Skip to content

Fix identity extraction in cedar_guard middleware & correct revoke_bot_token OpenAPI docs #2028

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
genedna merged 7 commits into from
Mar 23, 2026
Merged

Fix identity extraction in cedar_guard middleware & correct revoke_bot_token OpenAPI docs #2028

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
87ceb51
#1999: rebase
WiedersehenM Mar 18, 2026
c20c999
- Export bot_token_dto in jupiter model so BotTokenInfo is reachable
WiedersehenM Mar 15, 2026
974ed6f
#1999: fix identity extraction in cedar_guard middleware and revoke_b…
WiedersehenM Mar 18, 2026
ccb6e63
#1999: remove duplicate bot token helpers and module export
WiedersehenM Mar 20, 2026
e435a3f
#1999: use stateful axum extractors in cedar guard middleware
WiedersehenM Mar 20, 2026
cd5927e
#1999: use request parts API for stateful identity extraction in ceda…
WiedersehenM Mar 21, 2026
9167ce2
#1999: satisfy clippy by matching extractor results directly
WiedersehenM Mar 21, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
22 changes: 12 additions & 10 deletions mono/src/api/guard/cedar_guard.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
use std::{collections::HashMap, path::Path, str::FromStr};

use axum::{
extract::{FromRef, Request, State},
extract::{FromRef, FromRequestParts, Request, State},
middleware::Next,
response::Response,
};
Expand Down Expand Up @@ -138,16 +138,16 @@ pub async fn cedar_guard(
// .ok_or_else(|| MegaError::with_message(format!("Change list not found for link: {}", link)))?;
// let repo_path: PathBuf = cl_model.path.into();

let login_user = req.extensions().get::<LoginUser>();
let bot_identity = req.extensions().get::<BotIdentity>();
let (mut parts, body) = req.into_parts();

let (principal_type, principal_id) = if let Some(bot) = bot_identity {
("Bot".to_string(), bot.bot.id.to_string())
} else if let Some(user) = login_user {
("User".to_string(), user.username.clone())
} else {
("User".to_string(), "reader".to_string())
};
let (principal_type, principal_id) =
if let Ok(bot) = BotIdentity::from_request_parts(&mut parts, &state).await {
("Bot".to_string(), bot.bot.id.to_string())
} else if let Ok(user) = LoginUser::from_request_parts(&mut parts, &state).await {
("User".to_string(), user.username.clone())
} else {
("User".to_string(), "reader".to_string())
};

// let policy_path = repo_path.join("cedar/policies.cedar");
// let policy_content = get_blob_string(&state, &policy_path).await?;
Expand All @@ -169,6 +169,8 @@ pub async fn cedar_guard(
MegaError::Other(format!("Guard Authorization failed: {}", e)),
)
})?;

let req = Request::from_parts(parts, body);
let response = next.run(req).await;

if response.status().is_client_error() {
Expand Down
2 changes: 1 addition & 1 deletion mono/src/api/router/bot_router.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -314,7 +314,7 @@ async fn list_bot_tokens(
(status = 200, description = "Token revoked successfully"),
(status = 401, description = "Unauthorized"),
(status = 403, description = "Forbidden - admin only"),
(status = 404, description = "Bot or token not found"),
(status = 404, description = "Bot not found"),
),
tag = BOT_TAG
)]
Expand Down
Loading