From 948c23f9abd53f28e7d9c4938a118453309f3ff1 Mon Sep 17 00:00:00 2001 From: Gimmy Date: Wed, 30 Apr 2025 11:05:36 +0300 Subject: [PATCH] do not assue https for authorizer address --- __tests__/integration/index.test.ts | 8 +++----- lib/authorizer/index.ts | 15 ++++++++++++--- lib/processOptions.ts | 9 +-------- 3 files changed, 16 insertions(+), 16 deletions(-) diff --git a/__tests__/integration/index.test.ts b/__tests__/integration/index.test.ts index ba8d435..901ac17 100644 --- a/__tests__/integration/index.test.ts +++ b/__tests__/integration/index.test.ts @@ -1790,21 +1790,18 @@ types: const response = await authorizerClient.DecisionTree({ identityContext: await AnonymousIdentityMapper(), policyInstance: policyInstance("todo", "todo"), - policyContext: policyContext(), + policyContext: policyContext("todoApp"), }); const expectedResult = { path: { - "rebac.check": { - allowed: false, - }, "todoApp.DELETE.todos.__id": { allowed: false }, "todoApp.GET.todos": { allowed: true }, "todoApp.GET.users.__userID": { allowed: true }, "todoApp.POST.todos": { allowed: false }, "todoApp.PUT.todos.__id": { allowed: false }, }, - pathRoot: "", + pathRoot: "todoApp", }; expect(response).toEqual(expectedResult); @@ -1830,6 +1827,7 @@ types: describe("Query", () => { it("returns the correct data structure", async () => { const response = await authorizerClient.Query({ + identityContext: await AnonymousIdentityMapper(), query: "x=data", input: '{"foo": "bar"}', }); diff --git a/lib/authorizer/index.ts b/lib/authorizer/index.ts index ea9f9d4..e115386 100644 --- a/lib/authorizer/index.ts +++ b/lib/authorizer/index.ts @@ -30,6 +30,8 @@ import { QueryRequest, } from "./types"; +const ADDRESS_REGEX = /https?:\/\//; + type AuthorizerConfig = { authorizerServiceUrl?: string; tenantId?: string; @@ -62,8 +64,15 @@ export class Authorizer { interceptors.push(traceMessage); } - const baseServiceUrl = - config.authorizerServiceUrl || "authorizer.prod.aserto.com:8443"; + const getServiceUrl = () => { + const baseServiceUrl = + config.authorizerServiceUrl || "authorizer.prod.aserto.com:8443"; + const scheme = "https://"; + + const serviceUrlMatch = baseServiceUrl?.match(ADDRESS_REGEX); + return serviceUrlMatch ? baseServiceUrl : `${scheme}${baseServiceUrl}`; + }; + const caFilePath = config.authorizerCertFile || config.caFile; const baseCaFile = !!caFilePath ? readFileSync(caFilePath) : undefined; @@ -75,7 +84,7 @@ export class Authorizer { }; const baseGrpcTransport = createGrpcTransport({ - baseUrl: `https://${baseServiceUrl}`, + baseUrl: getServiceUrl(), interceptors: interceptors, nodeOptions: baseNodeOptions, }); diff --git a/lib/processOptions.ts b/lib/processOptions.ts index 1b3e02b..1cf9b36 100644 --- a/lib/processOptions.ts +++ b/lib/processOptions.ts @@ -34,14 +34,7 @@ export default ( if (!authorizerServiceUrl && res) { return error(res, "must provide authorizerServiceUrl in option map"); } - let authorizerUrl = `${authorizerServiceUrl}`; - // strip any https:// or http:// prefix since this is a gRPC address - if (authorizerUrl.startsWith("https://")) { - authorizerUrl = authorizerUrl.split("https://")[1]!; - } - if (authorizerUrl.startsWith("http://")) { - authorizerUrl = authorizerUrl.split("http://")[1]!; - } + const authorizerUrl = `${authorizerServiceUrl}`; // set the authorizer API key let authorizerApiKey = null;