path: root/src/main/scala/xyz/driver/core/rest/auth/AuthProvider.scala
diff options
authorJakob Odersky <jakob@driver.xyz>2018-09-12 16:40:57 -0700
committerJakob Odersky <jakob@odersky.com>2018-10-09 16:19:39 -0700
commit4d1197099ce4e721c18bf4cacbb2e1980e4210b5 (patch)
tree1d3c2e482d5acf8ca613ba65fb5401c41ad686b5 /src/main/scala/xyz/driver/core/rest/auth/AuthProvider.scala
parent7c755c77afbd67ae2ded9d8b004736d4e27e208f (diff)
Move REST functionality to separate project
Diffstat (limited to 'src/main/scala/xyz/driver/core/rest/auth/AuthProvider.scala')
1 files changed, 0 insertions, 75 deletions
diff --git a/src/main/scala/xyz/driver/core/rest/auth/AuthProvider.scala b/src/main/scala/xyz/driver/core/rest/auth/AuthProvider.scala
deleted file mode 100644
index e1a94e1..0000000
--- a/src/main/scala/xyz/driver/core/rest/auth/AuthProvider.scala
+++ /dev/null
@@ -1,75 +0,0 @@
-package xyz.driver.core.rest.auth
-import akka.http.scaladsl.server.directives.Credentials
-import com.typesafe.scalalogging.Logger
-import scalaz.OptionT
-import xyz.driver.core.auth.{AuthToken, Permission, User}
-import xyz.driver.core.rest.errors.{ExternalServiceException, UnauthorizedException}
-import xyz.driver.core.rest.{AuthorizedServiceRequestContext, ContextHeaders, ServiceRequestContext, serviceContext}
-import scala.concurrent.{ExecutionContext, Future}
-abstract class AuthProvider[U <: User](
- val authorization: Authorization[U],
- log: Logger,
- val realm: String
-)(implicit execution: ExecutionContext) {
- import akka.http.scaladsl.server._
- import Directives.{authorize => akkaAuthorize, _}
- def this(authorization: Authorization[U], log: Logger)(implicit executionContext: ExecutionContext) =
- this(authorization, log, "driver.xyz")
- /**
- * Specific implementation on how to extract user from request context,
- * can either need to do a network call to auth server or extract everything from self-contained token
- *
- * @param ctx set of request values which can be relevant to authenticate user
- * @return authenticated user
- */
- def authenticatedUser(implicit ctx: ServiceRequestContext): OptionT[Future, U]
- protected def authenticator(context: ServiceRequestContext): AsyncAuthenticator[U] = {
- case Credentials.Missing =>
- log.info(s"Request (${context.trackingId}) missing authentication credentials")
- Future.successful(None)
- case Credentials.Provided(authToken) =>
- authenticatedUser(context.withAuthToken(AuthToken(authToken))).run.recover({
- case ExternalServiceException(_, _, Some(UnauthorizedException(_))) => None
- })
- }
- /**
- * Verifies that a user agent is properly authenticated, and (optionally) authorized with the specified permissions
- */
- def authorize(
- context: ServiceRequestContext,
- permissions: Permission*): Directive1[AuthorizedServiceRequestContext[U]] = {
- authenticateOAuth2Async[U](realm, authenticator(context)) flatMap { authenticatedUser =>
- val authCtx = context.withAuthenticatedUser(context.authToken.get, authenticatedUser)
- onSuccess(authorization.userHasPermissions(authenticatedUser, permissions)(authCtx)) flatMap {
- case AuthorizationResult(authorized, token) =>
- val allAuthorized = permissions.forall(authorized.getOrElse(_, false))
- akkaAuthorize(allAuthorized) tflatMap { _ =>
- val cachedPermissionsCtx = token.fold(authCtx)(authCtx.withPermissionsToken)
- provide(cachedPermissionsCtx)
- }
- }
- }
- }
- /**
- * Verifies if request is authenticated and authorized to have `permissions`
- */
- def authorize(permissions: Permission*): Directive1[AuthorizedServiceRequestContext[U]] = {
- serviceContext flatMap (authorize(_, permissions: _*))
- }
-object AuthProvider {
- val AuthenticationTokenHeader: String = ContextHeaders.AuthenticationTokenHeader
- val PermissionsTokenHeader: String = ContextHeaders.PermissionsTokenHeader
- val SetAuthenticationTokenHeader: String = "set-authorization"
- val SetPermissionsTokenHeader: String = "set-permissions"