Skip to content

Commit

Permalink
Merge pull request #83 from Dewberry/patch/separate-config-struct
Browse files Browse the repository at this point in the history
Separate config from backend services in RESTHandler struct
  • Loading branch information
ar-siddiqui authored Dec 21, 2023
2 parents e72d7eb + 96c457e commit d9b4a1c
Show file tree
Hide file tree
Showing 4 changed files with 35 additions and 23 deletions.
28 changes: 20 additions & 8 deletions api/handlers/config.go
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,21 @@ func (t Template) Render(w io.Writer, name string, data interface{}, c echo.Cont
return t.templates.ExecuteTemplate(w, name, data)
}

// Store configuration that need to be passed around to handler funcs.
// Config holds the configuration settings for the REST API server.
type Config struct {
// Only settings that are typically environment-specific and can be loaded from
// external sources like configuration files, environment variables, or remote
// configuration services, should go here.

// Read DEV_GUIDE.md to learn about these
AuthLevel int
AdminRoleName string
ServiceRoleName string
}

// RESTHandler encapsulates the operational components and dependencies necessary for handling
// RESTful API requests by different handler functions and orchestrating interactions with
// various backend services and resources.
type RESTHandler struct {
Name string
Title string
Expand All @@ -41,11 +55,7 @@ type RESTHandler struct {
MessageQueue *jobs.MessageQueue
ActiveJobs *jobs.ActiveJobs
ProcessList *pr.ProcessList

// Read DEV_GUIDE.md to learn about these
AuthLevel int
AdminRoleName string
ServiceRoleName string
Config *Config
}

// Pretty print a JSON
Expand Down Expand Up @@ -79,8 +89,10 @@ func NewRESTHander() *RESTHandler {
"http://www.opengis.net/spec/ogcapi-processes-1/1.0/conf/job-list",
"http://www.opengis.net/spec/ogcapi-processes-1/1.0/conf/dismiss",
},
AdminRoleName: os.Getenv("AUTH_ADMIN_ROLE"),
ServiceRoleName: os.Getenv("AUTH_SERVICE_ROLE"),
Config: &Config{
AdminRoleName: os.Getenv("AUTH_ADMIN_ROLE"),
ServiceRoleName: os.Getenv("AUTH_SERVICE_ROLE"),
},
}

dbType, exist := os.LookupEnv("DB_SERVICE")
Expand Down
16 changes: 8 additions & 8 deletions api/handlers/handlers.go
Original file line number Diff line number Diff line change
Expand Up @@ -164,11 +164,11 @@ func (rh *RESTHandler) Execution(c echo.Context) error {
return c.JSON(http.StatusBadRequest, errResponse{Message: "'processID' incorrect"})
}

if rh.AuthLevel > 0 {
if rh.Config.AuthLevel > 0 {
roles := strings.Split(c.Request().Header.Get("X-ProcessAPI-User-Roles"), ",")

// admins are allowed to execute all processes, else you need to have a role with same name as processId
if !utils.StringInSlice(rh.AdminRoleName, roles) && !utils.StringInSlice(processID, roles) {
if !utils.StringInSlice(rh.Config.AdminRoleName, roles) && !utils.StringInSlice(processID, roles) {
return c.JSON(http.StatusUnauthorized, errResponse{Message: "unauthorized"})
}
}
Expand Down Expand Up @@ -302,10 +302,10 @@ func (rh *RESTHandler) JobDismissHandler(c echo.Context) error {
jobID := c.Param("jobID")
if j, ok := rh.ActiveJobs.Jobs[jobID]; ok {

if rh.AuthLevel > 0 {
if rh.Config.AuthLevel > 0 {
roles := strings.Split(c.Request().Header.Get("X-ProcessAPI-User-Roles"), ",")

if (*j).SUBMITTER() != c.Request().Header.Get("X-ProcessAPI-User-Email") && !utils.StringInSlice(rh.AdminRoleName, roles) {
if (*j).SUBMITTER() != c.Request().Header.Get("X-ProcessAPI-User-Email") && !utils.StringInSlice(rh.Config.AdminRoleName, roles) {
return c.JSON(http.StatusUnauthorized, errResponse{Message: "unauthorized"})
}
}
Expand Down Expand Up @@ -563,10 +563,10 @@ func (rh *RESTHandler) ListJobsHandler(c echo.Context) error {
}
}

