authorize

Documentation

Index

• func IsRequestAuthorized(req *http.Request, a Authorizer, headerName string) error
• type Authorizer
  • func New(ctx context.Context, config Config) (Authorizer, error)
• type Condition
  • func AND(conditions ...Condition) (Condition, error)
  • func Contains(perm string) Condition
  • func OR(conditions ...Condition) (Condition, error)
• type Config

Functions

func IsRequestAuthorized

func IsRequestAuthorized(req *http.Request, a Authorizer, headerName string) error

Types

type Authorizer

type Authorizer interface {
	// Returns nil if token gives authority for the user.
	IsAuthorized(ctx context.Context, token string) error
}

func New

func New(ctx context.Context, config Config) (Authorizer, error)

type Condition

type Condition struct {
	// contains filtered or unexported fields
}

Condition is used to check whether user with tokenPerms has access.

func AND

func AND(conditions ...Condition) (Condition, error)

AND is an array of conditions with logic AND. If no condition is passed it returns false.

func Contains

func Contains(perm string) Condition

Contains is an condition that returns true token perms contains given permission.

func OR

func OR(conditions ...Condition) (Condition, error)

OR is an array of conditions with logic OR. If no condition is passed it returns false.

type Config

type Config struct {
	// OIDC issuer url.
	Provider string
	// Expected Audience of the token. For a majority of the cases this is expected to be
	// the ID of the client that initialized the login flow. It may occasionally differ if
	// the provider supports the authorizing party (azp) claim.
	ClientID string
	// Claim name that contains user permissions (sometimes called 'group')
	PermsClaim string

	// Permission condition that will authorize token.
	PermCondition Condition
}

Config is an authorize configuration. TODO(bwplotka): Add proper unmarshaller/marshaller for that data struct.