Actually read roles from config instead of hard coding

biilmann · biilmann · commit 0ed5d2bcfb49 · 2017-09-05T16:31:59.000-07:00
diff --git a/api/context.go b/api/context.go
@@ -54,11 +54,6 @@ func getClaims(ctx context.Context) *GatewayClaims {
 	return token.Claims.(*GatewayClaims)
 }
 
-// TODO: actually get this from the config rather than hardcoding
-func getRoles(ctx context.Context) []Role {
-	return []Role{Role{Name: "admin"}, Role{Name: "cms"}}
-}
-
 func withRequestID(ctx context.Context, id string) context.Context {
 	return context.WithValue(ctx, requestIDKey, id)
 }
diff --git a/api/github.go b/api/github.go
@@ -91,7 +91,7 @@ func (gh *GitHubGateway) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 func (gh *GitHubGateway) authenticate(w http.ResponseWriter, r *http.Request) error {
 	ctx := r.Context()
 	claims := getClaims(ctx)
-	adminRoles := getRoles(ctx)
+	config := getConfig(ctx)
 
 	if claims == nil {
 		return errors.New("Access to endpoint not allowed: no claims found in Bearer token")
@@ -101,7 +101,7 @@ func (gh *GitHubGateway) authenticate(w http.ResponseWriter, r *http.Request) er
 		return errors.New("Access to endpoint not allowed: this part of GitHub's API has been restricted")
 	}
 
-	if len(adminRoles) == 0 {
+	if len(config.Roles) == 0 {
 		return nil
 	}
 
@@ -110,8 +110,8 @@ func (gh *GitHubGateway) authenticate(w http.ResponseWriter, r *http.Request) er
 		roleStrings, _ := roles.([]interface{})
 		for _, data := range roleStrings {
 			role, _ := data.(string)
-			for _, adminRole := range adminRoles {
-				if role == adminRole.Name {
+			for _, adminRole := range config.Roles {
+				if role == adminRole {
 					return nil
 				}
 			}

Original file line number	Diff line number	Diff line change
`@@ -54,11 +54,6 @@ func getClaims(ctx context.Context) *GatewayClaims {`
`54`	`54`	`return token.Claims.(*GatewayClaims)`
`55`	`55`	`}`
`56`	`56`
`57`		`-// TODO: actually get this from the config rather than hardcoding`
`58`		`-func getRoles(ctx context.Context) []Role {`
`59`		`- return []Role{Role{Name: "admin"}, Role{Name: "cms"}}`
`60`		`-}`
`61`		`-`
`62`	`57`	`func withRequestID(ctx context.Context, id string) context.Context {`
`63`	`58`	`return context.WithValue(ctx, requestIDKey, id)`
`64`	`59`	`}`
Original file line number	Diff line number	Diff line change
`@@ -91,7 +91,7 @@ func (gh GitHubGateway) ServeHTTP(w http.ResponseWriter, r http.Request) {`
`91`	`91`	`func (gh GitHubGateway) authenticate(w http.ResponseWriter, r http.Request) error {`
`92`	`92`	`ctx := r.Context()`
`93`	`93`	`claims := getClaims(ctx)`
`94`		`- adminRoles := getRoles(ctx)`
	`94`	`+ config := getConfig(ctx)`
`95`	`95`
`96`	`96`	`if claims == nil {`
`97`	`97`	`return errors.New("Access to endpoint not allowed: no claims found in Bearer token")`
`@@ -101,7 +101,7 @@ func (gh GitHubGateway) authenticate(w http.ResponseWriter, r http.Request) er`
`101`	`101`	`return errors.New("Access to endpoint not allowed: this part of GitHub's API has been restricted")`
`102`	`102`	`}`
`103`	`103`
`104`		`- if len(adminRoles) == 0 {`
	`104`	`+ if len(config.Roles) == 0 {`
`105`	`105`	`return nil`
`106`	`106`	`}`
`107`	`107`
`@@ -110,8 +110,8 @@ func (gh GitHubGateway) authenticate(w http.ResponseWriter, r http.Request) er`
`110`	`110`	`roleStrings, _ := roles.([]interface{})`
`111`	`111`	`for _, data := range roleStrings {`
`112`	`112`	`role, _ := data.(string)`
`113`		`- for _, adminRole := range adminRoles {`
`114`		`- if role == adminRole.Name {`
	`113`	`+ for _, adminRole := range config.Roles {`
	`114`	`+ if role == adminRole {`
`115`	`115`	`return nil`
`116`	`116`	`}`
`117`	`117`	`}`