feat: allow to customize scopes

Randoooom · Randoooom · commit f233b2cd741f · 2024-07-10T22:30:32.000+02:00
diff --git a/src/config.rs b/src/config.rs
@@ -34,35 +34,62 @@ lazy_static! {
         DatabaseConfiguration::extract().unwrap();
 }
 
-#[derive(Deserialize, Debug, Clone, Getters)]
-#[get = "pub"]
-pub struct Config {
-    #[serde(default = "default_global_rate_limit")]
-    global_rate_limit: u64,
-    oidc_provider: String,
-    #[serde(default = "default_oidc_audience")]
-    oidc_audience: String,
-    oidc_issuer: Option<String>,
-    config_path: Option<String>,
-    otlp_endpoint: Option<String>,
-    #[serde(default = "default_service_name")]
-    service_name: String
-}
+macro_rules! config {
+    (($($ident:ident: $type:ty $(,)? )*),  ($($dident:ident: $dtype:ty = $default:expr $(,)?)*)) => {
+        paste! {
+            #[derive(Deserialize, Debug, Clone, Getters)]
+            #[get = "pub"]
+            pub struct Config {
+                $(
+                    $ident: $type,
+                )*
+                
+                $(
+                    #[serde(default = "default_" $dident)]
+                    $dident: $dtype,
+                )*
+            }
 
-#[inline]
-fn default_global_rate_limit() -> u64 {
-    10
-}
 
-#[inline]
-fn default_oidc_audience() -> String {
-    "feedback-fusion".to_owned()
+            $(
+                #[inline]
+                fn [<default_ $dident>]() -> $dtype {
+                    $default.to_owned()
+                }
+            )*
+        }
+    };
 }
 
-#[inline]
-fn default_service_name() -> String {
-    "feedback-fusion".to_owned()
-}
+config!(
+    (
+        oidc_provider: String,
+        oidc_issuer: Option<String>,
+        config_path: Option<String>,
+        otlp_endpoint: Option<String>,
+    ),
+
+    (
+        global_rate_limit: u64 = 10,
+        service_name: String = "feedback-fusion"
+        oidc_audience: String = "feedback-fusion",
+
+        oidc_scope_api: String = "api:feedback-fusion",
+        oidc_scope_write: String = "feedback-fusion:write",
+        oidc_scope_read: String = "feedback-fusion:read",
+        
+        oidc_scope_write_target: String = "feedback-fusion:writeTarget",
+        oidc_scope_read_target: String = "feedback-fusion:readTarget"
+
+        oidc_scope_write_prompt: String = "feedback-fusion:writePrompt",
+        oidc_scope_read_prompt: String = "feedback-fusion:readPrompt"
+
+        oidc_scope_write_field: String = "feedback-fusion:writeField",
+        oidc_scope_read_field: String = "feedback-fusion:readField"
+
+        oidc_scope_read_response: String = "feedback-fusion:readResponse"
+    )
+);
 
 #[derive(Debug, Clone, Deserialize, Serialize, PartialEq)]
 pub struct InstanceConfig {
diff --git a/src/services/v1/mod.rs b/src/services/v1/mod.rs
@@ -21,7 +21,7 @@
 //OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 
 use crate::{database::schema::feedback::Prompt, prelude::*};
-use aliri_oauth2::{policy, scope, HasScope};
+use aliri_oauth2::{policy, HasScope};
 use aliri_traits::Policy;
 use feedback_fusion_common::proto::{
     feedback_fusion_v1_server::FeedbackFusionV1,
@@ -53,7 +53,7 @@ pub struct PublicFeedbackFusionV1Context {
 
