39 lines
1.1 KiB
Go
39 lines
1.1 KiB
Go
package authorization
|
|
|
|
import (
|
|
"context"
|
|
|
|
"github.com/influxdata/influxdb/v2"
|
|
"github.com/influxdata/influxdb/v2/authorizer"
|
|
"github.com/influxdata/influxdb/v2/kit/platform"
|
|
)
|
|
|
|
type AuthFinder interface {
|
|
FindAuthorizationByID(ctx context.Context, id platform.ID) (*influxdb.Authorization, error)
|
|
}
|
|
|
|
// AuthedPasswordService is middleware for authorizing requests to the inner PasswordService.
|
|
type AuthedPasswordService struct {
|
|
auth AuthFinder
|
|
inner PasswordService
|
|
}
|
|
|
|
// NewAuthedPasswordService wraps an existing PasswordService with authorization middleware.
|
|
func NewAuthedPasswordService(auth AuthFinder, inner PasswordService) *AuthedPasswordService {
|
|
return &AuthedPasswordService{auth: auth, inner: inner}
|
|
}
|
|
|
|
// SetPassword overrides the password of a known user.
|
|
func (s *AuthedPasswordService) SetPassword(ctx context.Context, authID platform.ID, password string) error {
|
|
auth, err := s.auth.FindAuthorizationByID(ctx, authID)
|
|
if err != nil {
|
|
return ErrAuthNotFound
|
|
}
|
|
|
|
if _, _, err := authorizer.AuthorizeWriteResource(ctx, influxdb.UsersResourceType, auth.UserID); err != nil {
|
|
return err
|
|
}
|
|
|
|
return s.inner.SetPassword(ctx, authID, password)
|
|
}
|