blob: a16958f99f8a5008f0a1ec99c9750e493d11d115 [file] [log] [blame]
// Copyright 2015 The Vanadium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
var blessingMatches = require('./access/blessing-matching');
var vError = require('./../gen-vdl/v.io/v23/verror');
module.exports = authorizer;
function authorizer(ctx, call, cb) {
// If the remoteBlessings has a public key, and it refers to ourselves
// (i.e a self rpc), then we always authorize.
if (call.remoteBlessings.publicKey &&
call.localBlessings.publicKey === call.remoteBlessings.publicKey) {
return cb();
}
var matchesLocal = call.localBlessingStrings.some(function(l) {
return blessingMatches(l, call.remoteBlessingStrings);
});
if (matchesLocal) {
return cb();
}
var matchesRemote = call.remoteBlessingStrings.some(function(l) {
return blessingMatches(l, call.localBlessingStrings);
});
if (matchesRemote) {
return cb();
}
return cb(new vError.NoAccessError(ctx, 'authorization failed'));
}