Skip to content

Commit

Permalink
rename mg to smq
Browse files Browse the repository at this point in the history 
Signed-off-by: nyagamunene <[email protected]>
  • Loading branch information
@nyagamunene
nyagamunene committed Dec 5, 2024
1 parent afc75a8 commit eaf5536
Show file tree
Hide file tree
Showing 8 changed files with 119 additions and 109 deletions.
2 changes: 0 additions & 2 deletions auth/api/http/transport.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,8 +11,6 @@ import (
"github.com/absmach/supermq/auth/api/http/keys"
"github.com/absmach/supermq/auth/api/http/pats"
"github.com/go-chi/chi/v5"
"github.com/absmach/magistrala/auth/api/http/pats"
"github.com/go-chi/chi/v5"
"github.com/prometheus/client_golang/prometheus/promhttp"
)

Expand Down
2 changes: 1 addition & 1 deletion auth/hasher/doc.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,5 +2,5 @@
// SPDX-License-Identifier: Apache-2.0

// Package hasher contains the domain concept definitions needed to
// support Magistrala users password hasher sub-service functionality.
// support Supermq users password hasher sub-service functionality.
package hasher
1 change: 1 addition & 0 deletions auth/hasher/hasher.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ import (
"strings"
"time"

"github.com/absmach/supermq/auth"
"github.com/absmach/supermq/pkg/errors"
"golang.org/x/crypto/scrypt"
)
Expand Down
59 changes: 30 additions & 29 deletions clients/middleware/authorization.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,9 +6,10 @@ package middleware
import (
"context"

"github.com/absmach/supermq/auth"
"github.com/absmach/supermq/clients"
"github.com/absmach/supermq/pkg/authn"
"github.com/absmach/supermq/pkg/authz"
smqauthz "github.com/absmach/supermq/pkg/authz"
"github.com/absmach/supermq/pkg/errors"
svcerr "github.com/absmach/supermq/pkg/errors/service"
"github.com/absmach/supermq/pkg/policies"
Expand Down Expand Up @@ -36,14 +37,14 @@ var _ clients.Service = (*authorizationMiddleware)(nil)
type authorizationMiddleware struct {
svc clients.Service
repo clients.Repository
authz mgauthz.Authorization
authz smqauthz.Authorization
opp svcutil.OperationPerm
extOpp svcutil.ExternalOperationPerm
rmMW.RoleManagerAuthorizationMiddleware
}

// AuthorizationMiddleware adds authorization to the clients service.
func AuthorizationMiddleware(entityType string, svc clients.Service, authz mgauthz.Authorization, repo clients.Repository, thingsOpPerm, rolesOpPerm map[svcutil.Operation]svcutil.Permission, extOpPerm map[svcutil.ExternalOperation]svcutil.Permission) (clients.Service, error) {
func AuthorizationMiddleware(entityType string, svc clients.Service, authz smqauthz.Authorization, repo clients.Repository, thingsOpPerm, rolesOpPerm map[svcutil.Operation]svcutil.Permission, extOpPerm map[svcutil.ExternalOperation]svcutil.Permission) (clients.Service, error) {
opp := clients.NewOperationPerm()
if err := opp.AddOperationPermissionMap(thingsOpPerm); err != nil {
return nil, err
Expand Down Expand Up @@ -74,7 +75,7 @@ func AuthorizationMiddleware(entityType string, svc clients.Service, authz mgaut

func (am *authorizationMiddleware) CreateClients(ctx context.Context, session authn.Session, client ...clients.Client) ([]clients.Client, error) {
if session.Type == authn.PersonalAccessToken {
if err := am.authz.AuthorizePAT(ctx, mgauthz.PatReq{
if err := am.authz.AuthorizePAT(ctx, smqauthz.PatReq{
UserID: session.UserID,
PatID: session.ID,
PlatformEntityType: auth.PlatformDomainsScope,
Expand All @@ -87,7 +88,7 @@ func (am *authorizationMiddleware) CreateClients(ctx context.Context, session au
}
}

if err := am.extAuthorize(ctx, clients.DomainOpCreateClient, authz.PolicyReq{
if err := am.extAuthorize(ctx, clients.DomainOpCreateClient, smqauthz.PolicyReq{
Domain: session.DomainID,
SubjectType: policies.UserType,
Subject: session.DomainUserID,
Expand All @@ -102,7 +103,7 @@ func (am *authorizationMiddleware) CreateClients(ctx context.Context, session au

func (am *authorizationMiddleware) View(ctx context.Context, session authn.Session, id string) (clients.Client, error) {
if session.Type == authn.PersonalAccessToken {
if err := am.authz.AuthorizePAT(ctx, mgauthz.PatReq{
if err := am.authz.AuthorizePAT(ctx, smqauthz.PatReq{
UserID: session.UserID,
PatID: session.ID,
PlatformEntityType: auth.PlatformDomainsScope,
Expand All @@ -115,7 +116,7 @@ func (am *authorizationMiddleware) View(ctx context.Context, session authn.Sessi
}
}

