Refactor attribute and authorization filters

go.mod

@@ -3,65 +3,65 @@ module kubegems.io/library
 go 1.20
 
 require (
-	github.com/casbin/casbin/v2 v2.73.0
-	github.com/containers/image/v5 v5.26.1
-	github.com/coreos/go-oidc/v3 v3.6.0
-	github.com/go-logr/logr v1.2.4
-	github.com/go-logr/zapr v1.2.4
+	github.com/containers/image/v5 v5.29.0
+	github.com/coreos/go-oidc/v3 v3.7.0
+	github.com/go-logr/logr v1.3.0
+	github.com/go-logr/zapr v1.3.0
 	github.com/go-openapi/spec v0.20.9
+	github.com/go-playground/validator/v10 v10.16.0
 	github.com/jinzhu/inflection v1.0.0
-	github.com/opencontainers/distribution-spec/specs-go v0.0.0-20230727214836-6bc87156eacf
+	github.com/opencontainers/distribution-spec/specs-go v0.0.0-20231117024018-3ec8a56d897b
 	github.com/spf13/pflag v1.0.5
-	github.com/spf13/viper v1.16.0
-	go.uber.org/zap v1.24.0
-	golang.org/x/exp v0.0.0-20230728194245-b0cb94b80691
-	golang.org/x/net v0.12.0
+	github.com/spf13/viper v1.17.0
+	go.uber.org/zap v1.26.0
+	golang.org/x/crypto v0.15.0
+	golang.org/x/exp v0.0.0-20231006140011-7918f672742d
+	golang.org/x/net v0.18.0
 	k8s.io/apimachinery v0.27.4
 )
 
 require (
-	github.com/Knetic/govaluate v3.0.1-0.20171022003610-9aa49832a739+incompatible // indirect
-	github.com/containers/storage v1.48.0 // indirect
-	github.com/fsnotify/fsnotify v1.6.0 // indirect
-	github.com/go-jose/go-jose/v3 v3.0.0 // indirect
-	github.com/go-openapi/jsonpointer v0.19.6 // indirect
-	github.com/go-openapi/jsonreference v0.20.1 // indirect
+	github.com/containers/storage v1.51.0 // indirect
+	github.com/fsnotify/fsnotify v1.7.0 // indirect
+	github.com/gabriel-vasile/mimetype v1.4.3 // indirect
+	github.com/go-jose/go-jose/v3 v3.0.1 // indirect
+	github.com/go-openapi/jsonpointer v0.20.0 // indirect
+	github.com/go-openapi/jsonreference v0.20.2 // indirect
 	github.com/go-openapi/swag v0.22.4 // indirect
+	github.com/go-playground/locales v0.14.1 // indirect
+	github.com/go-playground/universal-translator v0.18.1 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/golang/protobuf v1.5.3 // indirect
 	github.com/google/gofuzz v1.2.0 // indirect
 	github.com/hashicorp/hcl v1.0.0 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
+	github.com/leodido/go-urn v1.2.4 // indirect
 	github.com/magiconair/properties v1.8.7 // indirect
 	github.com/mailru/easyjson v0.7.7 // indirect
 	github.com/mitchellh/mapstructure v1.5.0 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/opencontainers/go-digest v1.0.0 // indirect
-	github.com/pelletier/go-toml/v2 v2.0.8 // indirect
-	github.com/spf13/afero v1.9.5 // indirect
+	github.com/pelletier/go-toml/v2 v2.1.0 // indirect
+	github.com/sagikazarmark/locafero v0.3.0 // indirect
+	github.com/sagikazarmark/slog-shim v0.1.0 // indirect
+	github.com/sourcegraph/conc v0.3.0 // indirect
+	github.com/spf13/afero v1.10.0 // indirect
 	github.com/spf13/cast v1.5.1 // indirect
-	github.com/spf13/jwalterweatherman v1.1.0 // indirect
-	github.com/subosito/gotenv v1.4.2 // indirect
-	github.com/tidwall/gjson v1.14.4 // indirect
-	github.com/tidwall/match v1.1.1 // indirect
-	github.com/tidwall/pretty v1.2.0 // indirect
-	go.uber.org/atomic v1.9.0 // indirect
-	go.uber.org/goleak v1.2.0 // indirect
-	go.uber.org/multierr v1.8.0 // indirect
-	golang.org/x/crypto v0.11.0 // indirect
-	golang.org/x/oauth2 v0.9.0 // indirect
-	golang.org/x/sys v0.10.0 // indirect
-	golang.org/x/text v0.11.0 // indirect
-	google.golang.org/appengine v1.6.7 // indirect
-	google.golang.org/protobuf v1.30.0 // indirect
+	github.com/subosito/gotenv v1.6.0 // indirect
+	go.uber.org/multierr v1.11.0 // indirect
+	golang.org/x/oauth2 v0.14.0 // indirect
+	golang.org/x/sys v0.14.0 // indirect
+	golang.org/x/text v0.14.0 // indirect
+	google.golang.org/appengine v1.6.8 // indirect
+	google.golang.org/protobuf v1.31.0 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 	k8s.io/klog/v2 v2.90.1 // indirect
 	k8s.io/utils v0.0.0-20230220204549-a5ecb0141aa5 // indirect
 	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
-	sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect
+	sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect
 )

