  import com.linecorp.armeria.server.ServiceRequestContext;
25  import com.linecorp.armeria.server.auth.AuthTokenExtractors;
26  import com.linecorp.armeria.server.auth.Authorizer;
27  import com.linecorp.armeria.server.thrift.THttpService;
28  import com.linecorp.centraldogma.internal.CsrfToken;
29  import com.linecorp.centraldogma.server.internal.api.HttpApiUtil;
30  import com.linecorp.centraldogma.server.metadata.User;
31  
32  /**
33   * A decorator which checks whether CSRF token exists.
34   * This should be used for {@link THttpService} and admin service without security.
35   */
36  public class CsrfTokenAuthorizer implements Authorizer<HttpRequest> {
37  
38      @Override
39      public CompletionStage<Boolean> authorize(ServiceRequestContext ctx, HttpRequest data) {
40          final OAuth2Token token = AuthTokenExtractors.oAuth2().apply(data.headers());
41          if (token != null && CsrfToken.ANONYMOUS.equals(token.accessToken())) {
42              AuthUtil.setCurrentUser(ctx, User.SYSTEM_ADMIN);
43              HttpApiUtil.setVerboseResponses(ctx, User.SYSTEM_ADMIN);
44              return CompletableFuture.completedFuture(true);
45          } else {
46              return CompletableFuture.completedFuture(false);
47          }
48      }
49  }