scala source code of AuthDirectives

nexus-kg-master
- .github
  - workflows
    - ci.yml
- src
  - main
    - resources
      - application.conf
      - logback.xml
      - blazegraph
        index.properties
        outgoing_scoped.txt
        incoming.txt
        outgoing_include_external.txt
      - elasticsearch
        mapping.json
        empty-list.json
        settings.json
        default-context.json
      - contexts
        file-attr-context.json
        offset-context.json
        search-context.json
        statistics-context.json
        view-context.json
        storage-context.json
        tags-context.json
        shacl-context.json
        resource-context.json
        resolver-context.json
        archive-context.json
      - app.conf
      - schemas
        view.json
        storage.json
        resolver.json
        archive.json
      - cassandra.conf
      - akka.conf
    - scala
      - ch
        epfl
        bluebrain
        nexus
        kg
        resolve
        Resolution.scala
        ResolverEncoder.scala
        InProjectResolution.scala
        Materializer.scala
        MultiProjectResolution.scala
        CompositeResolution.scala
        Resolver.scala
        StaticResolution.scala
        ProjectResolution.scala
        RepairFromMessages.scala
        resources
        CompositeViewOffset.scala
        Views.scala
        Repo.scala
        Id.scala
        Event.scala
        Ref.scala
        State.scala
        ResourceF.scala
        Files.scala
        Command.scala
        package.scala
        Storages.scala
        StorageReference.scala
        AccessId.scala
        OrganizationRef.scala
        Schemas.scala
        file
        File.scala
        Archives.scala
        Tag.scala
        syntax.scala
        Tags.scala
        Resolvers.scala
        ProjectInitializer.scala
        ProjectIdentifier.scala
        Resources.scala
        Rejection.scala
        storage
        package.scala
        RemoteDiskStorageOperations.scala
        StorageEncoder.scala
        S3StorageOperations.scala
        Crypto.scala
        Storage.scala
        DiskStorageOperations.scala
        marshallers
        instances.scala
        search
        QueryBuilder.scala
        QueryResultEncoder.scala
        package.scala
        client
        KgClient.scala
        KgClientConfig.scala
        EventSource.scala
        KgClientError.scala
        MigrateV12ToV13.scala
        Main.scala
        directives
        PathDirectives.scala
        AuthDirectives.scala
        package.scala
        QueryDirectives.scala
        ProjectDirectives.scala
        VocabAbsoluteIri.scala
        config
        Vocabulary.scala
        Contexts.scala
        Schemas.scala
        Settings.scala
        AppConfig.scala
        indexing
        IdentifiedProgress.scala
        ViewEncoder.scala
        package.scala
        SparqlLink.scala
        ViewIndexer.scala
        Indexing.scala
        ResolverIndexer.scala
        ElasticSearchIndexer.scala
        StorageIndexer.scala
        SparqlIndexer.scala
        View.scala
        CompositeIndexer.scala
        Statistics.scala
        archives
        TarFlow.scala
        FetchResource.scala
        ArchiveSource.scala
        ArchiveCache.scala
        ArchiveEncoder.scala
        Archive.scala
        RevisionedValue.scala
        cache
        ProjectCache.scala
        AclsCache.scala
        ResolverCache.scala
        ViewCache.scala
        StorageCache.scala
        Caches.scala
        Cache.scala
        KgError.scala
        async
        ProjectAttributesCoordinator.scala
        package.scala
        ProjectViewCoordinatorActor.scala
        ProjectViewCoordinator.scala
        ProjectAttributesCoordinatorActor.scala
        serializers
        Serializer.scala
        KryoSerializerInit.scala
        routes
        StorageRoutes.scala
        GlobalEventRoutes.scala
        EventRoutes.scala
        Clients.scala
        RejectionEncoder.scala
        SchemaRoutes.scala
        ResourceEncoder.scala
        Routes.scala
        package.scala
        OutputFormat.scala
        FileRoutes.scala
        ResourceRedirect.scala
        ResolverRoutes.scala
        ArchiveRoutes.scala
        Status.scala
        AppInfoRoutes.scala
        SearchParams.scala
        EventCommonRoutes.scala
        ResourceRoutes.scala
        ViewRoutes.scala
        TagRoutes.scala
        persistence
        TaggingAdapter.scala
  - test
    - resources
      - resolve
        in-project-resp.json
        in-project.json
        cross-project-no-label.json
        cross-project-to-graph.json
        cross-project-wrong-2.json
        cross-project-modified.json
        cross-project-updated.json
        cross-project3.json
        cross-project-refs.json
        cross-project-wrong-3.json
        cross-project.json
        cross-project-source.json
        cross-project2.json
        in-proj-default.json
        simple-resource.json
        cross-project-resp.json
        cross-project-wrong-1.json
      - logback-test.xml
      - application.conf
      - resources
