@@ -47,11 +47,32 @@ func NewAuthorizer(bootstrap *configs.Bootstrap, ss ...casbin.Setting) (security
4747 return authorizer , nil
4848}
4949
50- type Data interface {
50+ type DataProvider interface {
5151 QueryRoles (ctx context.Context , subject string ) ([]string , error )
5252 QueryPermissions (ctx context.Context , subject string ) ([]string , error )
5353}
5454
55+ type SecurityConfig struct {
56+ // Authenticator is the authenticator used for the authorization header.
57+ Authenticator security.Authenticator
58+ // Authorizer is the authorizer used for the authorization header.
59+ Authorizer security.Authorizer
60+ }
61+
62+ type Option = func (config * SecurityConfig )
63+
64+ func WithAuthenticator (authenticator security.Authenticator ) Option {
65+ return func (config * SecurityConfig ) {
66+ config .Authenticator = authenticator
67+ }
68+ }
69+
70+ func WithAuthorizer (authorizer security.Authorizer ) Option {
71+ return func (config * SecurityConfig ) {
72+ config .Authorizer = authorizer
73+ }
74+ }
75+
5576type SecurityBridge struct {
5677 // TokenSource is the type of the token.
5778 TokenSource security.TokenSource
@@ -67,12 +88,12 @@ type SecurityBridge struct {
6788 SkipKey string
6889 // PublicPaths are the public paths that do not require authentication.
6990 PublicPaths []string
91+ // Provider is the role/permission data from the database.
92+ Provider DataProvider
7093 // Skipper is the function used to skip authentication.
7194 Skipper func (string ) bool
7295 // IsRoot is the function used to check if the request is root.
7396 IsRoot func (ctx context.Context , claims security.Claims ) bool
74- // Data is the permission data from the database.
75- Data Data
7697 // TokenParser is the parser used to parse the token from the context.
7798 TokenParser func (ctx context.Context ) string
7899 // PolicyParser is the parser used to parse the policy from the context.
@@ -136,7 +157,7 @@ func (obj SecurityBridge) aggregateTokenParsers(outer ...func(ctx context.Contex
136157func (obj SecurityBridge ) Build () middleware.KMiddleware {
137158 if obj .TokenParser == nil {
138159 obj .TokenParser = obj .aggregateTokenParsers (
139- FromTransportClient (obj .AuthenticationHeader , obj .Scheme .String ()),
160+ // FromTransportClient(obj.AuthenticationHeader, obj.Scheme.String()),
140161 FromTransportServer (obj .AuthenticationHeader , obj .Scheme .String ()),
141162 )
142163 }
@@ -197,14 +218,14 @@ func (obj SecurityBridge) policyParser(ctx context.Context, claims security.Clai
197218 return obj .PolicyParser (ctx , claims )
198219 }
199220 log .Debugf ("PolicyParser: parsing policy for subject: %s" , claims .GetSubject ())
200- roles , err := obj .Data .QueryRoles (ctx , claims .GetSubject ())
221+ roles , err := obj .Provider .QueryRoles (ctx , claims .GetSubject ())
201222 if err != nil {
202223 log .Errorf ("PolicyParser: failed to query roles for subject: %s, error: %s" , claims .GetSubject (), err .Error ())
203224 return nil , err
204225 }
205226 log .Debugf ("PolicyParser: queried roles for subject: %s, roles: %v" , claims .GetSubject (), roles )
206227
207- permissions , err := obj .Data .QueryPermissions (ctx , claims .GetSubject ())
228+ permissions , err := obj .Provider .QueryPermissions (ctx , claims .GetSubject ())
208229 if err != nil {
209230 log .Errorf ("PolicyParser: failed to query permissions for subject: %s, error: %s" , claims .GetSubject (), err .Error ())
210231 return nil , err
@@ -252,3 +273,21 @@ func FromTransportServer(authorize string, scheme string) func(ctx context.Conte
252273 return ""
253274 }
254275}
276+
277+ func DefaultBridge () * SecurityBridge {
278+ bridge := SecurityBridge {
279+ TokenSource : security .TokenSourceHeader ,
280+ Scheme : security .SchemeBearer ,
281+ AuthenticationHeader : security .HeaderAuthorize ,
282+ SkipKey : msecurity .MetadataSecuritySkipKey ,
283+ PublicPaths : nil ,
284+ Skipper : func (path string ) bool {
285+ return false
286+ },
287+ IsRoot : func (ctx context.Context , claims security.Claims ) bool {
288+ return claims .GetSubject () == "root" || claims .GetSubject () == "admin"
289+ },
290+ TokenParser : nil ,
291+ }
292+ return & bridge
293+ }
0 commit comments