if rh.AuthLevel > 0 {
if rh.Config.AuthLevel > 0 {
roles := strings.Split(c.Request().Header.Get("X-ProcessAPI-User-Roles"), ",")

if !utils.StringInSlice(rh.AdminRoleName, roles) {
if !utils.StringInSlice(rh.Config.AdminRoleName, roles) {
submitters = c.Request().Header.Get("X-ProcessAPI-User-Email")
}
}
Expand Down Expand Up @@ -623,11 +623,11 @@ func (rh *RESTHandler) ListJobsHandler(c echo.Context) error {
//
// Time must be in RFC3339(ISO) format
func (rh *RESTHandler) JobStatusUpdateHandler(c echo.Context) error {
if rh.AuthLevel > 0 {
if rh.Config.AuthLevel > 0 {
roles := strings.Split(c.Request().Header.Get("X-ProcessAPI-User-Roles"), ",")

// only service accounts or admins can post status updates
if !utils.StringInSlice(rh.ServiceRoleName, roles) && !utils.StringInSlice(rh.AdminRoleName, roles) {
if !utils.StringInSlice(rh.Config.ServiceRoleName, roles) && !utils.StringInSlice(rh.Config.AdminRoleName, roles) {
return c.JSON(http.StatusUnauthorized, errResponse{Message: "unauthorized"})
}
}
Expand Down
12 changes: 6 additions & 6 deletions api/handlers/processes_handlers.go
Original file line number Diff line number Diff line change
Expand Up @@ -112,11 +112,11 @@ func (rh *RESTHandler) ProcessDescribeHandler(c echo.Context) error {
// AddProcessHandler adds a new process configuration
func (rh *RESTHandler) AddProcessHandler(c echo.Context) error {

if rh.AuthLevel > 0 {
if rh.Config.AuthLevel > 0 {
roles := strings.Split(c.Request().Header.Get("X-ProcessAPI-User-Roles"), ",")

// non-admins are not allowed
if !utils.StringInSlice(rh.AdminRoleName, roles) {
if !utils.StringInSlice(rh.Config.AdminRoleName, roles) {
return c.JSON(http.StatusUnauthorized, errResponse{Message: "unauthorized"})
}
}
Expand Down Expand Up @@ -173,11 +173,11 @@ func (rh *RESTHandler) AddProcessHandler(c echo.Context) error {
// UpdateProcessHandler updates an existing process configuration
func (rh *RESTHandler) UpdateProcessHandler(c echo.Context) error {

if rh.AuthLevel > 0 {
if rh.Config.AuthLevel > 0 {
roles := strings.Split(c.Request().Header.Get("X-ProcessAPI-User-Roles"), ",")

// non-admins are not allowed
if !utils.StringInSlice(rh.AdminRoleName, roles) {
if !utils.StringInSlice(rh.Config.AdminRoleName, roles) {
return c.JSON(http.StatusUnauthorized, errResponse{Message: "unauthorized"})
}
}
Expand Down Expand Up @@ -244,11 +244,11 @@ func (rh *RESTHandler) UpdateProcessHandler(c echo.Context) error {
// DeleteProcessHandler deletes a process configuration
func (rh *RESTHandler) DeleteProcessHandler(c echo.Context) error {

if rh.AuthLevel > 0 {
if rh.Config.AuthLevel > 0 {
roles := strings.Split(c.Request().Header.Get("X-ProcessAPI-User-Roles"), ",")

// non-admins are not allowed
if !utils.StringInSlice(rh.AdminRoleName, roles) {
if !utils.StringInSlice(rh.Config.AdminRoleName, roles) {
return c.JSON(http.StatusUnauthorized, errResponse{Message: "unauthorized"})
}
}
Expand Down
2 changes: 1 addition & 1 deletion api/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -279,7 +279,7 @@ func main() {
// Create a group for all routes that need to be protected when AUTH_LEVEL = protected
pg := e.Group("")
authLvl := initAuth(e, pg)
rh.AuthLevel = authLvl
rh.Config.AuthLevel = authLvl

// Server
e.GET("/", rh.LandingPage)
Expand Down

0 comments on commit d9b4a1c

Please sign in to comment.