        s3-response.json
        es-metadata.json
        elastic-resource.json
        resource-dot.txt
        resource-with-meta.json
        rejection.json
        file.txt
        file-link.json
        tags.json
        resource-embed.json
        resource-triples.txt
        resource-expanded.json
        file-metadata.json
        links.json
      - test.conf
      - storage
        disk-default.json
        diskPerms.json
        diskPermsStored.json
        remoteDisk.json
        storage-wrong-1.json
        s3-stored.json
        s3-minimal.json
        disk-source.json
        disk-meta.json
        remote-source.json
        storage-wrong-2.json
        s3.json
        s3-meta.json
        disk.json
        remoteDisk-meta.json
      - search
        query.json
        query-schema-rev-createdBy-q.json
        sparql-query-result-combined.json
        unscored-query-results.json
        sparql-query-result.json
        query-schema-deprecation.json
        sparql-query-result2.json
        query-schema.json
        query-deprecation.json
        query-schema-deprecation-types.json
        scored-query-results.json
      - serialization
        resource.json
        tagged-resp.json
        created-resp.json
        created-file-resp.json
        deprecated-resp.json
        updated-file-resp.json
        file-attributes-updated-event.json
      - archive
        archive-not-valid.json
        archive-explicit.json
        archive.json
      - view
        aggelasticviewwrong2.json
        composite-view-meta-2.json
        sparqlview-wrong.json
        composite_offset.json
        composite-view-meta-1.json
        statistics_list.json
        aggsparqlview-meta.json
        elasticview-wrong-1.json
        statistics.json
        elasticview-source.json
        elasticsearchview-meta.json
        aggelasticview.json
        sparql-default.json
        aggelasticviewwrong3.json
        aggelasticview-meta.json
        sparqlview-meta.json
        offset_list.json
        offset.json
        composite-view-wrong-1.json
        aggsparql.json
        sparqlview.json
        sparqlview-tag-schema.json
        composite_statistics.json
        aggelasticviewrefs.json
        elasticview-wrong-2.json
        search-response.json
        aggelasticviewwrong.json
        composite-view-wrong-2.json
        aggelasticviewwrong1.json
        es-default.json
        elasticview-wrong-3.json
        composite-view.json
        search-error-response.json
        aggelasticview-2.json
        elasticview.json
      - schemas
        simple.json
      - test-no-inmemory.conf
      - events
        events.json
    - scala
      - ch
        epfl
        bluebrain
        nexus
        kg
        resolve
        MultiProjectResolutionSpec.scala
        ResolverSpec.scala
        CompositeResolutionSpec.scala
        Error.scala
        resources
        ViewsSpec.scala
        ArchivesSpec.scala
        TagSpec.scala
        ProjectIdentifierSpec.scala
        ResourceFSpec.scala
        RepoSpec.scala
        LinkDescriptionSpec.scala
        FilesSpec.scala
        RefSpec.scala
        FileAttributesSpec.scala
        ResourcesSpec.scala
        AccessIdSpec.scala
        ResolversSpec.scala
        StoragesSpec.scala
        ProjectInitializerSpec.scala
        SchemasSpec.scala
        storage
        DiskStorageOperationsSpec.scala
        StorageSpec.scala
        CryptoSpec.scala
        RemoteDiskStorageOperationsSpec.scala
        S3StorageOperationsSpec.scala
        PackageObjectSpec.scala
        search
        QueryBuilderSpec.scala
        QueryResultEncoderSpec.scala
        client
        KgClientSpec.scala
        directives
        AuthDirectivesSpec.scala
        PathDirectivesSpec.scala
        ProjectDirectivesSpec.scala
        QueryDirectivesSpec.scala
        TestHelper.scala
        indexing
        StatisticsSpec.scala
        SparqlLinkSpec.scala
        ViewSpec.scala
        archives
        FetchResourceSpec.scala
        ArchiveCacheSpec.scala
        ArchiveSpec.scala
        TarFlowSpec.scala
        cache
        ProjectCacheSpec.scala
        ResolverCacheSpec.scala
        StorageCacheSpec.scala
        ViewCacheSpec.scala
        AclCacheSpec.scala
        async
        ProjectViewCoordinatorSpec.scala
        ProjectAttributesCoordinatorSpec.scala
        serializers
        EventSerializerSpec.scala
        ResourceDecoderSpec.scala
        KryoSerializerInitSpec.scala
        routes
        GlobalEventRoutesSpec.scala
        ResourceRoutesSpec.scala
        AppInfoRoutesSpec.scala
        StorageRoutesSpec.scala
        ResolverRoutesSpec.scala
        EventRoutesSpec.scala
        ResourceEncoderSpec.scala
        RoutesFixtures.scala
        FileRoutesSpec.scala
        SchemaRoutesSpec.scala
        ArchiveRoutesSpec.scala
        ViewRoutesSpec.scala
        EventsSpecBase.scala
        persistence
        TaggingAdapterSpec.scala
- LICENSE
- project
  - build.properties
  - plugins.sbt
- CONTRIBUTING.md
- README.md
- .scalafmt.conf
- scripts
  - logback.xml
  - delete-projects.sc
- .jvmopts
- build.sbt
- .gitignore

