From 629d46321b90ad642ce96e214bc1748626ffa5f9 Mon Sep 17 00:00:00 2001
From: godcong <jumbycc@163.com>
Date: Tue, 24 Dec 2024 14:26:42 +0800
Subject: [PATCH] feat(runtime): add root user authorization and update service
 registration

- Add root user authorization check in NewAuthZServer
- Update service registration interfaces and rename related types
- Improve error handling and logging for authorization
---
 agent/middleware/security/authz.go |  5 ++++-
 service/const.go                   | 20 ++++++++++----------
 service/service.go                 | 15 ++++++++++++++-
 3 files changed, 28 insertions(+), 12 deletions(-)

diff --git a/agent/middleware/security/authz.go b/agent/middleware/security/authz.go
index 2ec2932..a1def9e 100644
--- a/agent/middleware/security/authz.go
+++ b/agent/middleware/security/authz.go
@@ -157,7 +157,10 @@ func NewAuthZ(cfg *configv1.Security, ss ...OptionSetting) (middleware.Middlewar
 				allowed bool
 				err     error
 			)
-
+			if security.ContextIsRoot(ctx) {
+				log.Debugf("NewAuthZServer: claims are root, skipping authorization")
+				return handler(ctx, req)
+			}
 			claims := ClaimsFromContext(ctx)
 			if claims == nil {
 				log.Errorf("NewAuthZ: claims are nil")
diff --git a/service/const.go b/service/const.go
index ad6142d..62560ce 100644
--- a/service/const.go
+++ b/service/const.go
@@ -2,7 +2,7 @@
  * Copyright (c) 2024 OrigAdmin. All rights reserved.
  */
 
-// Package builder implements the functions, types, and interfaces for the module.
+// Package service implements the functions, types, and interfaces for the module.
 package service
 
 import (
@@ -39,16 +39,16 @@ type (
 )
 
 type (
-	// RegisterGRPCServer register a gRPC server
-	RegisterGRPCServer = func(s *GRPCServer)
-	// RegisterHTTPServer register a HTTP server
-	RegisterHTTPServer = func(s *HTTPServer)
-	// RegisterGRPCClient register a gRPC client
-	RegisterGRPCClient = func(c *GRPCClient)
-	// RegisterHTTPClient register a HTTP client
-	RegisterHTTPClient = func(c *HTTPClient)
+	// RegisterGRPCServerFunc register a gRPC server
+	RegisterGRPCServerFunc = func(s *GRPCServer)
+	// RegisterHTTPServerFunc register a HTTP server
+	RegisterHTTPServerFunc = func(s *HTTPServer)
+	// RegisterGRPCClientFunc register a gRPC client
+	RegisterGRPCClientFunc = func(c *GRPCClient)
+	// RegisterHTTPClientFunc register a HTTP client
+	RegisterHTTPClientFunc = func(c *HTTPClient)
 )
 
 var (
-	ErrServiceNotFound = errors.New("builder not found")
+	ErrServiceNotFound = errors.New("service not found")
 )
diff --git a/service/service.go b/service/service.go
index b1d939b..af4a53e 100644
--- a/service/service.go
+++ b/service/service.go
@@ -2,7 +2,7 @@
  * Copyright (c) 2024 OrigAdmin. All rights reserved.
  */
 
-// Package builder implements the functions, types, and interfaces for the module.
+// Package service implements the functions, types, and interfaces for the module.
 package service
 
 import (
@@ -25,4 +25,17 @@ type (
 	}
 )
 
+type HTTPRegister interface {
+	RegisterHTTPServer(context.Context, *HTTPServer)
+}
+
+type GRPCRegister interface {
+	RegisterGRPCServer(context.Context, *GRPCServer)
+}
+
+type Register interface {
+	GRPCRegister
+	HTTPRegister
+}
+
 type Service struct{}