verify identity in the handler too

quorumcontrol · Jun 8, 2020 · badb25f · badb25f
1 parent 9b9d035
commit badb25f
Showing 1 changed file with 15 additions and 2 deletions.
diff --git a/aggregator/api/handler/main.go b/aggregator/api/handler/main.go
@@ -27,14 +27,16 @@ import (
 var (
 	// ErrQueryNameNotProvided is thrown when no query name is provided in a request
 	ErrQueryNameNotProvided = errors.New("no query was provided in the HTTP body")
-	mainSchema              *graphql.Schema
 	identityPoolID          = os.Getenv("IDENTITY_POOL")
 	identityProviderName    = os.Getenv("IDENTITY_PROVIDER_NAME")
 	deploymentStage         = os.Getenv("STAGE")
 	iotPolicyName           = os.Getenv("IOT_POLICY_NAME")
 	dynamoTableName         = os.Getenv("TABLE_NAME")
 
 	logger = logging.Logger("handler.Main")
+
+	mainSchema  *graphql.Schema
+	appResolver *api.Resolver
 )
 
 func Handler(ctx context.Context, request events.APIGatewayProxyRequest) (events.APIGatewayProxyResponse, error) {
@@ -90,7 +92,17 @@ func Handler(ctx context.Context, request events.APIGatewayProxyRequest) (events
 		if ident != nil {
 			//TODO: this can probably be debug
 			logger.Infof("identity: %s", ident.Sub)
-			ctx = context.WithValue(ctx, api.IdentityContextKey, ident.Identity)
+			isVerified, err := ident.Verify(ctx, appResolver.Aggregator)
+			if err != nil {
+				logger.Errorf("error verifying: %v", err)
+				return events.APIGatewayProxyResponse{
+					Body:       fmt.Sprintf("error verifying: %v", err),
+					StatusCode: 500,
+				}, nil
+			}
+			if isVerified {
+				ctx = context.WithValue(ctx, api.IdentityContextKey, ident.Identity)
+			}
 		}
 	}
 
@@ -182,6 +194,7 @@ func init() {
 		panic(err)
 	}
 	mainSchema = schema
+	appResolver = resolver
 }
 
 func main() {