package ch.epfl.bluebrain.nexus.kg.directives

import akka.http.scaladsl.model.headers.OAuth2BearerToken
import akka.http.scaladsl.server.Directives._
import akka.http.scaladsl.server.directives.FutureDirectives.onComplete
import akka.http.scaladsl.server.{Directive0, Directive1}
import ch.epfl.bluebrain.nexus.admin.client.types.Project
import ch.epfl.bluebrain.nexus.iam.client.types._
import ch.epfl.bluebrain.nexus.iam.client.{IamClient, IamClientError}
import ch.epfl.bluebrain.nexus.kg.KgError.{AuthenticationFailed, AuthorizationFailed, InternalError}
import ch.epfl.bluebrain.nexus.kg.resources.syntax._
import com.typesafe.scalalogging.Logger
import monix.eval.Task
import monix.execution.Scheduler.Implicits.global

import scala.util.{Failure, Success}

object AuthDirectives {

  private val logger = Logger[this.type]

  /**
    * Extracts the credentials from the HTTP Authorization Header and builds the [[AuthToken]]
    */
  def extractToken: Directive1[Option[AuthToken]] =
    extractCredentials.flatMap {
      case Some(OAuth2BearerToken(value)) => provide(Some(AuthToken(value)))
      case Some(_)                        => failWith(AuthenticationFailed)
      case _                              => provide(None)
    }

  /**
    * Checks if the current caller has the required permission.
    *
    * @param perm the permission to check on the current project
    * @return pass if the ''perm'' is present on the current project, fail with [[AuthorizationFailed]] otherwise
    */
  def hasPermission(perm: Permission)(implicit acls: AccessControlLists, caller: Caller, project: Project): Directive0 =
    if (acls.exists(caller.identities, project.projectLabel, perm)) pass
    else failWith(AuthorizationFailed)

  /**
    * Checks if the current caller has the required permission.
    *
    * @param perm     the permission to check on the current organization
    * @param orgLabel the organization label
    * @return pass if the ''perm'' is present on the current project, fail with [[AuthorizationFailed]] otherwise
    */
  def hasPermission(perm: Permission, orgLabel: String)(implicit acls: AccessControlLists, caller: Caller): Directive0 =
    if (acls.exists(caller.identities, orgLabel, perm)) pass
    else failWith(AuthorizationFailed)

  /**
    * Checks if the current caller has the required permissions on `/`
    *
    * @param  perms the permissions to check on `/`
    * @return pass if the ''perms'' are present on `/`, fail with [[AuthorizationFailed]] otherwise
    */
  def hasPermissionOnRoot(perms: Permission)(
      implicit acls: AccessControlLists,
      caller: Caller
  ): Directive0 =
    if (acls.existsOnRoot(caller.identities, perms)) pass
    else failWith(AuthorizationFailed)

  /**
    * Retrieves the caller ACLs.
    */
  def extractCallerAcls(implicit iam: IamClient[Task], token: Option[AuthToken]): Directive1[AccessControlLists] = {
    import ch.epfl.bluebrain.nexus.rdf.Iri.Path._
    onComplete(iam.acls("*" / "*", ancestors = true, self = true).runToFuture).flatMap {
      case Success(result)                         => provide(result)
      case Failure(_: IamClientError.Unauthorized) => failWith(AuthenticationFailed)
      case Failure(_: IamClientError.Forbidden)    => failWith(AuthorizationFailed)
      case Failure(err) =>
        val message = "Error when trying to check for permissions"
        logger.error(message, err)
        failWith(InternalError(message))
    }
  }

  /**
    * Authenticates the requested with the provided ''token'' and returns the ''caller''
    */
  def extractCaller(implicit iam: IamClient[Task], token: Option[AuthToken]): Directive1[Caller] =
    onComplete(iam.identities.runToFuture).flatMap {
      case Success(caller)                         => provide(caller)
      case Failure(_: IamClientError.Unauthorized) => failWith(AuthenticationFailed)
      case Failure(_: IamClientError.Forbidden)    => failWith(AuthorizationFailed)
      case Failure(err) =>
        val message = "Error when trying to extract the subject"
        logger.error(message, err)
        failWith(InternalError(message))
    }
}