1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17 package com.linecorp.centraldogma.server.internal.admin.auth;
18
19 import java.util.concurrent.CompletableFuture;
20 import java.util.concurrent.CompletionStage;
21
22 import com.linecorp.armeria.common.HttpRequest;
23 import com.linecorp.armeria.common.auth.OAuth2Token;
24 import com.linecorp.armeria.server.ServiceRequestContext;
25 import com.linecorp.armeria.server.auth.AuthTokenExtractors;
26 import com.linecorp.armeria.server.auth.Authorizer;
27 import com.linecorp.armeria.server.thrift.THttpService;
28 import com.linecorp.centraldogma.internal.CsrfToken;
29 import com.linecorp.centraldogma.server.metadata.User;
30
31
32
33
34
35 public class CsrfTokenAuthorizer implements Authorizer<HttpRequest> {
36
37 @Override
38 public CompletionStage<Boolean> authorize(ServiceRequestContext ctx, HttpRequest data) {
39 final OAuth2Token token = AuthTokenExtractors.oAuth2().apply(data.headers());
40 if (token != null && CsrfToken.ANONYMOUS.equals(token.accessToken())) {
41 AuthUtil.setCurrentUser(ctx, User.ADMIN);
42 return CompletableFuture.completedFuture(true);
43 } else {
44 return CompletableFuture.completedFuture(false);
45 }
46 }
47 }