if err := am.authorize(ctx, clients.OpViewThing, authz.PolicyReq{
if err := am.authorize(ctx, clients.OpViewClient, smqauthz.PolicyReq{
Domain: session.DomainID,
SubjectType: policies.UserType,
Subject: session.DomainUserID,
Expand All @@ -129,7 +130,7 @@ func (am *authorizationMiddleware) View(ctx context.Context, session authn.Sessi

func (am *authorizationMiddleware) ListClients(ctx context.Context, session authn.Session, reqUserID string, pm clients.Page) (clients.ClientsPage, error) {
if session.Type == authn.PersonalAccessToken {
if err := am.authz.AuthorizePAT(ctx, mgauthz.PatReq{
if err := am.authz.AuthorizePAT(ctx, smqauthz.PatReq{
UserID: session.UserID,
PatID: session.ID,
PlatformEntityType: auth.PlatformDomainsScope,
Expand All @@ -151,7 +152,7 @@ func (am *authorizationMiddleware) ListClients(ctx context.Context, session auth

func (am *authorizationMiddleware) Update(ctx context.Context, session authn.Session, client clients.Client) (clients.Client, error) {
if session.Type == authn.PersonalAccessToken {
if err := am.authz.AuthorizePAT(ctx, mgauthz.PatReq{
if err := am.authz.AuthorizePAT(ctx, smqauthz.PatReq{
UserID: session.UserID,
PatID: session.ID,
PlatformEntityType: auth.PlatformDomainsScope,
Expand All @@ -164,7 +165,7 @@ func (am *authorizationMiddleware) Update(ctx context.Context, session authn.Ses
}
}

if err := am.authorize(ctx, clients.OpUpdateThing, authz.PolicyReq{
if err := am.authorize(ctx, clients.OpUpdateClient, smqauthz.PolicyReq{
Domain: session.DomainID,
SubjectType: policies.UserType,
Subject: session.DomainUserID,
Expand All @@ -179,7 +180,7 @@ func (am *authorizationMiddleware) Update(ctx context.Context, session authn.Ses

func (am *authorizationMiddleware) UpdateTags(ctx context.Context, session authn.Session, client clients.Client) (clients.Client, error) {
if session.Type == authn.PersonalAccessToken {
if err := am.authz.AuthorizePAT(ctx, mgauthz.PatReq{
if err := am.authz.AuthorizePAT(ctx, smqauthz.PatReq{
UserID: session.UserID,
PatID: session.ID,
PlatformEntityType: auth.PlatformDomainsScope,
Expand All @@ -192,7 +193,7 @@ func (am *authorizationMiddleware) UpdateTags(ctx context.Context, session authn
}
}

if err := am.authorize(ctx, clients.OpUpdateThingTags, authz.PolicyReq{
if err := am.authorize(ctx, clients.OpUpdateClientTags, smqauthz.PolicyReq{
Domain: session.DomainID,
SubjectType: policies.UserType,
Subject: session.DomainUserID,
Expand All @@ -207,7 +208,7 @@ func (am *authorizationMiddleware) UpdateTags(ctx context.Context, session authn

func (am *authorizationMiddleware) UpdateSecret(ctx context.Context, session authn.Session, id, key string) (clients.Client, error) {
if session.Type == authn.PersonalAccessToken {
if err := am.authz.AuthorizePAT(ctx, mgauthz.PatReq{
if err := am.authz.AuthorizePAT(ctx, smqauthz.PatReq{
UserID: session.UserID,
PatID: session.ID,
PlatformEntityType: auth.PlatformDomainsScope,
Expand All @@ -220,7 +221,7 @@ func (am *authorizationMiddleware) UpdateSecret(ctx context.Context, session aut
}
}

if err := am.authorize(ctx, clients.OpUpdateThingSecret, authz.PolicyReq{
if err := am.authorize(ctx, clients.OpUpdateClientSecret, smqauthz.PolicyReq{
Domain: session.DomainID,
SubjectType: policies.UserType,
Subject: session.DomainUserID,
Expand All @@ -234,7 +235,7 @@ func (am *authorizationMiddleware) UpdateSecret(ctx context.Context, session aut

func (am *authorizationMiddleware) Enable(ctx context.Context, session authn.Session, id string) (clients.Client, error) {
if session.Type == authn.PersonalAccessToken {
if err := am.authz.AuthorizePAT(ctx, mgauthz.PatReq{
if err := am.authz.AuthorizePAT(ctx, smqauthz.PatReq{
UserID: session.UserID,
PatID: session.ID,
PlatformEntityType: auth.PlatformDomainsScope,
Expand All @@ -247,7 +248,7 @@ func (am *authorizationMiddleware) Enable(ctx context.Context, session authn.Ses
}
}