 // https://github.com/neoeinstein/aliri/blob/main/aliri_tower/examples/.tonic.rs#L35
 macro_rules! handler {
-    ($handler:path, $self:ident, $request:ident, $policy:ident, $($scope:literal $(,)?)*) => {{
+    ($handler:path, $self:ident, $request:ident, $policy:ident, $($scope:expr $(,)?)*) => {{
          $policy
             .evaluate(
                 $request
@@ -76,12 +76,12 @@ macro_rules! handler {
 
         handler!($handler, $self, $request)
     }};
-    ($handler:path, $self:ident, $request:ident, $($scope:literal $(,)?)*, $target:block) => {{
+    ($handler:path, $self:ident, $request:ident, $($scope:expr $(,)?)* => $target:block) => {{
         paste! {
             let policy = policy![
-                scope!["api:feedback-fusion"]
+                aliri_oauth2::Scope::empty().and(aliri_oauth2::scope::ScopeToken::from_string(CONFIG.oidc_scope_api().clone()).unwrap())
                 $(,
-                    scope![$scope]
+                    aliri_oauth2::Scope::empty().and(aliri_oauth2::scope::ScopeToken::from_string($scope.to_string()).unwrap())
                 )*
             ];
 
@@ -145,11 +145,11 @@ macro_rules! handler {
             }
         }
     }};
-    ($handler:path, $self:ident, $request:ident, $($scope:literal $(,)?)*) => {{
+    ($handler:path, $self:ident, $request:ident, $($scope:expr $(,)?)*) => {{
         let policy = policy![
-            scope!["api:feedback-fusion"]
+            aliri_oauth2::Scope::empty().and(aliri_oauth2::scope::ScopeToken::from_string(CONFIG.oidc_scope_api().clone()).unwrap())
             $(,
-                scope![$scope]
+                aliri_oauth2::Scope::empty().and(aliri_oauth2::scope::ScopeToken::from_string($scope.to_string()).unwrap())
             )*
         ];
 
@@ -196,7 +196,8 @@ impl FeedbackFusionV1 for FeedbackFusionV1Context {
             target::create_target,
             self,
             request,
-            "feedback-fusion:write"
+            CONFIG.oidc_scope_write(),
+            CONFIG.oidc_scope_write_target()
         )
     }
 
@@ -209,9 +210,9 @@ impl FeedbackFusionV1 for FeedbackFusionV1Context {
             target::get_target,
             self,
             request,
-            "feedback-fusion:read",
-            "feedback-fusion:getTarget",
-            { Ok::<_, FeedbackFusionError>(Some(request.get_ref().id.clone())) }
+            CONFIG.oidc_scope_read(),
+            CONFIG.oidc_scope_read_target()
+            => { Ok::<_, FeedbackFusionError>(Some(request.get_ref().id.clone())) }
         )
     }
 
@@ -224,8 +225,8 @@ impl FeedbackFusionV1 for FeedbackFusionV1Context {
             target::get_targets,
             self,
             request,
-            "feedback-fusion:read",
-            "feedback-fusion:listTargets"
+            CONFIG.oidc_scope_read(),
+            CONFIG.oidc_scope_read_target()
         )
     }
 
@@ -238,9 +239,9 @@ impl FeedbackFusionV1 for FeedbackFusionV1Context {
             target::update_target,
             self,
             request,
-            "feedback-fusion:write",
-            "feedback-fusion:putTarget",
-            { Ok::<_, FeedbackFusionError>(Some(request.get_ref().id.clone())) }
+            CONFIG.oidc_scope_write(),
+            CONFIG.oidc_scope_write_target()
+            => { Ok::<_, FeedbackFusionError>(Some(request.get_ref().id.clone())) }
         )
     }
 
@@ -253,9 +254,9 @@ impl FeedbackFusionV1 for FeedbackFusionV1Context {
             target::delete_target,
             self,
             request,
-            "feedback-fusion:write",
-            "feedback-fusion:deleteTarget",
-            { Ok::<_, FeedbackFusionError>(Some(request.get_ref().id.clone())) }
+            CONFIG.oidc_scope_write(),
+            CONFIG.oidc_scope_write_target()
+            => { Ok::<_, FeedbackFusionError>(Some(request.get_ref().id.clone())) }
         )
     }
 
@@ -268,9 +269,9 @@ impl FeedbackFusionV1 for FeedbackFusionV1Context {
             prompt::create_prompt,
             self,
             request,
-            "feedback-fusion:write",
-            "feedback-fusion:writePrompt",
-            { Ok::<_, FeedbackFusionError>(Some(request.get_ref().target.clone())) }
+            CONFIG.oidc_scope_write(),
+            CONFIG.oidc_scope_write_prompt()
+            => { Ok::<_, FeedbackFusionError>(Some(request.get_ref().target.clone())) }
         )
     }
 
