forked from baron/baron-sso
SSOT 전환
This commit is contained in:
@@ -17,6 +17,7 @@ type KetoService interface {
|
||||
CheckPermission(ctx context.Context, subject, namespace, object, relation string) (bool, error)
|
||||
CreateRelation(ctx context.Context, namespace, object, relation, subject string) error
|
||||
DeleteRelation(ctx context.Context, namespace, object, relation, subject string) error
|
||||
ListRelations(ctx context.Context, namespace, object, relation, subject string) ([]RelationTuple, error)
|
||||
}
|
||||
|
||||
type ketoService struct {
|
||||
@@ -42,6 +43,55 @@ func NewKetoService() KetoService {
|
||||
}
|
||||
}
|
||||
|
||||
type RelationTuple struct {
|
||||
Namespace string `json:"namespace"`
|
||||
Object string `json:"object"`
|
||||
Relation string `json:"relation"`
|
||||
SubjectID string `json:"subject_id"`
|
||||
}
|
||||
|
||||
type relationTuplesResponse struct {
|
||||
RelationTuples []RelationTuple `json:"relation_tuples"`
|
||||
NextPageToken string `json:"next_page_token"`
|
||||
}
|
||||
|
||||
func (s *ketoService) ListRelations(ctx context.Context, namespace, object, relation, subject string) ([]RelationTuple, error) {
|
||||
u, _ := url.Parse(fmt.Sprintf("%s/relation-tuples", s.readURL))
|
||||
q := u.Query()
|
||||
if namespace != "" {
|
||||
q.Set("namespace", namespace)
|
||||
}
|
||||
if object != "" {
|
||||
q.Set("object", object)
|
||||
}
|
||||
if relation != "" {
|
||||
q.Set("relation", relation)
|
||||
}
|
||||
if subject != "" {
|
||||
q.Set("subject_id", subject)
|
||||
}
|
||||
u.RawQuery = q.Encode()
|
||||
|
||||
req, _ := http.NewRequestWithContext(ctx, "GET", u.String(), nil)
|
||||
resp, err := s.client.Do(req)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
defer resp.Body.Close()
|
||||
|
||||
if resp.StatusCode != http.StatusOK {
|
||||
body, _ := io.ReadAll(resp.Body)
|
||||
return nil, fmt.Errorf("keto returned status %d: %s", resp.StatusCode, string(body))
|
||||
}
|
||||
|
||||
var res relationTuplesResponse
|
||||
if err := json.NewDecoder(resp.Body).Decode(&res); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
return res.RelationTuples, nil
|
||||
}
|
||||
|
||||
type checkResponse struct {
|
||||
Allowed bool `json:"allowed"`
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user