move auth chack to top of route handler

2025-11-01 01:51:48 +01:00 · 2025-11-01 01:51:48 +01:00 · 9fe298a899
commit 9fe298a899
parent c60c4978df
1 changed files with 30 additions and 31 deletions
--- a/ssh-key-provider/src/main/java/de/ccc/hamburg/keycloak/ssh_key/SSHKeyResourceProvider.java
+++ b/ssh-key-provider/src/main/java/de/ccc/hamburg/keycloak/ssh_key/SSHKeyResourceProvider.java
@ -49,50 +49,49 @@ public class SSHKeyResourceProvider implements RealmResourceProvider {
    @Path("export/{group_id}")
    @Produces(MediaType.APPLICATION_JSON)
    public Response exportKeys(@PathParam("group_id") String groupId) {
+        try {
+            AuthHelper.getAuth(
+                    session,
+                    authResult -> authResult.getToken().getIssuedFor().equals("admin-cli"));
+        } catch (Exception e) {
+            System.err.println(e);
+            return Response.status(401, e.getMessage()).build();
+        }
+
        UserProvider userProvider = session.users();
        UserProfileProvider profileProvider = session.getProvider(UserProfileProvider.class);
        UPConfig upconfig = profileProvider.getConfiguration();
-
        List<String> attributeNames = upconfig.getAttributes()
                .stream()
                .filter(a -> a.getGroup() != null && a.getGroup().equals("de.ccc.hamburg.keycloak.ssh_key.keys"))
                .map(a -> a.getName())
                .toList();

-        try {
-            AuthHelper.getAuth(
-                    session,
-                    authResult -> authResult.getToken().getIssuedFor().equals("admin-cli"));
+        RealmModel realm = session.getContext().getRealm();

-            RealmModel realm = session.getContext().getRealm();
+        // TODO: add allowlist check
+        GroupModel group = realm.getGroupById(groupId);

-            // TODO: add allowlist check
-            GroupModel group = realm.getGroupById(groupId);
+        Stream<UserModel> users = userProvider.getGroupMembersStream(realm, group);

-            Stream<UserModel> users = userProvider.getGroupMembersStream(realm, group);
+        List<String> keys = users
+                .map(user -> {
+                    return attributeNames
+                            .stream()
+                            .map(attributeName -> user.getAttributeStream(attributeName).findFirst())
+                            .filter(attribute -> attribute.isPresent())
+                            .map(attribute -> attribute.get())
+                            .toList();
+                })
+                .flatMap(List::stream)
+                .map(key -> {
+                    final Matcher matcher = SSH_PUBLIC_KEY.matcher(key);
+                    return matcher.find() ? matcher.group("key") : null;
+                })
+                .filter(Objects::nonNull)
+                .toList();

-            List<String> keys = users
-                    .map(user -> {
-                        return attributeNames
-                                .stream()
-                                .map(attributeName -> user.getAttributeStream(attributeName).findFirst())
-                                .filter(attribute -> attribute.isPresent())
-                                .map(attribute -> attribute.get())
-                                .toList();
-                    })
-                    .flatMap(List::stream)
-                    .map(key -> {
-                        final Matcher matcher = SSH_PUBLIC_KEY.matcher(key);
-                        return matcher.find() ? matcher.group("key") : null;
-                    })
-                    .filter(Objects::nonNull)
-                    .toList();
-
-            return Response.ok(Map.of("keys", keys)).build();
-        } catch (Exception e) {
-            System.err.println(e);
-            return Response.status(401, e.getMessage()).build();
-        }
+        return Response.ok(Map.of("keys", keys)).build();

    }