Documentation
¶
Overview ¶
Package storage provides the core logic needed to implement storage services in the Axone protocol.
Index ¶
- type Proxy
- func (p *Proxy) Authenticate(ctx context.Context, credential []byte) (*auth.Identity, error)
- func (p *Proxy) HTTPConfigurator(jwtSecretKey []byte, jwtTTL time.Duration) axonehttp.Option
- func (p *Proxy) HTTPReadHandler() auth.AuthenticatedHandler
- func (p *Proxy) HTTPStoreHandler() auth.AuthenticatedHandler
- func (p *Proxy) Read(ctx context.Context, id *auth.Identity, resourceID string) (io.Reader, error)
- func (p *Proxy) Store(ctx context.Context, id *auth.Identity, resourceID string, src io.Reader) (io.Reader, error)
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Proxy ¶
type Proxy struct {
// contains filtered or unexported fields
}
Proxy serves as an authentication and authorization proxy of an Axone storage service. It is responsible for authenticating and authorizing identities before operations as read and store resources. The specific logic of reading and storing resources is delegated to the readFn and storeFn functions.
func NewProxy ¶
func NewProxy( ctx context.Context, key keys.Keyring, baseURL string, dvClient dataverse.QueryClient, documentLoader ld.DocumentLoader, readFn func(context.Context, string) (io.Reader, error), storeFn func(context.Context, string, io.Reader) error, ) (*Proxy, error)
NewProxy creates a new Proxy instance, using the provided service DID to retrieve its governance (i.e. law-stone smart contract address) on the dataverse.
func (*Proxy) Authenticate ¶
Authenticate performs the authentication of an identity from a verifiable credential returning its resolved auth.Identity.
func (*Proxy) HTTPConfigurator ¶
HTTPConfigurator returns the needed axonehttp.Option to configure an axonehttp.Server to expose its service over HTTP. To convey the authentication information among requests it uses JWT tokens forged and signed using the provided elements.
Here are the routes that it configures:
- POST /authenticate: to authenticate an identity and return a JWT token
- GET /{path}: to read a resource given its path
- POST /{path}: to store a resource given its path
func (*Proxy) HTTPReadHandler ¶
func (p *Proxy) HTTPReadHandler() auth.AuthenticatedHandler
HTTPReadHandler returns an auth.AuthenticatedHandler that reads a resource identified by its path.
func (*Proxy) HTTPStoreHandler ¶
func (p *Proxy) HTTPStoreHandler() auth.AuthenticatedHandler
HTTPStoreHandler returns an auth.AuthenticatedHandler that stores a resource identified by its path.
func (*Proxy) Read ¶
Read reads a resource identified by its resourceID, returning its stream if the identity is authorized to do so.
The identity is authorized to read a resource if both the proxied service's governance and the requested resource's governance allows it. To check the proxied service's governance it uses the set of resolved permissions at authentication. To check the requested resource's governance it retrieves it from the dataverse before querying it.
func (*Proxy) Store ¶
func (p *Proxy) Store(ctx context.Context, id *auth.Identity, resourceID string, src io.Reader) (io.Reader, error)
Store stores a resource identified by its resourceID, returning its publication credential. This publication credential is a verifiable credential that attests the publication of the resource by the proxied service, it is expected to be submitted to the dataverse in order to reference the resource.
The identity is authorized to read a resource if the proxied service's governance allows it, it uses the set of resolved permissions at authentication to do so.
Source Files