Documentation
¶
Index ¶
- Constants
- Variables
- func BasicAuthCredential(req *http.Request) (string, string, error)
- func BasicAuthCredentialFromAuthorization(auth string) (string, string, error)
- func BasicAuthCredentialFromAuthorizationData(auth string) (string, string, error)
- func MarshalPolicy(p Policy) (uuid.UUID, string, []byte, error)
- type Action
- type ActionSet
- type Authorization
- type Effect
- type Path
- type PathSet
- type PersistentPolicy
- type Policy
- type ResourcePolicy
Constants ¶
const ( Read = Action("read") Write = Action("write") Delete = Action("delete") Every = Action("*") )
const ( MatchOptionNone = 0 MatchOptionEncompass = 1 << 0 )
Matching options
Variables ¶
var ( ErrNoAuthorization = fmt.Errorf("No authorization") ErrMalformedRequest = fmt.Errorf("Authorization is malformed") ErrUnsupportedMethod = fmt.Errorf("Authorization method is not supported") )
var (
ErrMethodNotSupported = fmt.Errorf("Method not supported")
)
var ErrUnsupportedPolicyType = fmt.Errorf("Unsupported policy type")
Functions ¶
func BasicAuthCredential ¶
Obtain the basic auth credential for the specified request
func BasicAuthCredentialFromAuthorization ¶
Obtain the basic auth credential for the specified authorization header
func BasicAuthCredentialFromAuthorizationData ¶
Obtain the basic auth credential for the specified authorization header data
Types ¶
type Authorization ¶
type Authorization struct {
Id uuid.UUID `json:"id" db:"id,pk"`
Key string `json:"api_key" db:"key"`
Secret string `json:"api_secret" db:"secret"`
Description string `json:"description,omitempty" db:"description"`
Policies []Policy `json:"policies"`
Active bool `json:"active" db:"active"`
Created time.Time `json:"created_at" db:"created_at"`
}
type Effect ¶
type Effect int
func ParseEffect ¶
func (Effect) MarshalJSON ¶
func (*Effect) UnmarshalJSON ¶
type Path ¶
type Path string
A resource path
func (Path) MatchesString ¶
Determine if a string matches this Path
func (Path) MatchesStringWithOptions ¶
Determine if a string matches this Path
func (Path) MatchesWithOptions ¶
Determine if this name matches the provided name. A name matches another if all the components of both names are identical (ignoring case), or if all the concrete names in the right (parameter) name match those in the left (this) name accounting for wildcards, or if the left name is the name "*", which matches any other name.
If encompassing is permitted, a left name which ends in a wildcard component will match any number of subsequent components in the right name (e.g., "a.*" matches "a.b", "a.b.c", "a.b.c.d", and so fourth).
For example, the concrete name "a.b" matches: "a.b"
The name "a.*.c" matches: "a.b.c", "a.z.c", "a.*.c" ("*" is interpreted literally in the right name). However, the name "a.*.c" does not match: "*.b.c" or "a.c"
When encompassing, the name "a.b.*" matches "a.b.c", "a.b.c.d", and so fourth However it does not match: "a" or "a.b"
The name "*" matches any name, including an emtpy name or the name "*". An empty name matches nothing.
type PathSet ¶
type PathSet []Path
func (PathSet) MatchesString ¶
Return true if any Path in the set matches
func (PathSet) MatchesStringWithOptions ¶
Return true if any Path in the set matches
func (PathSet) MatchesWithOptions ¶
Return true if any Path in the set matches
type PersistentPolicy ¶
type PersistentPolicy struct {
Id uuid.UUID `json:"id" db:"id,pk"`
Type string `json:"type" db:"type"`
Data json.RawMessage `json:"data" db:"data"`
Created time.Time `json:"created_at" db:"created_at"`
}
An ACL policy persistent representation
type Policy ¶
type Policy interface {
Id() uuid.UUID
WithId(uuid.UUID) Policy
Eval(*http.Request) (Effect, error)
}
Implemented by ACL policies
func UnmarshalPolicy ¶
type ResourcePolicy ¶
type ResourcePolicy struct {
Actions ActionSet `json:"actions"`
Paths PathSet `json:"paths"`
Effect Effect `json:"effect"`
// contains filtered or unexported fields
}
func AllowResource ¶
func AllowResource(a Action, p Path) ResourcePolicy
func DenyResource ¶
func DenyResource(a Action, p Path) ResourcePolicy
func (ResourcePolicy) Id ¶
func (p ResourcePolicy) Id() uuid.UUID
func (ResourcePolicy) String ¶
func (p ResourcePolicy) String() string
Source Files
Directories