99import io .vertx .ext .web .RoutingContext ;
1010import org .slf4j .Logger ;
1111import org .slf4j .LoggerFactory ;
12+ import com .uid2 .shared .audit .AuditParams ;
13+ import com .uid2 .shared .audit .Audit ;
1214
1315import java .util .*;
1416
@@ -17,6 +19,7 @@ public class AdminAuthMiddleware {
1719 private final AuthProvider authProvider ;
1820 private final String environment ;
1921 private final boolean isAuthDisabled ;
22+ private final Audit audit ;
2023
2124 final Map <Role , List <OktaGroup >> roleToOktaGroups = new EnumMap <>(Role .class );
2225 public AdminAuthMiddleware (AuthProvider authProvider , JsonObject config ) {
@@ -26,6 +29,7 @@ public AdminAuthMiddleware(AuthProvider authProvider, JsonObject config) {
2629 roleToOktaGroups .put (Role .MAINTAINER , parseOktaGroups (config .getString (AdminConst .ROLE_OKTA_GROUP_MAP_MAINTAINER )));
2730 roleToOktaGroups .put (Role .PRIVILEGED , parseOktaGroups (config .getString (AdminConst .ROLE_OKTA_GROUP_MAP_PRIVILEGED )));
2831 roleToOktaGroups .put (Role .SUPER_USER , parseOktaGroups (config .getString (AdminConst .ROLE_OKTA_GROUP_MAP_SUPER_USER )));
32+ this .audit = new Audit ();
2933 }
3034
3135 private List <OktaGroup > parseOktaGroups (final String oktaGroups ) {
@@ -40,15 +44,30 @@ private List<OktaGroup> parseOktaGroups(final String oktaGroups) {
4044 return allOktaGroups ;
4145 }
4246
43- public Handler <RoutingContext > handle (Handler <RoutingContext > handler , Role ... roles ) {
47+ public Handler <RoutingContext > handle (Handler <RoutingContext > handler , AuditParams params , Role ... roles ) {
4448 if (isAuthDisabled ) return handler ;
4549 if (roles == null || roles .length == 0 ) {
4650 throw new IllegalArgumentException ("must specify at least one role" );
4751 }
48- AdminAuthHandler adminAuthHandler = new AdminAuthHandler (handler , authProvider , Set .of (roles ), environment , roleToOktaGroups );
52+ Handler <RoutingContext > loggedHandler = logAndHandle (handler , params );
53+ AdminAuthHandler adminAuthHandler = new AdminAuthHandler (loggedHandler , authProvider , Set .of (roles ),
54+ environment , roleToOktaGroups );
4955 return adminAuthHandler ::handle ;
5056 }
5157
58+ public Handler <RoutingContext > handle (Handler <RoutingContext > handler , Role ... roles ) {
59+ // change to AdminAuthMiddleware.class.getPackage().getName();
60+ return this .handle (handler , null , roles );
61+ }
62+
63+
64+ private Handler <RoutingContext > logAndHandle (Handler <RoutingContext > handler , AuditParams params ) {
65+ return ctx -> {
66+ ctx .addBodyEndHandler (v -> this .audit .log (ctx , params ));
67+ handler .handle (ctx );
68+ };
69+ }
70+
5271 private static class AdminAuthHandler {
5372 private final String environment ;
5473 private final Handler <RoutingContext > innerHandler ;
@@ -133,6 +152,10 @@ private void validateAccessToken(RoutingContext rc, String accessToken) {
133152 return ;
134153 }
135154 List <String > scopes = (List <String >) jwt .getClaims ().get ("scp" );
155+ JsonObject serviceAccountDetails = new JsonObject ();
156+ serviceAccountDetails .put ("scope" , (List <String >) jwt .getClaims ().get ("scp" ));
157+ serviceAccountDetails .put ("client_id" , jwt .getClaims ().get ("client_id" ));
158+ rc .put ("userDetails" , serviceAccountDetails );
136159 if (isAuthorizedService (scopes )) {
137160 innerHandler .handle (rc );
138161 } else {
@@ -154,6 +177,11 @@ private void validateIdToken(RoutingContext rc, String idToken) {
154177 return ;
155178 }
156179 List <String > groups = (List <String >) jwt .getClaims ().get ("groups" );
180+ JsonObject userDetails = new JsonObject ();
181+ userDetails .put ("groups" , (List <String >) jwt .getClaims ().get ("groups" ));
182+ userDetails .put ("email" , jwt .getClaims ().get ("email" ));
183+ userDetails .put ("sub" , jwt .getClaims ().get ("sub" ));
184+ rc .put ("userDetails" , userDetails );
157185 if (isAuthorizedUser (groups )) {
158186 innerHandler .handle (rc );
159187 } else {
0 commit comments