AtlasFunctions+OSO

Atlas+OSO.js

exports = async function(FUNCTION_TO_CALL){
  const axios = require('axios').default;
  const OSO_authToken = String(context.values.get("Value-OSO_API")); // Replace with your actual authorization token
  const OSO_userId = context.user.data.email;
  let checkOSO = async function(){
      const apiUrl = 'https://cloud.osohq.com/api/list';
      const requestData = {
        actor_type: "User",
        actor_id: OSO_userId,
        action: "view",
        resource_type: "Function",
        context_facts: [],
      };
    
      try {
        const response = await axios.post(apiUrl, requestData, {
          headers: {
            Authorization: `Bearer ${OSO_authToken}`,
            Accept: 'application/json',
            'Content-Type': 'application/json',
          },
        });
    
        console.log('Response:', response.data);
        
        return (response.data.results.includes(String(FUNCTION_TO_CALL)));
      } catch (error) {
        console.error('Error:', error);
        return error;
      }
    }
  let hasAccess = await checkOSO();
  if(!hasAccess){return {"error":"UNAUTHORIZED TO EXECUTE:"+String(FUNCTION_TO_CALL)}}
  return await context.functions.execute(String(FUNCTION_TO_CALL));
};

🐻 OSO + Atlas App Services: Functions

Wrote a small gist that protects individual 'Serverless Functions' --

Once a use is 'authenticated' with Atlas App Services, he has access to 'ALL' the functions in the 'app'.
Using OSO Cloud, I can add an extra layer to granularly control who can access what 'functions'.

Example: Secret kitchen, with morning team and evening team.
(app users) have access to "getNightRecipe" and "getDayRecipe"(functions)

without oso -

I'd have to code logic to protect the recipes from unauthorized access ('team morning' cannot access 'getNighRecipe' data)

with oso -

If user cannot call the function --

{
  "error": "UNAUTHORIZED TO EXECUTE:oso_demo_0"
}

If the user CAN call the function --

"OSO_DEMO_0"
> result (JavaScript): 
EJSON.parse('"OSO_DEMO_0"')