Skip to content

Commit bc25afa

Browse files
EmyrkEmyrk
committed
remove 'UserAuthorizationCtx'
1 parent 9a29e58 commit bc25afa

File tree

9 files changed

+14
-18
lines changed

9 files changed

+14
-18
lines changed

coderd/authorize.go

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -19,7 +19,7 @@ import (
1919
// objects that the user is authorized to perform the given action on.
2020
// This is faster than calling Authorize() on each object.
2121
func AuthorizeFilter[O rbac.Objecter](h *HTTPAuthorizer, r *http.Request, action policy.Action, objects []O) ([]O, error) {
22-
roles := httpmw.UserAuthorization(r)
22+
roles := httpmw.UserAuthorization(r.Context())
2323
objects, err := rbac.Filter(r.Context(), h.Authorizer, roles, action, objects)
2424
if err != nil {
2525
// Log the error as Filter should not be erroring.
@@ -65,7 +65,7 @@ func (api *API) Authorize(r *http.Request, action policy.Action, object rbac.Obj
6565
// return
6666
// }
6767
func (h *HTTPAuthorizer) Authorize(r *http.Request, action policy.Action, object rbac.Objecter) bool {
68-
roles := httpmw.UserAuthorization(r)
68+
roles := httpmw.UserAuthorization(r.Context())
6969
err := h.Authorizer.Authorize(r.Context(), roles, action, object.RBACObject())
7070
if err != nil {
7171
// Log the errors for debugging
@@ -97,7 +97,7 @@ func (h *HTTPAuthorizer) Authorize(r *http.Request, action policy.Action, object
9797
// call 'Authorize()' on the returned objects.
9898
// Note the authorization is only for the given action and object type.
9999
func (h *HTTPAuthorizer) AuthorizeSQLFilter(r *http.Request, action policy.Action, objectType string) (rbac.PreparedAuthorized, error) {
100-
roles := httpmw.UserAuthorization(r)
100+
roles := httpmw.UserAuthorization(r.Context())
101101
prepared, err := h.Authorizer.Prepare(r.Context(), roles, action, objectType)
102102
if err != nil {
103103
return nil, xerrors.Errorf("prepare filter: %w", err)
@@ -120,7 +120,7 @@ func (h *HTTPAuthorizer) AuthorizeSQLFilter(r *http.Request, action policy.Actio
120120
// @Router /authcheck [post]
121121
func (api *API) checkAuthorization(rw http.ResponseWriter, r *http.Request) {
122122
ctx := r.Context()
123-
auth := httpmw.UserAuthorization(r)
123+
auth := httpmw.UserAuthorization(r.Context())
124124

125125
var params codersdk.AuthorizationRequest
126126
if !httpapi.Read(ctx, rw, r, &params) {

coderd/httpmw/apikey.go

Lines changed: 1 addition & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -53,11 +53,7 @@ func UserAuthorizationOptional(ctx context.Context) (rbac.Subject, bool) {
5353

5454
// UserAuthorization returns the roles and scope used for authorization. Depends
5555
// on the ExtractAPIKey handler.
56-
func UserAuthorization(r *http.Request) rbac.Subject {
57-
return UserAuthorizationCtx(r.Context())
58-
}
59-
60-
func UserAuthorizationCtx(ctx context.Context) rbac.Subject {
56+
func UserAuthorization(ctx context.Context) rbac.Subject {
6157
auth, ok := UserAuthorizationOptional(ctx)
6258
if !ok {
6359
panic("developer error: ExtractAPIKey middleware not provided")

coderd/httpmw/apikey_test.go

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -904,7 +904,7 @@ func TestAPIKey(t *testing.T) {
904904
})(http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {
905905
assertActorOk(t, r)
906906

907-
auth := httpmw.UserAuthorization(r)
907+
auth := httpmw.UserAuthorization(r.Context())
908908

909909
roles, err := auth.Roles.Expand()
910910
assert.NoError(t, err, "expand user roles")
@@ -968,7 +968,7 @@ func TestAPIKey(t *testing.T) {
968968
RedirectToLogin: false,
969969
})(http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {
970970
assertActorOk(t, r)
971-
auth := httpmw.UserAuthorization(r)
971+
auth := httpmw.UserAuthorization(r.Context())
972972

