Skip to content

Commit

Permalink
Additional relation support:
Browse files Browse the repository at this point in the history 
* derivation
* agent attribution

Signed-off-by: Ryan <[email protected]>
  • Loading branch information
@ryan-s-roberts
ryan-s-roberts committed Apr 22, 2024
1 parent 2a6ba18 commit d9daa77
Show file tree
Hide file tree
Showing 14 changed files with 601 additions and 226 deletions.
5 changes: 3 additions & 2 deletions crates/api/src/chronicle_graphql/authorization.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,9 +42,10 @@ pub enum Error {
UnexpectedResponse { server: String, status: StatusCode },
}

#[derive(Clone)]
pub struct TokenChecker {
client: reqwest::Client,
verifier: Option<RemoteJwksVerifier>,
verifier: Option<Arc<RemoteJwksVerifier>>,
jwks_uri: Option<JwksUri>,
userinfo_uri: Option<UserInfoUri>,
userinfo_cache: Arc<Mutex<TimedCache<String, Map<String, Value>>>>,
Expand All @@ -65,7 +66,7 @@ impl TokenChecker {
None,
Duration::from_secs(cache_expiry_seconds.into()),
)
}),
}.into()),
jwks_uri: jwks_uri.cloned(),
userinfo_uri: userinfo_uri.cloned(),
userinfo_cache: Arc::new(Mutex::new(TimedCache::with_lifespan(
Expand Down
24 changes: 19 additions & 5 deletions crates/api/src/chronicle_graphql/mod.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -56,7 +56,7 @@ use crate::{ApiDispatch, ApiError, StoreError};
#[macro_use]
pub mod activity;
pub mod agent;
mod authorization;
pub mod authorization;
mod cursor_project;
pub mod entity;
pub mod mutation;
Expand Down Expand Up @@ -453,6 +453,18 @@ impl SecurityConf {
) -> Self {
Self { jwks_uri, userinfo_uri, id_claims, jwt_must_claim, allow_anonymous, opa }
}

pub fn as_endpoint_conf(&self, cache_expiry_seconds: u32) -> EndpointSecurityConfiguration {
EndpointSecurityConfiguration::new(
TokenChecker::new(
self.jwks_uri.as_ref(),
self.userinfo_uri.as_ref(),
cache_expiry_seconds
),
self.jwt_must_claim.clone(),
self.allow_anonymous,
)
}
}

#[async_trait::async_trait]
Expand Down Expand Up @@ -576,14 +588,16 @@ async fn execute_opa_check(
}
}

struct EndpointSecurityConfiguration {

#[derive(Clone)]
pub struct EndpointSecurityConfiguration {
checker: TokenChecker,
must_claim: HashMap<String, String>,
allow_anonymous: bool,
pub must_claim: HashMap<String, String>,
pub allow_anonymous: bool,
}

impl EndpointSecurityConfiguration {
fn new(
pub fn new(
checker: TokenChecker,
must_claim: HashMap<String, String>,
allow_anonymous: bool,
Expand Down
Loading

0 comments on commit d9daa77

Please sign in to comment.