authexpr

package
v0.293.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 16, 2022 License: Apache-2.0 Imports: 4 Imported by: 0

README

authexpr

An authorization expression parsing and evaluation library.

Purpose

This library allows rules to control authorization to be defined as "authorization expressions" in a simple language.

For examples of syntax, see the unit tests in expr_test.go.

Features
  • basic expression parser implemented using https://github.com/alecthomas/participle
  • supports evaluating boolean expressions involving all(...) any(...) not(...) and jwtHasScope("someStringLiteral")
  • can evaluate expression given a decoded JSON claims object in input
  • implementation of jwtHasScope is abstracted and may be customised.
  • includes an implementation of jwtHasScope evaluation using the standard definition of the "scope" claim as defined in https://tools.ietf.org/html/rfc8693

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func MakeStandardJWTHasScope

func MakeStandardJWTHasScope(claims map[string]interface{}) func(scope string) (bool, error)

Types

type Atom

type Atom struct {
	Name string     `parser:"@Ident"`
	Args []*Literal `parser:"\"(\" (@@ (\",\" @@)* )? \",\"? \")\""`
}

Atoms look like function calls taking 0 or more Literal arguments. This makes them a bit hard to disambiguate from OpExpr. This might not be the cleanest or most general way to define a grammar but for now it lets the grammar do a bit of type checking for us.

func (*Atom) Evaluate

func (e *Atom) Evaluate(evalCtx EvaluationContext) (bool, error)

func (*Atom) Repr

func (e *Atom) Repr() string

func (*Atom) Validate

func (e *Atom) Validate() error

type Error

type Error struct {
	Msg   string
	Cause error
}

func ConfigFailed

func ConfigFailed(msg string, arg ...interface{}) Error

func EvalFailed

func EvalFailed(msg string, arg ...interface{}) Error

func ParseFailed

func ParseFailed(msg string, arg ...interface{}) Error

func ValidationFailed

func ValidationFailed(msg string, arg ...interface{}) Error

func (Error) Error

func (e Error) Error() string

func (Error) WithCause

func (e Error) WithCause(cause error) Error

type EvaluationContext

type EvaluationContext struct {
	JWTHasScope func(scope string) (bool, error)
}

type Expr

type Expr struct {
	OpExpr   *OpExpr `parser:"  @@"`
	AtomExpr *Atom   `parser:"| @@"`
}

func CompileExpression

func CompileExpression(expression string) (*Expr, error)

func (*Expr) Evaluate

func (e *Expr) Evaluate(evalCtx EvaluationContext) (bool, error)

func (*Expr) Repr

func (e *Expr) Repr() string

func (*Expr) Validate

func (e *Expr) Validate() error

type Literal

type Literal struct {
	String *string `parser:"@String"`
}

func (*Literal) Repr

func (e *Literal) Repr() string

func (*Literal) Validate

func (e *Literal) Validate() error

type OpExpr

type OpExpr struct {
	Name string  `parser:"@Ident"`
	Args []*Expr `parser:"\"(\" @@ (\",\" @@)*  \",\"? \")\""`
}

OpExpr look like function calls taking 1 or more Exp arguments. We require at least 1 argument so we can distinguish between an OpExpr and an Atom. Saying all() or any() is logically well-defined but makes it harder to parse input, and isn't very useful.

func (*OpExpr) Evaluate

func (e *OpExpr) Evaluate(evalCtx EvaluationContext) (bool, error)

func (*OpExpr) Repr

func (e *OpExpr) Repr() string

func (*OpExpr) Validate

func (e *OpExpr) Validate() error

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL