1
0
forked from baron/baron-sso

SSOT 전환

This commit is contained in:
2026-02-05 10:15:54 +09:00
parent c811b7e283
commit d8f133b1e5
13 changed files with 874 additions and 93 deletions

View File

@@ -17,6 +17,7 @@ type KetoService interface {
CheckPermission(ctx context.Context, subject, namespace, object, relation string) (bool, error)
CreateRelation(ctx context.Context, namespace, object, relation, subject string) error
DeleteRelation(ctx context.Context, namespace, object, relation, subject string) error
ListRelations(ctx context.Context, namespace, object, relation, subject string) ([]RelationTuple, error)
}
type ketoService struct {
@@ -42,6 +43,55 @@ func NewKetoService() KetoService {
}
}
type RelationTuple struct {
Namespace string `json:"namespace"`
Object string `json:"object"`
Relation string `json:"relation"`
SubjectID string `json:"subject_id"`
}
type relationTuplesResponse struct {
RelationTuples []RelationTuple `json:"relation_tuples"`
NextPageToken string `json:"next_page_token"`
}
func (s *ketoService) ListRelations(ctx context.Context, namespace, object, relation, subject string) ([]RelationTuple, error) {
u, _ := url.Parse(fmt.Sprintf("%s/relation-tuples", s.readURL))
q := u.Query()
if namespace != "" {
q.Set("namespace", namespace)
}
if object != "" {
q.Set("object", object)
}
if relation != "" {
q.Set("relation", relation)
}
if subject != "" {
q.Set("subject_id", subject)
}
u.RawQuery = q.Encode()
req, _ := http.NewRequestWithContext(ctx, "GET", u.String(), nil)
resp, err := s.client.Do(req)
if err != nil {
return nil, err
}
defer resp.Body.Close()
if resp.StatusCode != http.StatusOK {
body, _ := io.ReadAll(resp.Body)
return nil, fmt.Errorf("keto returned status %d: %s", resp.StatusCode, string(body))
}
var res relationTuplesResponse
if err := json.NewDecoder(resp.Body).Decode(&res); err != nil {
return nil, err
}
return res.RelationTuples, nil
}
type checkResponse struct {
Allowed bool `json:"allowed"`
}