1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
|
local main = import "main.jsonnet";
local cookieSessionAuthenticator = {
handler: "cookie_session"
};
local oauth2ClientCredentialsAuthenticator = {
handler: "oauth2_client_credentials"
};
local allowAuthorizer = {
handler: "allow"
};
local ketoAuthorizer(object) = {
handler: "remote_json", config: {
remote: "https://keto.sso.internal.random.sh/check",
payload: |||
{
"namespace": "websites",
"subject": "{{ print .Subject }}",
"object": object,
"relation": "access"
}
|||}
};
local errorRedirectHandler = {
handler: "redirect",
config: {
to: main.sso.login_url,
return_to_query_param: "return_to"
}
};
local idTokenMutator = {handler: "id_token"};
local headerMutator = {handler: "header"};
{
authenticators: {
cookieSession: cookieSessionAuthenticator,
oauth2ClientCredentials: oauth2ClientCredentialsAuthenticator,
},
authorizers: {
keto: ketoAuthorizer,
allow: allowAuthorizer,
},
errors: {
redirect: errorRedirectHandler,
},
mutators: {
idToken: idTokenMutator,
header: headerMutator
},
allHttpMethods: ["OPTIONS", "GET", "POST", "PUT", "PATCH", "DELETE"],
}
|