@@ -283,9 +284,9 @@ impl FeedbackFusionV1 for FeedbackFusionV1Context {
             prompt::get_prompts,
             self,
             request,
-            "feedback-fusion:read",
-            "feedback-fusion:listPrompts",
-            { Ok::<_, FeedbackFusionError>(Some(request.get_ref().target.clone())) }
+            CONFIG.oidc_scope_read(),
+            CONFIG.oidc_scope_read_prompt()
+            => { Ok::<_, FeedbackFusionError>(Some(request.get_ref().target.clone())) }
         )
     }
 
@@ -298,9 +299,9 @@ impl FeedbackFusionV1 for FeedbackFusionV1Context {
             prompt::update_prompt,
             self,
             request,
-            "feedback-fusion:write",
-            "feedback-fusion:putPrompt",
-            {
+            CONFIG.oidc_scope_write(),
+            CONFIG.oidc_scope_write_prompt()
+            => {
                 Ok::<_, FeedbackFusionError>(
                     database_request!(
                         Prompt::select_by_id(self.connection(), request.get_ref().id.as_str())
@@ -322,9 +323,9 @@ impl FeedbackFusionV1 for FeedbackFusionV1Context {
             prompt::delete_prompt,
             self,
             request,
-            "feedback-fusion:write",
-            "feedback-fusion:deleteTarget",
-            {
+            CONFIG.oidc_scope_write(),
+            CONFIG.oidc_scope_write_prompt()
+            => {
                 Ok::<_, FeedbackFusionError>(
                     database_request!(
                         Prompt::select_by_id(self.connection(), request.get_ref().id.as_str())
@@ -346,9 +347,9 @@ impl FeedbackFusionV1 for FeedbackFusionV1Context {
             field::create_field,
             self,
             request,
-            "feedback-fusion:write",
-            "feedback-fusion:writeField",
-            {
+            CONFIG.oidc_scope_write(),
+            CONFIG.oidc_scope_write_field()
+            => {
                 Ok::<_, FeedbackFusionError>(
                     database_request!(
                         Prompt::select_by_id(self.connection(), request.get_ref().prompt.as_str())
@@ -370,9 +371,9 @@ impl FeedbackFusionV1 for FeedbackFusionV1Context {
             field::get_fields,
             self,
             request,
-            "feedback-fusion:read",
-            "feedback-fusion:listFields",
-            {
+            CONFIG.oidc_scope_read(),
+            CONFIG.oidc_scope_read_field()
+            => {
                 Ok::<_, FeedbackFusionError>(
                     database_request!(
                         Prompt::select_by_id(self.connection(), request.get_ref().prompt.as_str())
@@ -394,9 +395,9 @@ impl FeedbackFusionV1 for FeedbackFusionV1Context {
             field::update_field,
             self,
             request,
-            "feedback-fusion:write",
-            "feedback-fusion:putField",
-            {
+            CONFIG.oidc_scope_write(),
+            CONFIG.oidc_scope_write_field()
+            => {
                 let prompt: Option<Prompt> = database_request!(
                     self.connection()
                         .query_decode(
@@ -420,9 +421,9 @@ impl FeedbackFusionV1 for FeedbackFusionV1Context {
             field::delete_field,
             self,
             request,
-            "feedback-fusion:write",
-            "feedback-fusion:deleteField",
-            {
+            CONFIG.oidc_scope_write(),
+            CONFIG.oidc_scope_write_field()
+            => {
                 let prompt: Option<Prompt> = database_request!(
                     self.connection()
                         .query_decode(
@@ -446,9 +447,9 @@ impl FeedbackFusionV1 for FeedbackFusionV1Context {
             response::get_responses,
             self,
             request,
-            "feedback-fusion:read",
-            "feedback-fusion:listResponses",
-            {
+            CONFIG.oidc_scope_read(),
+            CONFIG.oidc_scope_read_response()
+            => {
                 Ok::<_, FeedbackFusionError>(
                     database_request!(
                         Prompt::select_by_id(self.connection(), request.get_ref().prompt.as_str())
