blob: 6a952b4d031d72d1239715c41dbcf9a523228cc9 [file] [log] [blame]
// Copyright 2015 The Vanadium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
var blessingMatches = require('./access/blessing-matching');
var vError = require('./../gen-vdl/v.io/v23/verror');
module.exports = defaultAuthorizer;
function defaultAuthorizer(ctx, call, cb) {
// If the remoteBlessings has a public key, and it refers to ourselves
// (i.e a self rpc), then we always authorize.
if (call.remoteBlessings.publicKey &&
call.localBlessings.publicKey === call.remoteBlessings.publicKey) {
return cb();
}
var matchesLocal = call.localBlessingStrings.some(function(l) {
return blessingMatches(l, call.remoteBlessingStrings);
});
if (matchesLocal) {
return cb();
}
var matchesRemote = call.remoteBlessingStrings.some(function(l) {
return blessingMatches(l, call.localBlessingStrings);
});
if (matchesRemote) {
return cb();
}
return cb(new vError.NoAccessError(ctx, 'authorization failed'));
}