Skip to content

Commit d9daa77

Browse files
ryan-s-robertsryan-s-roberts
committed
Additional relation support:
* derivation * agent attribution Signed-off-by: Ryan <ryan.roberts@btp.works>
1 parent 2a6ba18 commit d9daa77

File tree

14 files changed

+601
-226
lines changed

14 files changed

+601
-226
lines changed

crates/api/src/chronicle_graphql/authorization.rs

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -42,9 +42,10 @@ pub enum Error {
4242
UnexpectedResponse { server: String, status: StatusCode },
4343
}
4444

45+
#[derive(Clone)]
4546
pub struct TokenChecker {
4647
client: reqwest::Client,
47-
verifier: Option<RemoteJwksVerifier>,
48+
verifier: Option<Arc<RemoteJwksVerifier>>,
4849
jwks_uri: Option<JwksUri>,
4950
userinfo_uri: Option<UserInfoUri>,
5051
userinfo_cache: Arc<Mutex<TimedCache<String, Map<String, Value>>>>,
@@ -65,7 +66,7 @@ impl TokenChecker {
6566
None,
6667
Duration::from_secs(cache_expiry_seconds.into()),
6768
)
68-
}),
69+
}.into()),
6970
jwks_uri: jwks_uri.cloned(),
7071
userinfo_uri: userinfo_uri.cloned(),
7172
userinfo_cache: Arc::new(Mutex::new(TimedCache::with_lifespan(

crates/api/src/chronicle_graphql/mod.rs

Lines changed: 19 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -56,7 +56,7 @@ use crate::{ApiDispatch, ApiError, StoreError};
5656
#[macro_use]
5757
pub mod activity;
5858
pub mod agent;
59-
mod authorization;
59+
pub mod authorization;
6060
mod cursor_project;
6161
pub mod entity;
6262
pub mod mutation;
@@ -453,6 +453,18 @@ impl SecurityConf {
453453
) -> Self {
454454
Self { jwks_uri, userinfo_uri, id_claims, jwt_must_claim, allow_anonymous, opa }
455455
}
456+
457+
pub fn as_endpoint_conf(&self, cache_expiry_seconds: u32) -> EndpointSecurityConfiguration {
458+
EndpointSecurityConfiguration::new(
459+
TokenChecker::new(
460+
self.jwks_uri.as_ref(),
461+
self.userinfo_uri.as_ref(),
462+
cache_expiry_seconds
463+
),
464+
self.jwt_must_claim.clone(),
465+
self.allow_anonymous,
466+
)
467+
}
456468
}
457469

458470
#[async_trait::async_trait]
@@ -576,14 +588,16 @@ async fn execute_opa_check(
576588
}
577589
}
578590

579-
struct EndpointSecurityConfiguration {
591+
592+
#[derive(Clone)]
593+
pub struct EndpointSecurityConfiguration {
580594
checker: TokenChecker,
581-
must_claim: HashMap<String, String>,
582-
allow_anonymous: bool,
595+
pub must_claim: HashMap<String, String>,
596+
pub allow_anonymous: bool,
583597
}
584598

585599
impl EndpointSecurityConfiguration {
586-
fn new(
600+
pub fn new(
587601
checker: TokenChecker,
588602
must_claim: HashMap<String, String>,
589603
allow_anonymous: bool,

0 commit comments

Comments
 (0)