integrate GUI with our custom OPA server

f10a5b5d · Mohammad Torkashvand · beb2692d · f10a5b5d · f10a5b5d
Commit f10a5b5d authored 1 year ago by Mohammad Torkashvand
--- a/.env.local.example
+++ b/.env.local.example
@@ -15,6 +15,7 @@ REACT_APP_OAUTH2_ENABLED=False
 REACT_APP_OAUTH2_CLIENT_ID=
 REACT_APP_OAUTH2_OPENID_CONNECT_URL=
 REACT_APP_OAUTH2_SCOPE=
+REACT_APP_OPA_BUNDLE_URL="http://localhost:8080/opa/bundles/policy.wasm"

 # Needed because some libs misbehave
 GENERATE_SOURCEMAP=false

--- a/src/utils/policy.ts
+++ b/src/utils/policy.ts
+import { loadPolicy } from "@open-policy-agent/opa-wasm";
+
+
 export async function createPolicyCheck(user?: Partial<Oidc.Profile>) {
    if (!user) {
        return () => true;
    }
+
+    const opaBundletUrl = process.env.REACT_APP_OPA_BUNDLE_URL;
+
+    if (typeof opaBundletUrl === 'undefined') {
+        throw new Error('REACT_APP_OPA_BUNDLE_URL is not defined');
+    }
+
+    const policyResult = await fetch(opaBundletUrl);
+    const policyWasm = await policyResult.arrayBuffer();
    try {
+        const policy = await loadPolicy(policyWasm);
+
        function allowed(resource: string): boolean {
-            return true;
+            const input: any = {
+                resource: resource,
+                method: "GET",
+                ...user,
+            };
+
+            const resultSet = policy.evaluate(input);
+
+            if (resultSet == null || resultSet.length === 0) {
+                console.error("evaluation error", resultSet);
+                return false;
+            }
+
+            return resultSet[0].result;
        }
        return allowed;
    } catch {