1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17 package com.linecorp.centraldogma.server.internal.admin.auth;
18
19 import static com.linecorp.centraldogma.server.metadata.User.LEVEL_ADMIN;
20 import static com.linecorp.centraldogma.server.metadata.User.LEVEL_USER;
21 import static java.util.Objects.requireNonNull;
22 import static java.util.concurrent.CompletableFuture.completedFuture;
23
24 import java.util.List;
25 import java.util.Set;
26 import java.util.concurrent.CompletionStage;
27
28 import com.linecorp.armeria.common.HttpRequest;
29 import com.linecorp.armeria.common.auth.OAuth2Token;
30 import com.linecorp.armeria.server.ServiceRequestContext;
31 import com.linecorp.armeria.server.auth.AuthTokenExtractors;
32 import com.linecorp.armeria.server.auth.Authorizer;
33 import com.linecorp.centraldogma.server.auth.SessionManager;
34 import com.linecorp.centraldogma.server.metadata.User;
35
36
37
38
39
40 public class SessionTokenAuthorizer implements Authorizer<HttpRequest> {
41
42 private final SessionManager sessionManager;
43 private final Set<String> administrators;
44
45 public SessionTokenAuthorizer(SessionManager sessionManager, Set<String> administrators) {
46 this.sessionManager = requireNonNull(sessionManager, "sessionManager");
47 this.administrators = requireNonNull(administrators, "administrators");
48 }
49
50 @Override
51 public CompletionStage<Boolean> authorize(ServiceRequestContext ctx, HttpRequest data) {
52 final OAuth2Token token = AuthTokenExtractors.oAuth2().apply(data.headers());
53 if (token == null) {
54 return completedFuture(false);
55 }
56 return sessionManager.get(token.accessToken())
57 .thenApply(session -> {
58 if (session == null) {
59 return false;
60 }
61 final String username = session.username();
62 final List<String> roles = administrators.contains(username) ? LEVEL_ADMIN
63 : LEVEL_USER;
64 final User user = new User(username, roles);
65 ctx.logBuilder().authenticatedUser("user/" + username);
66 AuthUtil.setCurrentUser(ctx, user);
67 return true;
68 });
69 }
70 }