shiny/authz_client
6
0
Fork 0
Code Issues 1 Pull Requests 1 Actions Packages Projects Releases 10 Activity

feat(client): add API key authentication for /authz endpoint (#294)
Release / release (push) Successful in 1m15s
Details
authz_client / vulnerabilities (push) Successful in 2m9s
Details
authz_client / test (push) Successful in 2m21s
Details
pre-commit / pre-commit (push) Successful in 4m46s
Details

Browse Source 
## Summary

- Add `WithAPIKey(key string)` option to `PrivilegeHandler`
- When set, `Fetch()` sends `Authorization: Bearer <key>` header
- Backward compatible: no key = no header (existing behavior)

## Test plan

- [x] Unit test verifying Authorization header is sent
- [x] Unit test verifying no header without key
- [x] Existing tests still pass

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Reviewed-on: #294
This commit was merged in pull request #294.
This commit is contained in:
Joakim Olsson
2026-03-12 07:32:12 +00:00
parent a54cf45a4b
commit fe0abd62c8
2 changed files with 54 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files
client.go
+21 -9
View File
@@ -28,6 +28,7 @@ type PrivilegeHandler struct {
*sync.RWMutex
client *http.Client
baseURL string
apiKey string
privileges map[string]map[string]*CompanyPrivileges
}
@@ -41,6 +42,13 @@ func WithBaseURL(url string) OptsFunc {
}
}
// WithAPIKey sets an API key used as a Bearer token when fetching privileges
func WithAPIKey(key string) OptsFunc {
return func(handler *PrivilegeHandler) {
handler.apiKey = key
}
}
// New creates a new PrivilegeHandler. Pass OptsFuncs to configure.
func New(opts ...OptsFunc) *PrivilegeHandler {
handler := &PrivilegeHandler{
@@ -57,7 +65,16 @@ func New(opts ...OptsFunc) *PrivilegeHandler {
// Fetch the initial set of privileges from an authz-service
func (h *PrivilegeHandler) Fetch() error {
resp, err := h.client.Get(fmt.Sprintf("%s/authz", h.baseURL))
req, err := http.NewRequest(http.MethodGet, fmt.Sprintf("%s/authz", h.baseURL), nil)
if err != nil {
return err
}
if h.apiKey != "" {
req.Header.Set("Authorization", "Bearer "+h.apiKey)
}
resp, err := h.client.Do(req)
if err != nil {
return err
}
@@ -87,13 +104,14 @@ func (h *PrivilegeHandler) Setup() []goamqp.Setup {
// Process privilege-related events and update the internal state
func (h *PrivilegeHandler) Process(msg interface{}, _ goamqp.Headers) (interface{}, error) {
h.Lock()
defer h.Unlock()
switch ev := msg.(type) {
case *UserAdded:
if priv, exists := h.privileges[ev.Email]; exists {
priv[ev.CompanyID] = &CompanyPrivileges{}
} else {
h.Lock()
defer h.Unlock()
h.privileges[ev.Email] = map[string]*CompanyPrivileges{
ev.CompanyID: {},
}
@@ -101,19 +119,13 @@ func (h *PrivilegeHandler) Process(msg interface{}, _ goamqp.Headers) (interface
return nil, nil
case *UserRemoved:
if priv, exists := h.privileges[ev.Email]; exists {
h.Lock()
defer h.Unlock()
delete(priv, ev.CompanyID)
}
return nil, nil
case *PrivilegeAdded:
h.Lock()
defer h.Unlock()
h.setPrivileges(ev.Email, ev.CompanyID, ev.Privilege, true)
return nil, nil
case *PrivilegeRemoved:
h.Lock()
defer h.Unlock()
h.setPrivileges(ev.Email, ev.CompanyID, ev.Privilege, false)
return nil, nil
default: