github.com/pf-qiu/concourse/v6@v6.7.3-0.20201207032516-1f455d73275f/atc/api/accessor/accessor_factory.go (about) 1 package accessor 2 3 import ( 4 "fmt" 5 "net/http" 6 7 "github.com/pf-qiu/concourse/v6/atc/db" 8 ) 9 10 //go:generate counterfeiter . TokenVerifier 11 12 type TokenVerifier interface { 13 Verify(req *http.Request) (map[string]interface{}, error) 14 } 15 16 //go:generate counterfeiter . TeamFetcher 17 18 type TeamFetcher interface { 19 GetTeams() ([]db.Team, error) 20 } 21 22 func NewAccessFactory( 23 tokenVerifier TokenVerifier, 24 teamFetcher TeamFetcher, 25 systemClaimKey string, 26 systemClaimValues []string, 27 ) AccessFactory { 28 return &accessFactory{ 29 tokenVerifier: tokenVerifier, 30 teamFetcher: teamFetcher, 31 systemClaimKey: systemClaimKey, 32 systemClaimValues: systemClaimValues, 33 } 34 } 35 36 type accessFactory struct { 37 tokenVerifier TokenVerifier 38 teamFetcher TeamFetcher 39 systemClaimKey string 40 systemClaimValues []string 41 } 42 43 func (a *accessFactory) Create(req *http.Request, role string) (Access, error) { 44 teams, err := a.teamFetcher.GetTeams() 45 if err != nil { 46 return nil, fmt.Errorf("fetch teams: %w", err) 47 } 48 return NewAccessor(a.verifyToken(req), role, a.systemClaimKey, a.systemClaimValues, teams), nil 49 } 50 51 func (a *accessFactory) verifyToken(req *http.Request) Verification { 52 claims, err := a.tokenVerifier.Verify(req) 53 if err != nil { 54 switch err { 55 case ErrVerificationNoToken: 56 return Verification{HasToken: false, IsTokenValid: false} 57 default: 58 return Verification{HasToken: true, IsTokenValid: false} 59 } 60 } 61 62 return Verification{HasToken: true, IsTokenValid: true, RawClaims: claims} 63 }