1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
|
#include "auth.h"
#include <util/generic/hash_set.h>
using namespace NTvmAuth;
namespace NMonitoring {
namespace {
template <class TTvmClientPtr = THolder<TTvmClient>>
class TTvmManager final: public ITvmManager {
public:
TTvmManager(NTvmApi::TClientSettings settings, TVector<TTvmId> clients, TLoggerPtr logger)
: AllowedClients_{clients.begin(), clients.end()}
, Tvm_(new TTvmClient{std::move(settings), std::move(logger)})
{
}
TTvmManager(NTvmTool::TClientSettings settings, TVector<TTvmId> clients, TLoggerPtr logger)
: AllowedClients_{clients.begin(), clients.end()}
, Tvm_(new TTvmClient{std::move(settings), std::move(logger)})
{
}
TTvmManager(TTvmClientPtr tvm, TVector<TTvmId> clients)
: AllowedClients_{clients.begin(), clients.end()}
, Tvm_(std::move(tvm))
{
}
bool IsAllowedClient(TTvmId clientId) override {
return AllowedClients_.contains(clientId);
}
TCheckedServiceTicket CheckServiceTicket(TStringBuf ticket) override {
return Tvm_->CheckServiceTicket(ticket);
}
private:
THashSet<TTvmId> AllowedClients_;
TTvmClientPtr Tvm_;
};
class TTvmAuthProvider final: public IAuthProvider {
public:
TTvmAuthProvider(THolder<ITvmManager> manager)
: TvmManager_{std::move(manager)}
{
}
TAuthResult Check(const IHttpRequest& req) override {
auto ticketHeader = req.GetHeaders().FindHeader("X-Ya-Service-Ticket");
if (!ticketHeader) {
return TAuthResult::NoCredentials();
}
const auto ticket = TvmManager_->CheckServiceTicket(ticketHeader->Value());
if (!ticket) {
return TAuthResult::Denied();
}
return TvmManager_->IsAllowedClient(ticket.GetSrc())
? TAuthResult::Ok()
: TAuthResult::Denied();
}
private:
THolder<ITvmManager> TvmManager_;
};
} // namespace
THolder<ITvmManager> CreateDefaultTvmManager(NTvmApi::TClientSettings settings, TVector<TTvmId> allowedClients, TLoggerPtr logger) {
return MakeHolder<TTvmManager<>>(std::move(settings), std::move(allowedClients), std::move(logger));
}
THolder<ITvmManager> CreateDefaultTvmManager(NTvmTool::TClientSettings settings, TVector<TTvmId> allowedClients, TLoggerPtr logger) {
return MakeHolder<TTvmManager<>>(std::move(settings), std::move(allowedClients), std::move(logger));
}
THolder<ITvmManager> CreateDefaultTvmManager(TAtomicSharedPtr<NTvmAuth::TTvmClient> client, TVector<TTvmId> allowedClients) {
return MakeHolder<TTvmManager<TAtomicSharedPtr<NTvmAuth::TTvmClient>>>(std::move(client), std::move(allowedClients));
}
THolder<ITvmManager> CreateDefaultTvmManager(std::shared_ptr<NTvmAuth::TTvmClient> client, TVector<TTvmId> allowedClients) {
return MakeHolder<TTvmManager<std::shared_ptr<NTvmAuth::TTvmClient>>>(std::move(client), std::move(allowedClients));
}
THolder<IAuthProvider> CreateTvmAuth(THolder<ITvmManager> manager) {
return MakeHolder<TTvmAuthProvider>(std::move(manager));
}
} // namespace NMonitoring
|