973973
roles, err := auth.Roles.Expand()
974974
assert.NoError(t, err, "expand user roles")

coderd/httpmw/authorize_test.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -125,7 +125,7 @@ func TestExtractUserRoles(t *testing.T) {
125125
}),
126126
)
127127
rtr.Get("/", func(_ http.ResponseWriter, r *http.Request) {
128-
roles := httpmw.UserAuthorization(r)
128+
roles := httpmw.UserAuthorization(r.Context())
129129
require.Equal(t, user.ID.String(), roles.ID)
130130
require.ElementsMatch(t, expRoles, roles.Roles.Names())
131131
})

coderd/httpmw/ratelimit.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -43,7 +43,7 @@ func RateLimit(count int, window time.Duration) func(http.Handler) http.Handler
4343

4444
// Allow Owner to bypass rate limiting for load tests
4545
// and automation.
46-
auth := UserAuthorization(r)
46+
auth := UserAuthorization(r.Context())
4747

4848
// We avoid using rbac.Authorizer since rego is CPU-intensive
4949
// and undermines the DoS-prevention goal of the rate limiter.

coderd/identityprovider/middleware.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -36,7 +36,7 @@ func authorizeMW(accessURL *url.URL) func(next http.Handler) http.Handler {
3636
}
3737

3838
app := httpmw.OAuth2ProviderApp(r)
39-
ua := httpmw.UserAuthorization(r)
39+
ua := httpmw.UserAuthorization(r.Context())
4040

4141
// url.Parse() allows empty URLs, which is fine because the origin is not
4242
// always set by browsers (or other tools like cURL). If the origin does

coderd/roles.go

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -26,7 +26,7 @@ import (
2626
// @Router /users/roles [get]
2727
func (api *API) AssignableSiteRoles(rw http.ResponseWriter, r *http.Request) {
2828
ctx := r.Context()
29-
actorRoles := httpmw.UserAuthorization(r)
29+
actorRoles := httpmw.UserAuthorization(r.Context())
3030
if !api.Authorize(r, policy.ActionRead, rbac.ResourceAssignRole) {
3131
httpapi.Forbidden(rw)
3232
return
@@ -59,7 +59,7 @@ func (api *API) AssignableSiteRoles(rw http.ResponseWriter, r *http.Request) {
5959
func (api *API) assignableOrgRoles(rw http.ResponseWriter, r *http.Request) {
6060
ctx := r.Context()
6161
organization := httpmw.OrganizationParam(r)
62-
actorRoles := httpmw.UserAuthorization(r)
62+
actorRoles := httpmw.UserAuthorization(r.Context())
6363

6464
if !api.Authorize(r, policy.ActionRead, rbac.ResourceAssignOrgRole.InOrg(organization.ID)) {
6565
httpapi.ResourceNotFound(rw)

coderd/users.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -525,7 +525,7 @@ func (api *API) deleteUser(rw http.ResponseWriter, r *http.Request) {
525525
ctx := r.Context()
526526
auditor := *api.Auditor.Load()
527527
user := httpmw.UserParam(r)
528-
auth := httpmw.UserAuthorization(r)
528+
auth := httpmw.UserAuthorization(r.Context())
529529
aReq, commitAudit := audit.InitRequest[database.User](rw, &audit.RequestParams{
530530
Audit: auditor,
531531
Log: api.Logger,

enterprise/coderd/provisionerdaemons.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -133,7 +133,7 @@ func (p *provisionerDaemonAuth) authorize(r *http.Request, org database.Organiza
133133
tags: tags,
134134
}, nil
135135
}
136-
ua := httpmw.UserAuthorization(r)
136+
ua := httpmw.UserAuthorization(r.Context())
137137
err = p.authorizer.Authorize(ctx, ua, policy.ActionCreate, rbac.ResourceProvisionerDaemon.InOrg(org.ID))
138138
if err != nil {
139139
return provisiionerDaemonAuthResponse{}, xerrors.New("user unauthorized")

0 commit comments

Comments
 (0)