This repository has been archived by the owner on Oct 23, 2024. It is now read-only.
forked from arrikto/oidc-authservice
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathtransformer_userid.go
121 lines (111 loc) · 3.88 KB
/
transformer_userid.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
package main
import (
"encoding/json"
"regexp"
"github.com/pkg/errors"
log "github.com/sirupsen/logrus"
)
// userIDTransformationRule represents a single transformation rule and
// encapsulates it's functionality. This is a generic interface that
// multiple rules can implement to expand the UserIDTransformer functionality.
type userIDTransformationRule interface {
// isApplicable checks if the rule is relevant for the userID.
isApplicable(userID string) bool
// apply does the actual transformation to userID.
apply(userID string) string
}
// UserIDTransformer holds the UserID transformation rules.
type UserIDTransformer struct {
rules []userIDTransformationRule
}
// Transform modifies the UserID based on user provided rules. This method will
// search the rules in order, find the first that matches the userID and
// replace the match with the provided value. If no matching rule is found, it
// will return the original value.
// For example using the rules:
// [
// {"matches" : "user1@domain\\.com", "replaces": "anotherUser" },
// {"matches" : "@domain\\.com", "replaces": "" }
// ]
// The userID `[email protected]` will be transformed to `anotherUser`
// based on the first rule.
// The userID `[email protected]` will be transformed to `user2` based
// on the second rule.
// The userID `[email protected]` will not be transformed and the original value
// will be returned.
func (uit *UserIDTransformer) Transform(userID string) string {
// Check each rule.
for _, rule := range uit.rules {
if rule.isApplicable(userID) {
// If the rule matches, apply the transformation.
transformed := rule.apply(userID)
log.WithFields(log.Fields{
"originalID": userID,
"transformedID": transformed,
}).Info("Transforming UserID")
return transformed
}
}
// If no rule matched, return the original value.
return userID
}
// Decode creates a new UserIDTransformer using as input a JSON formatted
// string for rules initialization.
// The accepted JSON format is:
// {
// [
// {"matches": "regex", "replaces": "value"}
// ]
// }
func (uit *UserIDTransformer) Decode(value string) error {
var rules []userIDTransformationRule
var config []map[string]*json.RawMessage
// Unmarshal the JSON config to a list of objects.
if err := json.Unmarshal([]byte(value), &config); err != nil {
return err
}
for _, entry := range config {
// Unmarshal a regexReplaceTransformationRule.
if matches, ok := entry["matches"]; ok {
if replaces, ok := entry["replaces"]; ok {
var rule regexReplaceTransformationRule
if err := json.Unmarshal(*replaces, &rule.replaces); err != nil {
return err
}
var regex string
if err := json.Unmarshal(*matches, ®ex); err != nil {
return err
}
rule.matches = regexp.MustCompile(regex)
rules = append(rules, &rule)
} else {
// If the required fields are missing, return an error.
return errors.Errorf("error unmarshalling UserID transformer" +
" JSON config, 'replaces' field is missing.")
}
} else {
// If no unmarshalling subtype is matched, return an error
return errors.Errorf("error unmarshalling UserID transformer" +
" JSON config, 'matches' field is missing.")
}
}
*uit = UserIDTransformer{
rules: rules,
}
return nil
}
/////////////////////////////////////////////////
// Rules Implementations //
/////////////////////////////////////////////////
// regexReplaceTransformationRule represents a single transformation rule that matches
// the userID with a regular expression and replaces the match with a predefined value.
type regexReplaceTransformationRule struct {
matches *regexp.Regexp
replaces string
}
func (r *regexReplaceTransformationRule) isApplicable(userID string) bool {
return r.matches.MatchString(userID)
}
func (r *regexReplaceTransformationRule) apply(userID string) string {
return r.matches.ReplaceAllString(userID, r.replaces)
}