phoenix-oss/open-mcp-auth-proxy-upstream
0
0
Fork 1
mirror of https://github.com/wso2/open-mcp-auth-proxy.git synced 2025-07-16 08:05:02 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Update scope validator

Browse source
This commit is contained in:
NipuniBhagya 2025-05-18 13:07:08 +05:30
parent 33671e6dd1
commit 5b1daaefc3
6 changed files with 52 additions and 51 deletions
Download patch file Download diff file Expand all files Collapse all files

19
internal/authz/access_control.go Normal file
View file

@ -0,0 +1,19 @@
package authz
import "net/http"
type Decision int
const (
DecisionAllow Decision = iota
DecisionDeny
)
type AccessControlResult struct {
Decision Decision
Message string
}
type AccessControl interface {
ValidateAccess(r *http.Request, claims *TokenClaims, requiredScopes any) AccessControlResult
}

19
internal/authz/policy.go
View file

@ -1,19 +0,0 @@
package authz
import "net/http"
type Decision int
const (
DecisionAllow Decision = iota
DecisionDeny
)
type PolicyResult struct {
Decision Decision
Message string
}
type PolicyEngine interface {
Evaluate(r *http.Request, claims *TokenClaims, requiredScopes any) PolicyResult
}

12
internal/authz/default_policy_engine.go → internal/authz/scope_validator.go
View file

@ -12,14 +12,14 @@ type TokenClaims struct {
Scopes []string
}
type DefaultPolicyEngine struct{}
type ScopeValidator struct{}
// Evaluate and checks the token claims against one or more required scopes.
func (d *DefaultPolicyEngine) Evaluate(
func (d *ScopeValidator) ValidateAccess(
_ *http.Request,
claims *TokenClaims,
requiredScopes any,
) PolicyResult {
) AccessControlResult {
logger.Info("Required scopes: %v", requiredScopes)
@ -32,7 +32,7 @@ func (d *DefaultPolicyEngine) Evaluate(
}
if strings.TrimSpace(scopeStr) == "" {
return PolicyResult{DecisionAllow, ""}
return AccessControlResult{DecisionAllow, ""}
}
scopes := strings.FieldsFunc(scopeStr, func(r rune) bool {
@ -48,7 +48,7 @@ func (d *DefaultPolicyEngine) Evaluate(
logger.Info("Token scopes: %v", claims.Scopes)
for _, tokenScope := range claims.Scopes {
if _, ok := required[tokenScope]; ok {
return PolicyResult{DecisionAllow, ""}
return AccessControlResult{DecisionAllow, ""}
}
}
@ -56,7 +56,7 @@ func (d *DefaultPolicyEngine) Evaluate(
for s := range required {
list = append(list, s)
}
return PolicyResult{
return AccessControlResult{
DecisionDeny,
fmt.Sprintf("missing required scope(s): %s", strings.Join(list, ", ")),
}