rest/README.md

@@ -0,0 +1,3 @@
+# REST
+
+help build a rest api easily

rest/api/attributes.go

@@ -0,0 +1,123 @@
+package api
+
+import (
+	"context"
+	"net/http"
+	"strings"
+)
+
+type AttrbuteResource struct {
+	Resource string `json:"resource,omitempty"`
+	Name     string `json:"name,omitempty"`
+}
+
+type Attributes struct {
+	Action    string             `json:"action,omitempty"`
+	Resources []AttrbuteResource `json:"resources,omitempty"`
+	Path      string             `json:"path,omitempty"`
+}
+
+type AttributeExtractor func(r *http.Request) (*Attributes, error)
+
+func PrefixedAttributesExtractor(prefix string) AttributeExtractor {
+	return func(r *http.Request) (*Attributes, error) {
+		if !strings.HasPrefix(r.URL.Path, prefix) {
+			return nil, nil
+		}
+		method, path := r.Method, strings.TrimPrefix(r.URL.Path, prefix)
+		action, resources := DefaultRestAttributeExtractor(method, path)
+		return &Attributes{Action: action, Resources: resources, Path: path}, nil
+	}
+}
+
+// plural
+var MethodActionMapPlural = map[string]string{
+	"GET":    "list",
+	"POST":   "create",
+	"DELETE": "removeBatch",
+}
+
+// singular plural
+var MethodActionMapSingular = map[string]string{
+	"GET":    "get",
+	"PUT":    "update",
+	"DELETE": "remove",
+	"PATCH":  "patch",
+}
+
+func DefaultRestAttributeExtractor(method string, path string) (string, []AttrbuteResource) {
+	// example:
+	// /api/v1/namespaces/default/pods/nginx-xxx -> ["namespaces", "default", "pods", "nginx-xxx"]
+	// /api/v1/namespaces/default/pods -> ["namespaces", "default", "pods"]
+	// /api/v1/namespaces/default -> ["namespaces", "default"]
+	// /api/v1/namespaces -> ["namespaces"]
+	// /api/v1 -> []
+	resource, action := splitResourceAction(path)
+	parts := removeEmpty(strings.Split(resource, "/"))
+	if len(parts) == 0 {
+		return action, nil
+	}
+	// if odd, it's a list request, e.g. GET /api/v1/namespaces/default/pods
+	if len(parts)%2 != 0 {
+		parts = append(parts, "")
+		if action == "" {
+			action = string(MethodActionMapPlural[method])
+		}
+	} else {
+		if action == "" {
+			action = string(MethodActionMapSingular[method])
+		}
+	}
+	resources := []AttrbuteResource{}
+	for i := 0; i < len(parts); i += 2 {
+		resources = append(resources, AttrbuteResource{Resource: parts[i], Name: parts[i+1]})
+	}
+	return action, resources
+}
+
+func removeEmpty(arr []string) []string {
+	w := 0
+	for _, v := range arr {
+		if v != "" {
+			arr[w] = v
+			w++
+		}
+	}
+	return arr[:w]
+}
+
+// e.g. /zoos/{id}/animals/{name}:feed -> /zoos/{id}/animals/{name},feed
+func splitResourceAction(path string) (string, string) {
+	if i := strings.LastIndex(path, ":"); i < 0 {
+		return path, ""
+	} else {
+		return path[:i], path[i+1:]
+	}
+}
+
+func NewAttributeFilter(attributer AttributeExtractor) Filter {
+	return FilterFunc(func(w http.ResponseWriter, r *http.Request, next http.Handler) {
+		attributes, err := attributer(r)
+		if err != nil {
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+		ctx := WithAttributes(r.Context(), attributes)
+		next.ServeHTTP(w, r.WithContext(ctx))
+	})
+}
+
+type attributesContext struct{}
+
+var attributesContextKey = &attributesContext{}
+
+func WithAttributes(ctx context.Context, attributes *Attributes) context.Context {
+	return context.WithValue(ctx, attributesContextKey, attributes)
+}
+
+func AttributesFromContext(ctx context.Context) *Attributes {
+	if attributes, ok := ctx.Value(attributesContextKey).(*Attributes); ok {
+		return attributes
+	}
+	return nil
+}