make OPA URL+path configurable (#2)

Signed-off-by: Stephan Renatus <[email protected]>
StyraInc · Mar 14, 2024 · e98b130 · e98b130
1 parent bb8b763
commit e98b130
Show file tree

Hide file tree

Showing 7 changed files with 76 additions and 9 deletions.
diff --git a/README.md b/README.md
@@ -13,6 +13,9 @@ $ npm install
 ## Running the app
 
 ```bash
+# default env variables, corresponding to http://127.0.0.1:8181/v1/data/cats/allow
+cp example.env .env
+
 # development
 $ npm run start
 

diff --git a/example.env b/example.env
@@ -0,0 +1,2 @@
+OPA_URL="http://127.0.0.1:8181"
+OPA_PATH="cats/allow"
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -20,6 +20,7 @@
   },
   "dependencies": {
     "@nestjs/common": "^10.3.2",
+    "@nestjs/config": "^3.2.0",
     "@nestjs/core": "^10.3.2",
     "@nestjs/jwt": "^10.2.0",
     "@nestjs/mapped-types": "*",

diff --git a/src/app.module.ts b/src/app.module.ts
@@ -1,4 +1,5 @@
 import { Module } from '@nestjs/common';
+import { ConfigModule } from '@nestjs/config';
 import { AppController } from './app.controller';
 import { AppService } from './app.service';
 import { CatsModule } from './cats/cats.module';
@@ -8,7 +9,13 @@ import { AuthzService } from './authz/authz.service';
 import { AuthzModule } from './authz/authz.module';
 
 @Module({
-  imports: [CatsModule, AuthModule, UsersModule, AuthzModule],
+  imports: [
+    CatsModule,
+    AuthModule,
+    UsersModule,
+    AuthzModule,
+    ConfigModule.forRoot(),
+  ],
   controllers: [AppController],
   providers: [AppService, AuthzService],
 })

diff --git a/src/authz/authz.module.ts b/src/authz/authz.module.ts
@@ -1,9 +1,11 @@
 import { Module } from '@nestjs/common';
+import { ConfigModule } from '@nestjs/config';
 import { APP_GUARD } from '@nestjs/core';
 import { AuthzService } from './authz.service';
 import { AuthzGuard } from './authz.guard';
 
 @Module({
+  imports: [ConfigModule],
   providers: [
     AuthzService,
     {

diff --git a/src/authz/authz.service.ts b/src/authz/authz.service.ts
@@ -1,16 +1,22 @@
 import { Injectable } from '@nestjs/common';
+import { ConfigService } from '@nestjs/config';
 import { Opa } from 'opa/sdk';
 import { authorizer } from 'opa/sdk/helpers';
 
 @Injectable()
 export class AuthzService {
-  private readonly opa = new Opa(); // NB(sr): we'd need to get some config into this
-  private readonly authorizer = authorizer<Record<string, any>, boolean>(
-    this.opa,
-    'cats/allow',
-  );
+  private opa: Opa;
+  private authorizer: (_?: Record<string, any>) => Promise<boolean>;
 
-  async authorize(inp: any) {
+  constructor(private configService: ConfigService) {
+    this.opa = new Opa({ serverURL: this.configService.getOrThrow('OPA_URL') });
+    this.authorizer = authorizer<Record<string, any>, boolean>(
+      this.opa,
+      this.configService.getOrThrow('OPA_PATH'),
+    );
+  }
+
+  async authorize(inp: any): Promise<boolean> {
     return await this.authorizer(inp);
   }
 }
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		OPA_URL="http://127.0.0.1:8181"
		OPA_PATH="cats/allow"