Skip to content

Commit 8317a01

Browse files
committed
chore: fix middleware
Signed-off-by: Miguel Martinez <miguel@chainloop.dev>
1 parent e8fe8c2 commit 8317a01

2 files changed

Lines changed: 25 additions & 8 deletions

File tree

app/controlplane/internal/server/grpc.go

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -200,6 +200,8 @@ func craftMiddleware(opts *Opts) []middleware.Middleware {
200200
// 3 - Check user/token authorization
201201
authzMiddleware.WithAuthzMiddleware(opts.Enforcer, logHelper),
202202
).Match(requireAllButOrganizationOperationsMatcher()).Build(),
203+
// Store all memberships in the context
204+
usercontext.WithCurrentMembershipsMiddleware(opts.MembershipUseCase),
203205
// 4 - Make sure the account is fully functional
204206
selector.Server(
205207
usercontext.CheckUserHasAccess(opts.AuthConfig.AllowList, opts.UserUseCase),
@@ -283,7 +285,7 @@ func requireRobotAccountMatcher() selector.MatchFunc {
283285

284286
// Matches all operations that require to have a current organization
285287
func requireAllButOrganizationOperationsMatcher() selector.MatchFunc {
286-
const skipRegexp = "/controlplane.v1.UserService/ListMemberships|/controlplane.v1.ContextService/Current|/controlplane.v1.AuthService/DeleteAccount"
288+
const skipRegexp = "/controlplane.v1.OrganizationService/Create|/controlplane.v1.UserService/ListMemberships|/controlplane.v1.ContextService/Current|/controlplane.v1.AuthService/DeleteAccount"
287289
return func(ctx context.Context, operation string) bool {
288290
r := regexp.MustCompile(skipRegexp)
289291
return !r.MatchString(operation)

app/controlplane/internal/usercontext/currentorganization_middleware.go

Lines changed: 22 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
//
2-
// Copyright 2024 The Chainloop Authors.
2+
// Copyright 2024-2025 The Chainloop Authors.
33
//
44
// Licensed under the Apache License, Version 2.0 (the "License");
55
// you may not use this file except in compliance with the License.
@@ -33,6 +33,27 @@ import (
3333
// membershipsCache caches user memberships to save some database queries during intensive sessions
3434
var membershipsCache = expirable.NewLRU[string, *entities.Membership](0, nil, time.Second*1)
3535

36+
func WithCurrentMembershipsMiddleware(membershipUC biz.MembershipsRBAC) middleware.Middleware {
37+
return func(handler middleware.Handler) middleware.Handler {
38+
return func(ctx context.Context, req interface{}) (interface{}, error) {
39+
// Get the current user and return if not found, meaning we are probably coming from an API Token
40+
u := entities.CurrentUser(ctx)
41+
if u == nil {
42+
return handler(ctx, req)
43+
}
44+
45+
var err error
46+
// Let's store all memberships in the context.
47+
ctx, err = setCurrentMembershipsForUser(ctx, u, membershipUC)
48+
if err != nil {
49+
return nil, fmt.Errorf("error setting current org membership: %w", err)
50+
}
51+
52+
return handler(ctx, req)
53+
}
54+
}
55+
}
56+
3657
func WithCurrentOrganizationMiddleware(userUseCase biz.UserOrgFinder, membershipUC biz.MembershipsRBAC, logger *log.Helper) middleware.Middleware {
3758
return func(handler middleware.Handler) middleware.Handler {
3859
return func(ctx context.Context, req interface{}) (interface{}, error) {
@@ -61,12 +82,6 @@ func WithCurrentOrganizationMiddleware(userUseCase biz.UserOrgFinder, membership
6182
}
6283
}
6384

64-
// Let's store all memberships in the context.
65-
ctx, err = setCurrentMembershipsForUser(ctx, u, membershipUC)
66-
if err != nil {
67-
return nil, fmt.Errorf("error setting current org membership: %w", err)
68-
}
69-
7085
org := entities.CurrentOrg(ctx)
7186
if org == nil {
7287
return nil, errors.New("org not found")

0 commit comments

Comments
 (0)