我正在尝试创建一个自定义指令,我稍后可以使用它来验证用户角色,如下所示:
val route = put & authorize(ADMIN) {
// do sth
}
或
val route = put {
authorize(ADMIN) {
//do sth
}
}
。这是我到目前为止所得到的:
def authorize(role: String): Directive0 = {
extractToken { t: String =>
validateToken(t) {
extractRoles(t) { roles: Seq[String] =>
validate(roles.contains(role), s"User does not have the required role")
}
}
}
}
def extractRoles(token: String): Directive1[Seq[String]] = {
token match {
case JsonWebToken(header, claimsSet, signature) => {
val decoded = decodeJWT(token)
decoded match {
case Some(_) => provide(extractRoleCodesFromJWT(decoded.get))
case None => provide(Seq())
}
}
case x =>
provide(Seq())
}
}
def validateToken(token: String): Directive0 = validate(validateJWT(token), INVALID_TOKEN_MESSAGE)
def extractToken: Directive1[Option[String]] = extractToken | extractHeader
def extractCookie: Directive1[Option[String]] = optionalCookie(JWT_COOKIE_NAME).map(_.map(_.value))
def extractHeader: Directive1[Option[String]] = optionalHeaderValueByName(JWT_HEADER_NAME)
除了我想要稍后使用的实际Directive0(授权)之外,所有编译都很好。最内线validate(...)显示编译错误,说“类型server.Directive0的表达式不符合预期的类型server.Route”
如何正确嵌套我的其他指令以形成我的authorize指令? 或者我可以以其他方式连接它们,而不是嵌套? 遗憾的是,关于自定义指令的文档非常简洁。
[UPDATE]
感谢来自Java Anto的指针,这就是我想出来的。
def authorize(role: String): Directive0 = {
extractToken.flatMap(validateToken)
.flatMap(extractRoles)
.flatMap(roles => validate(roles.contains(role), MISSING_ROLE_MESSAGE))
}
这会编译并希望能够正确地进行测试。
答案 0 :(得分:2)
感谢来自@Java Anto的指针,对我有用的解决方案如下。
trait AuthorizationDirectives extends JWTService {
val JWT_COOKIE_NAME = "jwt_cookie_name"
val JWT_HEADER_NAME = "jwt_cookie_header"
val INVALID_TOKEN_MESSAGE = "The provided token is not valid."
val MISSING_ROLE_MESSAGE = "User does not have the required role."
def authorizeRole(role: String): Directive0 = {
extractToken.flatMap(validateToken)
.flatMap(extractRoles)
.flatMap(validateRole(role)(_))
}
def extractRoles(token: String): Directive1[String] = {
// decode the token
val decoded = decodeJWT(token)
// check if decode was successful
decoded match {
case Some(_) => {
// get the role string
val rolesString = extractRoleCodesFromJWT(decoded.get)
rolesString match {
// return rolestring if present
case Some(_) => provide(rolesString.get)
case None => reject(AuthorizationFailedRejection)
}
}
case None => reject(AuthorizationFailedRejection)
}
}
def validateRole(role: String)(roles: String): Directive0 = {
if (roles.contains(role))
pass
else
reject(AuthorizationFailedRejection)
}
def validateToken(token: Option[String]): Directive1[String] = {
token match {
case Some(_) => validate(validateJWT(token.get), INVALID_TOKEN_MESSAGE) & provide(token.get)
case None => reject(AuthorizationFailedRejection)
}
}
def extractToken: Directive1[Option[String]] = {
extractCookie.flatMap {
case None => extractHeader
case t@Some(_) => provide(t)
}
}
def extractCookie: Directive1[Option[String]] = optionalCookie(JWT_COOKIE_NAME).map(_.map(_.value))
def extractHeader: Directive1[Option[String]] = optionalHeaderValueByName(JWT_HEADER_NAME)
}
然后可以像这样使用该指令:
trait CRUDServiceRoute[ENTITY, UPDATE] extends BaseServiceRoute with Protocols with AuthorizationDirectives with CorsSupport {
import StatusCodes._
val requiredRoleForEdit = USER
val crudRoute: Route =
pathEndOrSingleSlash {
corsHandler {
get {
complete(getAll().map(entityToJson))
} ~
put {
authorizeRole(requiredRoleForEdit) {
entity(entityUnmarshaller) { t =>
complete(Created -> create(t).map(idToJson))
}
}
}
}
} ~
pathPrefix(IntNumber) { id =>
pathEndOrSingleSlash {
corsHandler {
get {
complete(getById(id).map(entityToJson))
}
} ~
corsHandler {
put {
authorizeRole(requiredRoleForEdit) {
entity(updateUnmarshaller) { tupd =>
complete(update(id, tupd).map(entityToJson))
}
}
}
} ~
delete {
corsHandler {
authorizeRole(requiredRoleForEdit) {
onSuccess(remove(id)) { ignored =>
complete(NoContent)
}
}
}
}
}
}
def entityToJson(value: Seq[ENTITY]): JsValue
def entityToJson(value: Option[ENTITY]): JsValue
def idToJson(value: Option[Long]): JsValue
def entityUnmarshaller: FromRequestUnmarshaller[ENTITY]
def updateUnmarshaller: FromRequestUnmarshaller[UPDATE]
// CRUD service methods. These are implemented by the services used in the concrete routes
def getAll(): Future[Seq[ENTITY]]
def getById(id: Long): Future[Option[ENTITY]]
def create(entity: ENTITY): Future[Option[Long]]
def update(id: Long, noteUpdate: UPDATE): Future[Option[ENTITY]]
def remove(id: Long): Future[Int]
}