1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17 package com.linecorp.centraldogma.server.internal.admin.auth;
18
19 import static com.linecorp.centraldogma.server.metadata.User.LEVEL_SYSTEM_ADMIN;
20 import static com.linecorp.centraldogma.server.metadata.User.LEVEL_USER;
21 import static java.util.Objects.requireNonNull;
22 import static java.util.concurrent.CompletableFuture.completedFuture;
23
24 import java.util.List;
25 import java.util.Set;
26 import java.util.concurrent.CompletionStage;
27
28 import com.linecorp.armeria.common.HttpRequest;
29 import com.linecorp.armeria.common.auth.OAuth2Token;
30 import com.linecorp.armeria.server.ServiceRequestContext;
31 import com.linecorp.armeria.server.auth.AuthTokenExtractors;
32 import com.linecorp.armeria.server.auth.Authorizer;
33 import com.linecorp.centraldogma.server.auth.SessionManager;
34 import com.linecorp.centraldogma.server.internal.api.HttpApiUtil;
35 import com.linecorp.centraldogma.server.metadata.User;
36
37
38
39
40
41 public class SessionTokenAuthorizer implements Authorizer<HttpRequest> {
42
43 private final SessionManager sessionManager;
44 private final Set<String> systemAdministrators;
45
46 public SessionTokenAuthorizer(SessionManager sessionManager, Set<String> systemAdministrators) {
47 this.sessionManager = requireNonNull(sessionManager, "sessionManager");
48 this.systemAdministrators = requireNonNull(systemAdministrators, "systemAdministrators");
49 }
50
51 @Override
52 public CompletionStage<Boolean> authorize(ServiceRequestContext ctx, HttpRequest data) {
53 final OAuth2Token token = AuthTokenExtractors.oAuth2().apply(data.headers());
54 if (token == null) {
55 return completedFuture(false);
56 }
57 return sessionManager.get(token.accessToken())
58 .thenApply(session -> {
59 if (session == null) {
60 return false;
61 }
62 final String username = session.username();
63 final List<String> roles =
64 systemAdministrators.contains(username) ? LEVEL_SYSTEM_ADMIN
65 : LEVEL_USER;
66 final User user = new User(username, roles);
67 ctx.logBuilder().authenticatedUser("user/" + username);
68 AuthUtil.setCurrentUser(ctx, user);
69 HttpApiUtil.setVerboseResponses(ctx, user);
70 return true;
71 });
72 }
73 }