From f10a5b5dc01fcb8a3a46950653cef4715cddbe07 Mon Sep 17 00:00:00 2001
From: Mohammad Torkashvand <mohammad.torkashvand@geant.org>
Date: Mon, 8 Jan 2024 12:46:43 +0100
Subject: [PATCH] integrate GUI with our custom OPA server
---
.env.local.example | 1 +
src/utils/policy.ts | 29 ++++++++++++++++++++++++++++-
2 files changed, 29 insertions(+), 1 deletion(-)
diff --git a/.env.local.example b/.env.local.example
index b85bcbc..063314a 100644
--- a/.env.local.example
+++ b/.env.local.example
@@ -15,6 +15,7 @@ REACT_APP_OAUTH2_ENABLED=False
REACT_APP_OAUTH2_CLIENT_ID=
REACT_APP_OAUTH2_OPENID_CONNECT_URL=
REACT_APP_OAUTH2_SCOPE=
+REACT_APP_OPA_BUNDLE_URL="http://localhost:8080/opa/bundles/policy.wasm"
# Needed because some libs misbehave
GENERATE_SOURCEMAP=false
diff --git a/src/utils/policy.ts b/src/utils/policy.ts
index 8b43e9f..207dab5 100644
--- a/src/utils/policy.ts
+++ b/src/utils/policy.ts
@@ -1,10 +1,37 @@
+import { loadPolicy } from "@open-policy-agent/opa-wasm";
+
+
export async function createPolicyCheck(user?: Partial<Oidc.Profile>) {
if (!user) {
return () => true;
}
+
+ const opaBundletUrl = process.env.REACT_APP_OPA_BUNDLE_URL;
+
+ if (typeof opaBundletUrl === 'undefined') {
+ throw new Error('REACT_APP_OPA_BUNDLE_URL is not defined');
+ }
+
+ const policyResult = await fetch(opaBundletUrl);
+ const policyWasm = await policyResult.arrayBuffer();
try {
+ const policy = await loadPolicy(policyWasm);
+
function allowed(resource: string): boolean {
- return true;
+ const input: any = {
+ resource: resource,
+ method: "GET",
+ ...user,
+ };
+
+ const resultSet = policy.evaluate(input);
+
+ if (resultSet == null || resultSet.length === 0) {
+ console.error("evaluation error", resultSet);
+ return false;
+ }
+
+ return resultSet[0].result;
}
return allowed;
} catch {
--
GitLab