2021-06-15 16:27:30 +00:00
|
|
|
// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved.
|
2020-12-01 22:53:22 +00:00
|
|
|
// SPDX-License-Identifier: Apache-2.0
|
|
|
|
|
|
|
|
package fositestorage
|
|
|
|
|
|
|
|
import (
|
|
|
|
"github.com/ory/fosite"
|
|
|
|
"github.com/ory/fosite/handler/openid"
|
|
|
|
|
|
|
|
"go.pinniped.dev/internal/constable"
|
2021-06-15 16:27:30 +00:00
|
|
|
"go.pinniped.dev/internal/oidc/clientregistry"
|
2020-12-01 22:53:22 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
const (
|
2020-12-04 22:31:06 +00:00
|
|
|
ErrInvalidRequestType = constable.Error("requester must be of type fosite.Request")
|
2021-06-15 16:27:30 +00:00
|
|
|
ErrInvalidClientType = constable.Error("requester's client must be of type clientregistry.Client")
|
2020-12-04 22:31:06 +00:00
|
|
|
ErrInvalidSessionType = constable.Error("requester's session must be of type openid.DefaultSession")
|
|
|
|
StorageRequestIDLabelName = "storage.pinniped.dev/request-id" //nolint:gosec // this is not a credential
|
2020-12-01 22:53:22 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
func ValidateAndExtractAuthorizeRequest(requester fosite.Requester) (*fosite.Request, error) {
|
|
|
|
request, ok1 := requester.(*fosite.Request)
|
|
|
|
if !ok1 {
|
|
|
|
return nil, ErrInvalidRequestType
|
|
|
|
}
|
2021-06-15 16:27:30 +00:00
|
|
|
_, ok2 := request.Client.(*clientregistry.Client)
|
2020-12-01 22:53:22 +00:00
|
|
|
if !ok2 {
|
|
|
|
return nil, ErrInvalidClientType
|
|
|
|
}
|
|
|
|
_, ok3 := request.Session.(*openid.DefaultSession)
|
|
|
|
if !ok3 {
|
|
|
|
return nil, ErrInvalidSessionType
|
|
|
|
}
|
|
|
|
|
|
|
|
return request, nil
|
|
|
|
}
|