afb-auth: Increase and improve use of afb-auth

This change factorize code for version V1 of bindings
and centralizes management of authorisations in a
single place.

Bug-AGL: SPEC-2968

Change-Id: I6ad95d5bfa0d85dbb6d2060fc9ebca08b68eb4e9
Signed-off-by: Jose Bollo <jose.bollo@iot.bzh>

diff --git a/src/afb-api-so-v1.c b/src/afb-api-so-v1.c
index c6317ba..0916580 100644 (file)
--- a/src/afb-api-so-v1.c
+++ b/src/afb-api-so-v1.c
@@ -36,6 +36,7 @@
 #include "afb-context.h"
 #include "afb-api-so.h"
 #include "afb-xreq.h"
+#include "afb-auth.h"
 #include "verbose.h"
 
 /*
@@ -63,40 +64,6 @@ void afb_api_so_v1_process_call(struct afb_binding_v1 *binding, struct afb_xreq
        afb_xreq_call_verb_v1(xreq, verb);
 }
 
-static struct json_object *addperm(struct json_object *o, struct json_object *x)
-{
-       struct json_object *a;
-
-       if (!o)
-               return x;
-
-       if (!json_object_object_get_ex(o, "allOf", &a)) {
-               a = json_object_new_array();
-               json_object_array_add(a, o);
-               o = json_object_new_object();
-               json_object_object_add(o, "allOf", a);
-       }
-       json_object_array_add(a, x);
-       return o;
-}
-
-static struct json_object *addperm_key_val(struct json_object *o, const char *key, struct json_object *val)
-{
-       struct json_object *x = json_object_new_object();
-       json_object_object_add(x, key, val);
-       return addperm(o, x);
-}
-
-static struct json_object *addperm_key_valstr(struct json_object *o, const char *key, const char *val)
-{
-       return addperm_key_val(o, key, json_object_new_string(val));
-}
-
-static struct json_object *addperm_key_valint(struct json_object *o, const char *key, int val)
-{
-       return addperm_key_val(o, key, json_object_new_int(val));
-}
-
 struct json_object *afb_api_so_v1_make_description_openAPIv3(struct afb_binding_v1 *binding, const char *apiname)
 {
        char buffer[256];
@@ -124,15 +91,7 @@ struct json_object *afb_api_so_v1_make_description_openAPIv3(struct afb_binding_
                g = json_object_new_object();
                json_object_object_add(f, "get", g);
 
-               a = NULL;
-               if (verb->session & AFB_SESSION_CLOSE_X1)
-                       a = addperm_key_valstr(a, "session", "close");
-               if (verb->session & AFB_SESSION_CHECK_X1)
-                       a = addperm_key_valstr(a, "session", "check");
-               if (verb->session & AFB_SESSION_RENEW_X1)
-                       a = addperm_key_valstr(a, "token", "refresh");
-               if (verb->session & AFB_SESSION_LOA_MASK_X1)
-                       a = addperm_key_valint(a, "LOA", (verb->session >> AFB_SESSION_LOA_SHIFT_X1) & AFB_SESSION_LOA_MASK_X1);
+               a = afb_auth_json_x1(verb->session);
                if (a)
                        json_object_object_add(g, "x-permissions", a);
 

diff --git a/src/afb-api-so-v2.c b/src/afb-api-so-v2.c
index f10e18d..692d737 100644 (file)
--- a/src/afb-api-so-v2.c
+++ b/src/afb-api-so-v2.c
@@ -106,7 +106,7 @@ struct json_object *afb_api_so_v2_make_description_openAPIv3(const struct afb_bi
                g = json_object_new_object();
                json_object_object_add(f, "get", g);
 
-               a = afb_auth_json_v2(verb->auth, verb->session);
+               a = afb_auth_json_x2(verb->auth, verb->session);
                if (a)
                        json_object_object_add(g, "x-permissions", a);
 

diff --git a/src/afb-api-v3.c b/src/afb-api-v3.c
index 6469b88..ea69176 100644 (file)
--- a/src/afb-api-v3.c
+++ b/src/afb-api-v3.c
@@ -134,7 +134,7 @@ static struct json_object *describe_verb_v3(const struct afb_verb_v3 *verb)
        g = json_object_new_object();
        json_object_object_add(f, "get", g);
 
-       a = afb_auth_json_v2(verb->auth, verb->session);
+       a = afb_auth_json_x2(verb->auth, verb->session);
        if (a)
                json_object_object_add(g, "x-permissions", a);
 

diff --git a/src/afb-auth.c b/src/afb-auth.c
index 6747c9e..0141212 100644 (file)
--- a/src/afb-auth.c
+++ b/src/afb-auth.c
@@ -23,6 +23,9 @@
 #include <json-c/json.h>
 #include <afb/afb-auth.h>
 #include <afb/afb-session-x2.h>
+#if WITH_LEGACY_BINDING_V1
+#include <afb/afb-session-x1.h>
+#endif
 