if err := am.authorize(ctx, clients.OpEnableThing, authz.PolicyReq{
if err := am.authorize(ctx, clients.OpEnableClient, smqauthz.PolicyReq{
Domain: session.DomainID,
SubjectType: policies.UserType,
Subject: session.DomainUserID,
Expand All @@ -262,7 +263,7 @@ func (am *authorizationMiddleware) Enable(ctx context.Context, session authn.Ses

func (am *authorizationMiddleware) Disable(ctx context.Context, session authn.Session, id string) (clients.Client, error) {
if session.Type == authn.PersonalAccessToken {
if err := am.authz.AuthorizePAT(ctx, mgauthz.PatReq{
if err := am.authz.AuthorizePAT(ctx, smqauthz.PatReq{
UserID: session.UserID,
PatID: session.ID,
PlatformEntityType: auth.PlatformDomainsScope,
Expand All @@ -275,7 +276,7 @@ func (am *authorizationMiddleware) Disable(ctx context.Context, session authn.Se
}
}

if err := am.authorize(ctx, clients.OpDisableThing, authz.PolicyReq{
if err := am.authorize(ctx, clients.OpDisableClient, smqauthz.PolicyReq{
Domain: session.DomainID,
SubjectType: policies.UserType,
Subject: session.DomainUserID,
Expand All @@ -289,7 +290,7 @@ func (am *authorizationMiddleware) Disable(ctx context.Context, session authn.Se

func (am *authorizationMiddleware) Delete(ctx context.Context, session authn.Session, id string) error {
if session.Type == authn.PersonalAccessToken {
if err := am.authz.AuthorizePAT(ctx, mgauthz.PatReq{
if err := am.authz.AuthorizePAT(ctx, smqauthz.PatReq{
UserID: session.UserID,
PatID: session.ID,
PlatformEntityType: auth.PlatformDomainsScope,
Expand All @@ -301,7 +302,7 @@ func (am *authorizationMiddleware) Delete(ctx context.Context, session authn.Ses
return errors.Wrap(svcerr.ErrUnauthorizedPAT, err)
}
}
if err := am.authorize(ctx, clients.OpDeleteThing, authz.PolicyReq{
if err := am.authorize(ctx, clients.OpDeleteClient, smqauthz.PolicyReq{
Domain: session.DomainID,
SubjectType: policies.UserType,
Subject: session.DomainUserID,
Expand All @@ -316,7 +317,7 @@ func (am *authorizationMiddleware) Delete(ctx context.Context, session authn.Ses

func (am *authorizationMiddleware) SetParentGroup(ctx context.Context, session authn.Session, parentGroupID string, id string) error {
if session.Type == authn.PersonalAccessToken {
if err := am.authz.AuthorizePAT(ctx, mgauthz.PatReq{
if err := am.authz.AuthorizePAT(ctx, smqauthz.PatReq{
UserID: session.UserID,
PatID: session.ID,
PlatformEntityType: auth.PlatformDomainsScope,
Expand All @@ -329,7 +330,7 @@ func (am *authorizationMiddleware) SetParentGroup(ctx context.Context, session a
}
}

if err := am.authorize(ctx, clients.OpSetParentGroup, authz.PolicyReq{
if err := am.authorize(ctx, clients.OpSetParentGroup, smqauthz.PolicyReq{
Domain: session.DomainID,
SubjectType: policies.UserType,
Subject: session.DomainUserID,
Expand All @@ -339,7 +340,7 @@ func (am *authorizationMiddleware) SetParentGroup(ctx context.Context, session a
return errors.Wrap(err, errSetParentGroup)
}

if err := am.extAuthorize(ctx, clients.GroupOpSetChildThing, authz.PolicyReq{
if err := am.extAuthorize(ctx, clients.GroupOpSetChildClient, smqauthz.PolicyReq{
Domain: session.DomainID,
SubjectType: policies.UserType,
Subject: session.DomainUserID,
Expand All @@ -353,7 +354,7 @@ func (am *authorizationMiddleware) SetParentGroup(ctx context.Context, session a

func (am *authorizationMiddleware) RemoveParentGroup(ctx context.Context, session authn.Session, id string) error {
if session.Type == authn.PersonalAccessToken {
if err := am.authz.AuthorizePAT(ctx, mgauthz.PatReq{
if err := am.authz.AuthorizePAT(ctx, smqauthz.PatReq{
UserID: session.UserID,
PatID: session.ID,
PlatformEntityType: auth.PlatformDomainsScope,
Expand All @@ -366,7 +367,7 @@ func (am *authorizationMiddleware) RemoveParentGroup(ctx context.Context, sessio
}
}

if err := am.authorize(ctx, clients.OpRemoveParentGroup, authz.PolicyReq{
if err := am.authorize(ctx, clients.OpRemoveParentGroup, smqauthz.PolicyReq{
Domain: session.DomainID,
SubjectType: policies.UserType,
Subject: session.DomainUserID,
Expand All @@ -382,7 +383,7 @@ func (am *authorizationMiddleware) RemoveParentGroup(ctx context.Context, sessio
}

if th.ParentGroup != "" {
if err := am.extAuthorize(ctx, clients.GroupOpSetChildThing, authz.PolicyReq{
if err := am.extAuthorize(ctx, clients.GroupOpSetChildClient, smqauthz.PolicyReq{
Domain: session.DomainID,
SubjectType: policies.UserType,
Subject: session.DomainUserID,
Expand All @@ -396,7 +397,7 @@ func (am *authorizationMiddleware) RemoveParentGroup(ctx context.Context, sessio
return nil
}

func (am *authorizationMiddleware) authorize(ctx context.Context, op svcutil.Operation, req authz.PolicyReq) error {
func (am *authorizationMiddleware) authorize(ctx context.Context, op svcutil.Operation, req smqauthz.PolicyReq) error {
perm, err := am.opp.GetPermission(op)
if err != nil {
return err
Expand All @@ -411,7 +412,7 @@ func (am *authorizationMiddleware) authorize(ctx context.Context, op svcutil.Ope
return nil
}

func (am *authorizationMiddleware) extAuthorize(ctx context.Context, extOp svcutil.ExternalOperation, req authz.PolicyReq) error {
func (am *authorizationMiddleware) extAuthorize(ctx context.Context, extOp svcutil.ExternalOperation, req smqauthz.PolicyReq) error {
perm, err := am.extOpp.GetPermission(extOp)
if err != nil {
return err
Expand All @@ -427,7 +428,7 @@ func (am *authorizationMiddleware) extAuthorize(ctx context.Context, extOp svcut
}

func (am *authorizationMiddleware) checkSuperAdmin(ctx context.Context, userID string) error {
if err := am.authz.Authorize(ctx, mgauthz.PolicyReq{
if err := am.authz.Authorize(ctx, smqauthz.PolicyReq{
SubjectType: policies.UserType,
Subject: userID,
Permission: policies.AdminPermission,
Expand Down
2 changes: 1 addition & 1 deletion docker/docker-compose.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1181,7 +1181,7 @@ services:
- supermq-base-net

ui:
image: magistrala/ui:${SMQ_RELEASE_TAG}
image: supermq/ui:${SMQ_RELEASE_TAG}
container_name: supermq-ui
restart: on-failure
environment:
Expand Down
8 changes: 4 additions & 4 deletions pkg/authz/authsvc/authz.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -61,13 +61,13 @@ func (a authorization) Authorize(ctx context.Context, pr authz.PolicyReq) error

func (a authorization) AuthorizePAT(ctx context.Context, pr authz.PatReq) error {
req := grpcAuthV1.AuthZpatReq{
UserID: pr.UserID,
PatID: pr.PatID,
UserId: pr.UserID,
PatId: pr.PatID,
PlatformEntityType: uint32(pr.PlatformEntityType),
OptionalDomainID: pr.OptionalDomainID,
OptionalDomainId: pr.OptionalDomainID,
OptionalDomainEntityType: uint32(pr.OptionalDomainEntityType),
Operation: uint32(pr.Operation),
EntityIDs: pr.EntityIDs,
EntityIds: pr.EntityIDs,
}
res, err := a.authSvcClient.AuthorizePAT(ctx, &req)
if err != nil {
Expand Down
12 changes: 11 additions & 1 deletion pkg/authz/authz.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ package authz
import (
"context"

"github.com/absmach/magistrala/auth"
"github.com/absmach/supermq/auth"
)

type PolicyReq struct {
Expand Down Expand Up @@ -46,6 +46,16 @@ type PolicyReq struct {
Permission string `json:"permission,omitempty"`
}

type PatReq struct {
UserID string `json:"user_id,omitempty"` // UserID
PatID string `json:"pat_id,omitempty"` // UserID
PlatformEntityType auth.PlatformEntityType `json:"platform_entity_type,omitempty"` // Platform entity type
OptionalDomainID string `json:"optional_domainID,omitempty"` // Optional domain id
OptionalDomainEntityType auth.DomainEntityType `json:"optional_domain_entity_type,omitempty"` // Optional domain entity type
Operation auth.OperationType `json:"operation,omitempty"` // Operation
EntityIDs []string `json:"entityIDs,omitempty"` // EntityIDs
}

// Authz is supermq authorization library.
//
//go:generate mockery --name Authorization --output=./mocks --filename authz.go --quiet --note "Copyright (c) Abstract Machines"
Expand Down
Loading

0 comments on commit eaf5536

Please sign in to comment.