func()

in lib/dam/token_flow.go [609:692]

• 76 lines of code
• 15 McCabe index (conditional complexity)

func (s *Service) fetchResourceTokens(r *http.Request) (_ *pb.ResourceResults, ferr error) {
	tx, err := s.store.Tx(false)
	if err != nil {
		return nil, status.Errorf(codes.Unavailable, "%v", err)
	}
	defer func() {
		err := tx.Finish()
		if ferr == nil {
			ferr = err
		}
	}()

	a, err := auth.FromContext(r.Context())
	if err != nil {
		return nil, err
	}

	cart := ""
	if s.useHydra {
		cart, err = s.extractCartFromAccessToken(a.ID)
		if err != nil {
			return nil, err
		}
	} else {
		return nil, status.Errorf(codes.Unimplemented, "Unimplemented oidc provider")
	}

	state, id, err := s.resourceTokenState(cart, tx)
	if err != nil {
		return nil, status.Errorf(codes.InvalidArgument, "%v", err)
	}
	if len(state.Resources) == 0 {
		return nil, status.Errorf(codes.InvalidArgument, "empty resource list")
	}
	cfg, err := s.loadConfig(tx, state.Resources[0].Realm)
	if err != nil {
		return nil, status.Errorf(codes.InvalidArgument, "%v", err)
	}

	ctx := r.Context()
	keyFile := false
	out := &pb.ResourceResults{
		Resources:    make(map[string]*pb.ResourceResults_ResourceDescriptor),
		Access:       make(map[string]*pb.ResourceResults_ResourceAccess),
		EpochSeconds: uint32(time.Now().Unix()),
	}
	for i, r := range state.Resources {
		res, ok := cfg.Resources[r.Resource]
		if !ok {
			return nil, status.Errorf(codes.NotFound, "resource not found: %q", r.Resource)
		}

		view, ok := res.Views[r.View]
		if !ok {
			return nil, status.Errorf(codes.NotFound, "view %q not found for resource %q", r.View, r.Resource)
		}

		result, st, err := s.generateResourceToken(ctx, state.ClientId, r.Resource, r.View, r.Role, r.Interface, time.Duration(state.Ttl), keyFile, id, cfg, res, view)
		if err != nil {
			return nil, status.Errorf(httputils.RPCCode(st), "%v", err)
		}
		access := strconv.Itoa(i)

		interMap := map[string]*pb.ResourceResults_InterfaceEntry{}
		for k, v := range makeViewInterfaces(view, res, cfg, s.adapters) {
			entry := &pb.ResourceResults_InterfaceEntry{}
			interMap[k] = entry
			for _, uri := range v.Uri {
				entry.Items = append(entry.Items, &pb.ResourceResults_ResourceInterface{Uri: uri, Labels: v.Labels})
			}
		}

		out.Resources[r.Url] = &pb.ResourceResults_ResourceDescriptor{
			Interfaces:  interMap,
			Permissions: makeRoleCategories(view, r.Role, cfg),
			Access:      access,
		}
		out.Access[access] = &pb.ResourceResults_ResourceAccess{
			Credentials: result.Credentials,
			Labels:      result.Labels,
		}
	}
	return out, nil
}