 #include "afb-auth.h"
 #include "afb-context.h"
@@ -65,6 +68,63 @@ int afb_auth_has_permission(struct afb_xreq *xreq, const char *permission)
        return afb_cred_has_permission(xreq->cred, permission, &xreq->context);
 }
 
+#if WITH_LEGACY_BINDING_V1
+int afb_auth_check_and_set_session_x1(struct afb_xreq *xreq, int sessionflags)
+{
+       int loa;
+
+       if ((sessionflags & (AFB_SESSION_CLOSE_X1|AFB_SESSION_RENEW_X1|AFB_SESSION_CHECK_X1|AFB_SESSION_LOA_EQ_X1)) != 0) {
+               if (!afb_context_check(&xreq->context)) {
+                       afb_context_close(&xreq->context);
+                       return afb_xreq_reply_invalid_token(xreq);
+               }
+       }
+
+       if ((sessionflags & AFB_SESSION_LOA_GE_X1) != 0) {
+               loa = (sessionflags >> AFB_SESSION_LOA_SHIFT_X1) & AFB_SESSION_LOA_MASK_X1;
+               if (!afb_context_check_loa(&xreq->context, loa))
+                       return afb_xreq_reply_insufficient_scope(xreq, "invalid LOA");
+       }
+
+       if ((sessionflags & AFB_SESSION_LOA_LE_X1) != 0) {
+               loa = (sessionflags >> AFB_SESSION_LOA_SHIFT_X1) & AFB_SESSION_LOA_MASK_X1;
+               if (afb_context_check_loa(&xreq->context, loa + 1))
+                       return afb_xreq_reply_insufficient_scope(xreq, "invalid LOA");
+       }
+
+       if ((sessionflags & AFB_SESSION_CLOSE_X1) != 0) {
+               afb_context_change_loa(&xreq->context, 0);
+               afb_context_close(&xreq->context);
+       }
+
+       return 0;
+}
+#endif
+
+int afb_auth_check_and_set_session_x2(struct afb_xreq *xreq, uint32_t sessionflags, const struct afb_auth *auth)
+{
+       int loa;
+
+       if (sessionflags != 0) {
+               if (!afb_context_check(&xreq->context)) {
+                       afb_context_close(&xreq->context);
+                       return afb_xreq_reply_invalid_token(xreq);
+               }
+       }
+
+       loa = (int)(sessionflags & AFB_SESSION_LOA_MASK_X2);
+       if (loa && !afb_context_check_loa(&xreq->context, loa))
+               return afb_xreq_reply_insufficient_scope(xreq, "invalid LOA");
+
+       if (auth && !afb_auth_check(xreq, auth))
+               return afb_xreq_reply_insufficient_scope(xreq, NULL /* TODO */);
+
+       if ((sessionflags & AFB_SESSION_CLOSE_X2) != 0)
+               afb_context_close(&xreq->context);
+
+       return 0;
+}
+
 /*********************************************************************************/
 
 static struct json_object *addperm(struct json_object *o, struct json_object *x)
@@ -130,7 +190,7 @@ static struct json_object *addauth_or_array(struct json_object *o, const struct
        return o;
 }
 
-struct json_object *afb_auth_json_v2(const struct afb_auth *auth, int session)
+struct json_object *afb_auth_json_x2(const struct afb_auth *auth, uint32_t session)
 {
        struct json_object *result = NULL;
 
@@ -152,3 +212,21 @@ struct json_object *afb_auth_json_v2(const struct afb_auth *auth, int session)
        return result;
 }
 
+ 
+#if WITH_LEGACY_BINDING_V1
+struct json_object *afb_auth_json_x1(int session)
+{
+       struct json_object *result = NULL;
+
+       if (session & AFB_SESSION_CLOSE_X1)
+               result = addperm_key_valstr(result, "session", "close");
+       if (session & AFB_SESSION_CHECK_X1)
+               result = addperm_key_valstr(result, "session", "check");
+       if (session & AFB_SESSION_RENEW_X1)
+               result = addperm_key_valstr(result, "token", "refresh");
+       if (session & AFB_SESSION_LOA_MASK_X1)
+               result = addperm_key_valint(result, "LOA", (session >> AFB_SESSION_LOA_SHIFT_X1) & AFB_SESSION_LOA_MASK_X1);
+
+       return result;
+}
+#endif

diff --git a/src/afb-auth.h b/src/afb-auth.h
index 0a4ab4a..bf4a846 100644 (file)
--- a/src/afb-auth.h
+++ b/src/afb-auth.h
@@ -24,4 +24,10 @@ struct json_object;
 extern int afb_auth_check(struct afb_xreq *xreq, const struct afb_auth *auth);
 extern int afb_auth_has_permission(struct afb_xreq *xreq, const char *permission);
 
-extern struct json_object *afb_auth_json_v2(const struct afb_auth *auth, int session);
+extern int afb_auth_check_and_set_session_x2(struct afb_xreq *xreq, uint32_t session, const struct afb_auth *auth);
+extern struct json_object *afb_auth_json_x2(const struct afb_auth *auth, uint32_t session);
+
+#if WITH_LEGACY_BINDING_V1
+extern int afb_auth_check_and_set_session_x1(struct afb_xreq *xreq, int session);
+extern struct json_object *afb_auth_json_x1(int session);
+#endif
\ No newline at end of file

diff --git a/src/afb-xreq.c b/src/afb-xreq.c
index a9703b7..297681c 100644 (file)
--- a/src/afb-xreq.c
+++ b/src/afb-xreq.c
@@ -757,70 +757,13 @@ int afb_xreq_reply_insufficient_scope(struct afb_xreq *xreq, const char *scope)
        return -1;
 }
 
-#if WITH_LEGACY_BINDING_V1
-static int xreq_session_check_apply_v1(struct afb_xreq *xreq, int sessionflags)
-{
-       int loa;
-
-       if ((sessionflags & (AFB_SESSION_CLOSE_X1|AFB_SESSION_RENEW_X1|AFB_SESSION_CHECK_X1|AFB_SESSION_LOA_EQ_X1)) != 0) {
-               if (!afb_context_check(&xreq->context)) {
-                       afb_context_close(&xreq->context);
-                       return afb_xreq_reply_invalid_token(xreq);
-               }
-       }
-
-       if ((sessionflags & AFB_SESSION_LOA_GE_X1) != 0) {
-               loa = (sessionflags >> AFB_SESSION_LOA_SHIFT_X1) & AFB_SESSION_LOA_MASK_X1;
-               if (!afb_context_check_loa(&xreq->context, loa))
-                       return afb_xreq_reply_insufficient_scope(xreq, "invalid LOA");
-       }
-
-       if ((sessionflags & AFB_SESSION_LOA_LE_X1) != 0) {
-               loa = (sessionflags >> AFB_SESSION_LOA_SHIFT_X1) & AFB_SESSION_LOA_MASK_X1;
-               if (afb_context_check_loa(&xreq->context, loa + 1))
-                       return afb_xreq_reply_insufficient_scope(xreq, "invalid LOA");
-       }
-
-       if ((sessionflags & AFB_SESSION_CLOSE_X1) != 0) {
-               afb_context_change_loa(&xreq->context, 0);
-               afb_context_close(&xreq->context);
-       }
-
-       return 0;
-}
-#endif
-
-static int xreq_session_check_apply_v2(struct afb_xreq *xreq, uint32_t sessionflags, const struct afb_auth *auth)
-{
-       int loa;
-
-       if (sessionflags != 0) {
-               if (!afb_context_check(&xreq->context)) {
-                       afb_context_close(&xreq->context);
-                       return afb_xreq_reply_invalid_token(xreq);
-               }
-       }
-
-       loa = (int)(sessionflags & AFB_SESSION_LOA_MASK_X2);
-       if (loa && !afb_context_check_loa(&xreq->context, loa))
-               return afb_xreq_reply_insufficient_scope(xreq, "invalid LOA");
-
-       if (auth && !afb_auth_check(xreq, auth))
-               return afb_xreq_reply_insufficient_scope(xreq, NULL /* TODO */);
-
-       if ((sessionflags & AFB_SESSION_CLOSE_X2) != 0)
-               afb_context_close(&xreq->context);
-
-       return 0;
-}
-
 #if WITH_LEGACY_BINDING_V1
 void afb_xreq_call_verb_v1(struct afb_xreq *xreq, const struct afb_verb_desc_v1 *verb)
 {
        if (!verb)
                afb_xreq_reply_unknown_verb(xreq);
        else
-               if (!xreq_session_check_apply_v1(xreq, verb->session))
+               if (afb_auth_check_and_set_session_x1(xreq, verb->session) >= 0)
                        verb->callback(xreq_to_req_x1(xreq));
 }
 #endif
@@ -831,7 +774,7 @@ void afb_xreq_call_verb_v2(struct afb_xreq *xreq, const struct afb_verb_v2 *verb
        if (!verb)
                afb_xreq_reply_unknown_verb(xreq);
        else
-               if (!xreq_session_check_apply_v2(xreq, verb->session, verb->auth))
+               if (afb_auth_check_and_set_session_x2(xreq, verb->session, verb->auth) >= 0)
                        verb->callback(xreq_to_req_x1(xreq));
 }
 #endif
@@ -841,7 +784,7 @@ void afb_xreq_call_verb_v3(struct afb_xreq *xreq, const struct afb_verb_v3 *verb
        if (!verb)
                afb_xreq_reply_unknown_verb(xreq);
        else
-               if (xreq_session_check_apply_v2(xreq, verb->session, verb->auth) >= 0)
+               if (afb_auth_check_and_set_session_x2(xreq, verb->session, verb->auth) >= 0)
                        verb->callback(xreq_to_req_x2(xreq));
 }