Update scope validator

2025-06-28 17:34:19 +00:00 · 2025-05-18 13:07:08 +05:30 · 2025-05-18 13:07:08 +05:30 · 5b1daaefc3
commit 5b1daaefc3
parent 33671e6dd1
6 changed files with 52 additions and 51 deletions
--- a/internal/authz/default_policy_engine.go
+++ b/internal/authz/default_policy_engine.go
@ -1,63 +0,0 @@
-package authz
-
-import (
-	"fmt"
-	"net/http"
-	"strings"
-
-	logger "github.com/wso2/open-mcp-auth-proxy/internal/logging"
-)
-
-type TokenClaims struct {
-	Scopes []string
-}
-
-type DefaultPolicyEngine struct{}
-
-// Evaluate and checks the token claims against one or more required scopes.
-func (d *DefaultPolicyEngine) Evaluate(
-	_ *http.Request,
-	claims *TokenClaims,
-	requiredScopes any,
-) PolicyResult {
-
-	logger.Info("Required scopes: %v", requiredScopes)
-
-	var scopeStr string
-	switch v := requiredScopes.(type) {
-	case string:
-		scopeStr = v
-	case []string:
-		scopeStr = strings.Join(v, " ")
-	}
-
-	if strings.TrimSpace(scopeStr) == "" {
-		return PolicyResult{DecisionAllow, ""}
-	}
-
-	scopes := strings.FieldsFunc(scopeStr, func(r rune) bool {
-		return r == ' ' || r == ','
-	})
-	required := make(map[string]struct{}, len(scopes))
-	for _, s := range scopes {
-		if s = strings.TrimSpace(s); s != "" {
-			required[s] = struct{}{}
-		}
-	}
-
-	logger.Info("Token scopes: %v", claims.Scopes)
-	for _, tokenScope := range claims.Scopes {
-		if _, ok := required[tokenScope]; ok {
-			return PolicyResult{DecisionAllow, ""}
-		}
-	}
-
-	var list []string
-	for s := range required {
-		list = append(list, s)
-	}
-	return PolicyResult{
-		DecisionDeny,
-		fmt.Sprintf("missing required scope(s): %s", strings.Join(list, ", ")),
-	}
-}