1 files changed, 52 insertions, 0 deletions
diff --git a/app/controllers/aws.go b/app/controllers/aws.go
new file mode 100644
index 0000000..5b1765d
--- /dev/null
+++ b/app/controllers/aws.go
@@ -0,0 +1,52 @@
+package controllers
+import (
+        "context"
+        "code.crute.us/mcrute/cloud-identity-broker/app/middleware"
+        "code.crute.us/mcrute/cloud-identity-broker/app/models"
+        "code.crute.us/mcrute/cloud-identity-broker/cloud/aws"
+        "github.com/labstack/echo/v4"
+)
+type requestContext struct {
+        Account   *models.Account
+        Principal *models.User
+        AWS       aws.AWSClient
+}
+// AWSAPI is a capability that all handlers talking to the AWS APIs should use.
+// This capability does common permission checks and populates a request
+// context with user, account, and AWS API information.
+type AWSAPI struct {
+        Store models.AccountStore
+}
+// GetContext checks that the user is authenticated and is authorized to access
+// the requested AWS account. This should be the very first call in any handler
+// that will eventually call the AWS APIs. Errors returned from this method are
+// echo responses and can be returned directly to the client.
+func (h *AWSAPI) GetContext(c echo.Context) (*requestContext, error) {
+        principal, err := middleware.GetAuthorizedPrincipal(c)
+        if err != nil {
+                return nil, echo.ErrUnauthorized
+        }
+        account, err := h.Store.GetForUser(context.Background(), c.Param("account"), principal)
+        if err != nil {
+                return nil, echo.NotFoundHandler(c)
+        }
+        ac, err := aws.NewAWSClientFromAccount(account)
+        if err != nil {
+                c.Logger().Errorf("Error building AWS client: %w", err)
+                return nil, echo.ErrInternalServerError
+        }
+        return &requestContext{
+                Account:   account,
+                Principal: principal,
+                AWS:       ac,
+        }, nil
+}

diff --git a/app/controllers/aws.go b/app/controllers/aws.go new file mode 100644 index 0000000..5b1765d --- /dev/null +++ b/app/controllers/aws.go
@@ -0,0 +1,52 @@
	1	package controllers
	2
	3	import (
	4	"context"
	5
	6	"code.crute.us/mcrute/cloud-identity-broker/app/middleware"
	7	"code.crute.us/mcrute/cloud-identity-broker/app/models"
	8	"code.crute.us/mcrute/cloud-identity-broker/cloud/aws"
	9
	10	"github.com/labstack/echo/v4"
	11	)
	12
	13	type requestContext struct {
	14	Account *models.Account
	15	Principal *models.User
	16	AWS aws.AWSClient
	17	}
	18
	19	// AWSAPI is a capability that all handlers talking to the AWS APIs should use.
	20	// This capability does common permission checks and populates a request
	21	// context with user, account, and AWS API information.
	22	type AWSAPI struct {
	23	Store models.AccountStore
	24	}
	25
	26	// GetContext checks that the user is authenticated and is authorized to access
	27	// the requested AWS account. This should be the very first call in any handler
	28	// that will eventually call the AWS APIs. Errors returned from this method are
	29	// echo responses and can be returned directly to the client.
	30	func (h AWSAPI) GetContext(c echo.Context) (requestContext, error) {
	31	principal, err := middleware.GetAuthorizedPrincipal(c)
	32	if err != nil {
	33	return nil, echo.ErrUnauthorized
	34	}
	35
	36	account, err := h.Store.GetForUser(context.Background(), c.Param("account"), principal)
	37	if err != nil {
	38	return nil, echo.NotFoundHandler(c)
	39	}
	40
	41	ac, err := aws.NewAWSClientFromAccount(account)
	42	if err != nil {
	43	c.Logger().Errorf("Error building AWS client: %w", err)
	44	return nil, echo.ErrInternalServerError
	45	}
	46
	47	return &requestContext{
	48	Account: account,
	49	Principal: principal,
	50	AWS: ac,
	51	}, nil
	52	}