Skip to content

Commit

Permalink
feat: assign clerk users role on creation
Browse files Browse the repository at this point in the history
  • Loading branch information
yashmehrotra committed Aug 23, 2023
1 parent 19cdb23 commit 8a0d777
Show file tree
Hide file tree
Showing 5 changed files with 28 additions and 9 deletions.
4 changes: 4 additions & 0 deletions api/global.go
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,10 @@ import (
"k8s.io/client-go/kubernetes"
)

const (
UserIDHeaderKey = "X-User-ID"
)

var SystemUserID *uuid.UUID
var CanaryCheckerPath string
var ApmHubPath string
Expand Down
23 changes: 19 additions & 4 deletions auth/clerk_client.go
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ import (
"github.com/flanksource/commons/logger"
"github.com/flanksource/incident-commander/api"
"github.com/flanksource/incident-commander/db"
"github.com/flanksource/incident-commander/rbac"
"github.com/golang-jwt/jwt/v4"
"github.com/labstack/echo/v4"
"github.com/patrickmn/go-cache"
Expand Down Expand Up @@ -83,7 +84,7 @@ func (h ClerkHandler) Session(next echo.HandlerFunc) echo.HandlerFunc {
}

c.Request().Header.Set(echo.HeaderAuthorization, fmt.Sprintf("Bearer %s", token))
c.Request().Header.Set(UserIDHeaderKey, user.ID.String())
c.Request().Header.Set(api.UserIDHeaderKey, user.ID.String())
return next(c)
}
}
Expand All @@ -109,15 +110,15 @@ func (h *ClerkHandler) getUser(ctx *api.Context, sessionToken string) (*api.Pers
Avatar: fmt.Sprint(claims["image_url"]),
ExternalID: fmt.Sprint(claims["user_id"]),
}
dbUser, err := h.createDBUserIfNotExists(ctx, user)
dbUser, err := h.createDBUserIfNotExists(ctx, user, fmt.Sprint(claims["role"]))
if err != nil {
return nil, "", err
}
h.userCache.SetDefault(sessionID, &dbUser)
return &dbUser, sessionID, nil
}

func (h *ClerkHandler) createDBUserIfNotExists(ctx *api.Context, user api.Person) (api.Person, error) {
func (h *ClerkHandler) createDBUserIfNotExists(ctx *api.Context, user api.Person, role string) (api.Person, error) {
existingUser, err := db.GetUserByExternalID(ctx, user.ExternalID)
if err == nil {
// User with the given external ID exists
Expand All @@ -129,5 +130,19 @@ func (h *ClerkHandler) createDBUserIfNotExists(ctx *api.Context, user api.Person
return api.Person{}, err
}

return db.CreateUser(ctx, user)
dbUser, err := db.CreateUser(ctx, user)
if err != nil {
return api.Person{}, err
}

roleToAdd := rbac.RoleEditor
if role == "admin" {
roleToAdd = rbac.RoleAdmin
}

if _, err := rbac.Enforcer.AddRoleForUser(dbUser.ID.String(), roleToAdd); err != nil {
return api.Person{}, err
}

return dbUser, nil
}
2 changes: 1 addition & 1 deletion auth/controllers.go
Original file line number Diff line number Diff line change
Expand Up @@ -118,7 +118,7 @@ func UpdateAccountProperties(c echo.Context) error {

func WhoAmI(c echo.Context) error {
ctx := c.(*api.Context)
userID := c.Request().Header.Get(UserIDHeaderKey)
userID := c.Request().Header.Get(api.UserIDHeaderKey)
user, err := db.GetUserByID(ctx, userID)
if err != nil {
return c.JSON(http.StatusInternalServerError, api.HTTPError{
Expand Down
4 changes: 2 additions & 2 deletions auth/middleware.go
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@ import (
"github.com/flanksource/commons/rand"
"github.com/flanksource/commons/utils"
"github.com/flanksource/duty/models"
"github.com/flanksource/incident-commander/api"
"github.com/google/uuid"
"github.com/labstack/echo/v4"
client "github.com/ory/client-go"
Expand All @@ -26,7 +27,6 @@ import (

const (
DefaultPostgrestRole = "postgrest_api"
UserIDHeaderKey = "X-User-ID"
)

var (
Expand Down Expand Up @@ -93,7 +93,7 @@ func (k *kratosMiddleware) Session(next echo.HandlerFunc) echo.HandlerFunc {
return c.String(http.StatusUnauthorized, "Unauthorized")
}
c.Request().Header.Set("Authorization", fmt.Sprintf("Bearer %s", token))
c.Request().Header.Set(UserIDHeaderKey, session.Identity.GetId())
c.Request().Header.Set(api.UserIDHeaderKey, session.Identity.GetId())

return next(c)
}
Expand Down
4 changes: 2 additions & 2 deletions rbac/middleware.go
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ import (

"github.com/flanksource/commons/collections"
"github.com/flanksource/commons/logger"
"github.com/flanksource/incident-commander/auth"
"github.com/flanksource/incident-commander/api"
"github.com/labstack/echo/v4"
)

Expand All @@ -24,7 +24,7 @@ func Authorization(object, action string) func(echo.HandlerFunc) echo.HandlerFun
return next(c)
}

userID := c.Request().Header.Get(auth.UserIDHeaderKey)
userID := c.Request().Header.Get(api.UserIDHeaderKey)
if userID == "" {
return c.String(http.StatusUnauthorized, errNoUserID)
}
Expand Down

0 comments on commit 8a0d777

Please sign in to comment.