fix(authorization)!: remove unused keycloak based authorization

modelix · Nov 20, 2024 · 8b69523 · 8b69523
1 parent 63c02eb
commit 8b69523
Show file tree

Hide file tree

Showing 4 changed files with 0 additions and 317 deletions.
diff --git a/authorization/build.gradle.kts b/authorization/build.gradle.kts
@@ -12,7 +12,6 @@ java {
 dependencies {
     implementation(libs.kotlin.serialization.json)
     implementation(libs.kotlin.serialization.yaml)
-    implementation(libs.keycloak.authz.client)
     implementation(libs.guava)
     api(libs.ktor.server.auth)
     api(libs.ktor.server.auth.jwt)

diff --git a/authorization/src/main/kotlin/org/modelix/authorization/KeycloakUtils.kt b/authorization/src/main/kotlin/org/modelix/authorization/KeycloakUtils.kt
diff --git a/authorization/src/main/kotlin/org/modelix/authorization/KtorAuthUtils.kt b/authorization/src/main/kotlin/org/modelix/authorization/KtorAuthUtils.kt
@@ -20,7 +20,6 @@ import io.ktor.http.auth.AuthScheme
 import io.ktor.http.auth.HttpAuthHeader
 import io.ktor.server.application.Application
 import io.ktor.server.application.ApplicationCall
-import io.ktor.server.application.ApplicationCallPipeline
 import io.ktor.server.application.call
 import io.ktor.server.application.install
 import io.ktor.server.application.plugin
@@ -42,51 +41,12 @@ fun Application.installAuthentication(unitTestMode: Boolean = false) {
     }
 }
 
-fun Route.requiresPermission(resource: KeycloakResource, permissionType: EPermissionType, body: Route.() -> Unit) {
-    requiresPermission(resource, permissionType.toKeycloakScope(), body)
-}
-
-fun Route.requiresRead(resource: KeycloakResource, body: Route.() -> Unit) {
-    requiresPermission(resource, KeycloakScope.READ, body)
-}
-
-fun Route.requiresWrite(resource: KeycloakResource, body: Route.() -> Unit) {
-    requiresPermission(resource, KeycloakScope.WRITE, body)
-}
-
-fun Route.requiresDelete(resource: KeycloakResource, body: Route.() -> Unit) {
-    requiresPermission(resource, KeycloakScope.DELETE, body)
-}
-
-fun Route.requiresPermission(resource: KeycloakResource, scope: KeycloakScope, body: Route.() -> Unit) {
-    requiresLogin {
-        intercept(ApplicationCallPipeline.Call) {
-            call.checkPermission(resource, scope)
-        }
-        body()
-    }
-}
-
 fun Route.requiresLogin(body: Route.() -> Unit) {
     authenticate(MODELIX_JWT_AUTH) {
         body()
     }
 }
 
-fun ApplicationCall.checkPermission(resource: KeycloakResource, scope: KeycloakScope) {
-    if (!application.getModelixAuthorizationConfig().permissionCheckingEnabled()) return
-    val principal = principal<AccessTokenPrincipal>() ?: throw NotLoggedInException()
-    if (!KeycloakUtils.hasPermission(principal.jwt, resource, scope)) {
-        throw NoPermissionException(principal, resource.name, scope.name)
-    }
-}
-
-fun ApplicationCall.hasPermission(resource: KeycloakResource, scope: KeycloakScope): Boolean {
-    if (!application.getModelixAuthorizationConfig().permissionCheckingEnabled()) return true
-    val principal = principal<AccessTokenPrincipal>() ?: throw NotLoggedInException()
-    return KeycloakUtils.hasPermission(principal.jwt, resource, scope)
-}
-
 fun PipelineContext<*, ApplicationCall>.checkPermission(permissionParts: PermissionParts) {
     call.checkPermission(permissionParts)
 }
@@ -147,13 +107,3 @@ fun ApplicationCall.getUserName(): String? {
 fun DecodedJWT.nullIfInvalid(): DecodedJWT? {
     return ModelixAuthorizationConfig().nullIfInvalid(this)
 }
-
-private var cachedServiceAccountToken: DecodedJWT? = null
-val serviceAccountTokenProvider: () -> String = {
-    var token: DecodedJWT? = cachedServiceAccountToken?.nullIfInvalid()
-    if (token == null) {
-        token = KeycloakUtils.getServiceAccountToken()
-        cachedServiceAccountToken = token
-    }
-    token.token
-}
diff --git a/model-server/src/main/kotlin/org/modelix/model/server/handlers/KeyValueLikeModelServer.kt b/model-server/src/main/kotlin/org/modelix/model/server/handlers/KeyValueLikeModelServer.kt
@@ -35,10 +35,7 @@ import kotlinx.html.span
 import org.json.JSONArray
 import org.json.JSONObject
 import org.modelix.authorization.EPermissionType
-import org.modelix.authorization.KeycloakResourceType
-import org.modelix.authorization.KeycloakScope
 import org.modelix.authorization.NoPermissionException
-import org.modelix.authorization.asResource
 import org.modelix.authorization.checkPermission
 import org.modelix.authorization.getUserName
 import org.modelix.authorization.requiresLogin
@@ -54,9 +51,6 @@ import java.io.IOException
 import java.util.*
 import java.util.regex.Pattern
 
-val PERMISSION_MODEL_SERVER = "model-server".asResource()
-val MODEL_SERVER_ENTRY = KeycloakResourceType("model-server-entry", KeycloakScope.READ_WRITE_DELETE)
-
 private class NotFoundException(description: String?) : RuntimeException(description)
 
 typealias CallContext = PipelineContext<Unit, ApplicationCall>