• Example Search
• Project Search

• Java
• Python
• JavaScript
• TypeScript
• C++
• Scala
• Blog

• scala-pet-store-master
  • src
    • main
      • resources
        • logback.xml
        • db
          • migration
            • V1__InitialDatabaseSetup.sql
            • V2__FixPasswordsToBeHashedSecure.sql
            • V3__Authentication.sql
        • reference.conf
      • tut
        • index.md
      • scala
        • io
          • github
            • pauljamescleary
              • petstore
                • config
                  • PetStoreConfig.scala
                  • package.scala
                  • DatabaseConfig.scala
                • infrastructure
                  • endpoint
                    • PetEndpoints.scala
                    • UserEndpoints.scala
                    • Pagination.scala
                    • package.scala
                    • OrderEndpoints.scala
                  • repository
                    • doobie
                      • DoobiePetRepositoryInterpreter.scala
                      • DoobieUserRepositoryInterpreter.scala
                      • Pagination.scala
                      • DoobieAuthRepositoryInterpreter.scala
                      • DoobieOrderRepositoryInterpreter.scala
                    • inmemory
                      • UserRepositoryInMemoryInterpreter.scala
                      • OrderRepositoryInMemoryInterpreter.scala
                      • PetRepositoryInMemoryInterpreter.scala
                • Server.scala
                • domain
                  • pets
                    • Pet.scala
                    • PetService.scala
                    • PetValidationAlgebra.scala
                    • PetValidationInterpreter.scala
                    • PetStatus.scala
                    • PetRepositoryAlgebra.scala
                  • orders
                    • Order.scala
                    • OrderStatus.scala
                    • OrderRepositoryAlgebra.scala
                    • OrderService.scala
                  • authentication
                    • LoginRequest.scala
                    • Auth.scala
                  • users
                    • UserRepositoryAlgebra.scala
                    • User.scala
                    • UserService.scala
                    • UserValidationInterpreter.scala
                    • UserValidationAlgebra.scala
                    • Role.scala
                  • ValidationError.scala
    • test
      • scala
        • io
          • github
            • pauljamescleary
              • petstore
                • Arbitraries.scala
                • infrastructure
                  • endpoint
                    • PetEndpointsSpec.scala
                    • UserEndpointsSpec.scala
                    • AuthTest.scala
                    • OrderEndpointsSpec.scala
                    • LoginTest.scala
                  • repository
                    • doobie
                      • package.scala
                      • UserQueryTypeCheckSpec.scala
                      • OrderQueryTypeCheckSpec.scala
                      • AuthQueryTypeCheckSpec.scala
                      • PetQueryTypeCheckSpec.scala
  • post-pet.sh
  • LICENSE
  • pet.json
  • project
    • build.properties
    • plugins.sbt
  • AUTHORS.md
  • .travis.yml
  • README.md
  • .scalafmt.conf
  • CODE_OF_CONDUCT.md
  • functional_test
    • run.py
    • bootstrap.sh
    • live_tests
      • orders_test.py
      • pets_test.py
      • conftest.py
      • users_test.py
    • pet_store_client.py
    • pytest.ini
    • requirements.txt
  • build.sbt
  • .mergify.yml
  • .gitignore
  • build.sh

package io.github.pauljamescleary.petstore.domain.authentication

import cats.MonadError
import cats.effect._
import io.github.pauljamescleary.petstore.domain.users.{Role, User}
import org.http4s.Response
import tsec.authentication.{
  AugmentedJWT,
  BackingStore,
  IdentityStore,
  JWTAuthenticator,
  SecuredRequest,
  TSecAuthService,
}
import tsec.authorization.BasicRBAC
import tsec.common.SecureRandomId
import tsec.jws.mac.JWSMacCV
import tsec.jwt.algorithms.JWTMacAlgo
import tsec.mac.jca.MacSigningKey

import scala.concurrent.duration._

object Auth {
  def jwtAuthenticator[F[_]: Sync, Auth: JWTMacAlgo](
      key: MacSigningKey[Auth],
      authRepo: BackingStore[F, SecureRandomId, AugmentedJWT[Auth, Long]],
      userRepo: IdentityStore[F, Long, User],
  )(implicit cv: JWSMacCV[F, Auth]): JWTAuthenticator[F, Long, User, Auth] =
    JWTAuthenticator.backed.inBearerToken(
      expiryDuration = 1.hour,
      maxIdle = None,
      tokenStore = authRepo,
      identityStore = userRepo,
      signingKey = key,
    )

  private def _allRoles[F[_], Auth](
      implicit F: MonadError[F, Throwable],
  ): BasicRBAC[F, Role, User, Auth] =
    BasicRBAC.all[F, Role, User, Auth]

  def allRoles[F[_], Auth](
      pf: PartialFunction[SecuredRequest[F, User, AugmentedJWT[Auth, Long]], F[Response[F]]],
  )(implicit F: MonadError[F, Throwable]): TSecAuthService[User, AugmentedJWT[Auth, Long], F] =
    TSecAuthService.withAuthorization(_allRoles[F, AugmentedJWT[Auth, Long]])(pf)

  def allRolesHandler[F[_], Auth](
      pf: PartialFunction[SecuredRequest[F, User, AugmentedJWT[Auth, Long]], F[Response[F]]],
  )(
      onNotAuthorized: TSecAuthService[User, AugmentedJWT[Auth, Long], F],
  )(implicit F: MonadError[F, Throwable]): TSecAuthService[User, AugmentedJWT[Auth, Long], F] =
    TSecAuthService.withAuthorizationHandler(_allRoles[F, AugmentedJWT[Auth, Long]])(
      pf,
      onNotAuthorized.run,
    )

  private def _adminOnly[F[_], Auth](
      implicit F: MonadError[F, Throwable],
  ): BasicRBAC[F, Role, User, Auth] =
    BasicRBAC[F, Role, User, Auth](Role.Admin)

  def adminOnly[F[_], Auth](
      pf: PartialFunction[SecuredRequest[F, User, AugmentedJWT[Auth, Long]], F[Response[F]]],
  )(implicit F: MonadError[F, Throwable]): TSecAuthService[User, AugmentedJWT[Auth, Long], F] =
    TSecAuthService.withAuthorization(_adminOnly[F, AugmentedJWT[Auth, Long]])(pf)
}