🔧 sync

carverauto · Nov 25, 2024 · b7cf194 · b7cf194
1 parent 3dc975d
commit b7cf194
Show file tree

Hide file tree

Showing 5 changed files with 18 additions and 13 deletions.
diff --git a/k8s/api/base/api.yaml b/k8s/api/base/api.yaml
@@ -18,7 +18,7 @@ spec:
         - name: ghcr-io-cred
       containers:
         - name: api
-          image: ghcr.io/carverauto/eventrunner-api:v0.0.37
+          image: ghcr.io/carverauto/eventrunner-api:v0.0.39
           imagePullPolicy: Always
           env:
             - name: DB_PASSWORD

diff --git a/k8s/hydra/values.yaml b/k8s/hydra/values.yaml
@@ -41,8 +41,10 @@ hydra:
     oauth2:
       expose_internal_errors: true
       allowed_top_level_claims:
-        - email
+        - user_metadata
+        - user_id
         - tenant_id
+        - email
         - roles
       mirror_top_level_claims: true
     oidc:

diff --git a/k8s/oathkeeper/values.yaml b/k8s/oathkeeper/values.yaml
@@ -211,7 +211,7 @@ oathkeeper:
             "config": {
               "headers": {
                 "X-User-ID": "{{ print .Subject }}",
-                "X-Tenant-ID": "{{ print .Extra.tenant_id}}",
+                "X-Tenant-ID": "{{ print .Extra.tenant_id }}",
                 "X-User-Email": "{{ print .Extra.email }}",
                 "X-User-Roles": "{{ print .Extra.roles }}"
               }

diff --git a/pkg/api/handlers/api_credentials.go b/pkg/api/handlers/api_credentials.go
@@ -28,18 +28,18 @@ func (h *Handlers) CreateAPICredential(c *gofr.Context) (interface{}, error) {
 	log.Println("Request body Name: ", reqBody.Name)
 
 	oauth2Client := client.NewOAuth2Client()
+
 	oauth2Client.SetClientName(reqBody.Name)
 	oauth2Client.SetScope("openid profile email tenant_id")
 	oauth2Client.SetGrantTypes([]string{"authorization_code", "refresh_token", "client_credentials"})
 	oauth2Client.SetResponseTypes([]string{"code", "id_token"})
 	oauth2Client.SetRedirectUris([]string{"https://api.tunnel.threadr.ai/callback"})
-	oauth2Client.SetAudience([]string{"https://api.tunnel.threadr.ai"})
 
 	metadata := map[string]interface{}{
-		"user_id":    userInfo.UserID.String(),
-		"tenant_id":  userInfo.TenantID.String(),
-		"created_at": time.Now(),
-		"name":       reqBody.Name,
+		"user_id":   userInfo.UserID.String(),
+		"tenant_id": userInfo.TenantID.String(),
+		"email":     userInfo.Email,
+		"roles":     userInfo.Roles,
 	}
 
 	log.Println("Metadata: ", metadata)

diff --git a/pkg/api/handlers/handlers.go b/pkg/api/handlers/handlers.go
@@ -40,7 +40,7 @@ func getCustomContext(c *gofr.Context) (customctx.Context, error) {
 
 type UserInfo struct {
 	UserID   uuid.UUID
-	Role     string
+	Roles    []string
 	TenantID uuid.UUID
 	Email    string
 }
@@ -80,7 +80,7 @@ func getUserInfo(c *gofr.Context) (*UserInfo, error) {
 
 	return &UserInfo{
 		UserID:   userID,
-		Role:     role,
+		Roles:    []string{role},
 		TenantID: tenantID,
 		Email:    email,
 	}, nil
@@ -232,7 +232,9 @@ func (h *Handlers) CreateTenant(c *gofr.Context) (interface{}, error) {
 		return nil, err
 	}
 
-	if userInfo.Role != "superuser" {
+	// look through userInfo.Roles to see if they are the superUser
+	isSuperUser := containsRole(userInfo.Roles, "superuser")
+	if !isSuperUser {
 		return nil, errors.NewForbiddenError("Only superuser can create tenants")
 	}
 
@@ -255,9 +257,10 @@ func (h *Handlers) CreateTenant(c *gofr.Context) (interface{}, error) {
 	return tenant, nil
 }
 
-func containsRole(roles []interface{}, role string) bool {
+// containsRole checks if a role is present in a list of roles from the UserInfo struct.
+func containsRole(roles []string, role string) bool {
 	for _, r := range roles {
-		if r.(string) == role {
+		if r == role {
 			return true
 		}
 	}