Documentation
¶
Overview ¶
Package rbac extract common functions to help component to implement a auth system
Index ¶
- Constants
- Variables
- func Add2WhiteAPIList(path ...string)
- func FromContext(ctx context.Context) (map[string]interface{}, error)
- func GetResource(apiPattern string) string
- func GetRolesList(m map[string]interface{}) ([]string, error)
- func MapResource(api, resource string)
- func MustAuth(pattern string) bool
- func MustRegisterErr(code int32, message string)
- func MustRegisterErrs(errs map[int32]string)
- func NewContext(ctx context.Context, claims map[string]interface{}) context.Context
- func NewError(code int32, detail string) *errsvc.Error
- func PartialMapResource(api, resource string)
- func RolesFromContext(ctx context.Context) ([]string, error)
- func WritePerms(r *Role) error
- func WriteRoles(roles []*Role)
- type Account
- type AccountResponse
- type AuthUser
- type BatchCreateAccountItemResponse
- type BatchCreateAccountsRequest
- type BatchCreateAccountsResponse
- type FindPerms
- type Permission
- type PersistPerms
- type Resource
- type Role
- type RoleResponse
- type SelfPermissionResponse
- type Token
Constants ¶
const ( ErrAccountNotExist int32 = 400200 ErrRoleNotExist int32 = 400201 ErrAccountHasInvalidRole int32 = 400202 ErrAccountNoQuota int32 = 400203 ErrRoleNoQuota int32 = 400204 ErrRoleIsBound int32 = 400205 ErrNewPwdBad int32 = 400206 // when change password ErrUserOrPwdWrong int32 = 401202 ErrNoAuthHeader int32 = 401204 ErrTokenExpired int32 = 401205 ErrTokenOwnedAccountDeleted int32 = 401206 ErrOldPwdWrong int32 = 401207 // when change password ErrAccountBlocked int32 = 403201 ErrForbidOperateBuildInAccount int32 = 403202 ErrForbidOperateBuildInRole int32 = 403203 ErrForbidOperateSelfAccount int32 = 403204 ErrNoPermission int32 = 403205 ErrAccountConflict int32 = 409200 ErrRoleConflict int32 = 409201 )
error code range: ***200 - ***249
const ( ClaimsUser = "account" //Deprecated ClaimsRole = "role" ClaimsRoles = "roles" RoleAdmin = "admin" RoleDeveloper = "developer" )
const (
DefaultTTL = 1 * time.Hour
)
Variables ¶
var ( ErrInvalidHeader = errors.New("invalid auth header") ErrSameAsName = errors.New("account name and password MUST NOT be same") ErrSameAsReversedName = errors.New("password MUST NOT be the revered account name") ErrNoHeader = errors.New("should provide Authorization header") ErrInvalidCtx = errors.New("invalid context") ErrConvert = errors.New("type convert error") )
var ErrEmptyPerms = errors.New("perms is empty")
var ErrInvalidPerms = errors.New("perms is invalid")
var PartialMap = map[string]string{}
PartialMap saves api partial matching
Functions ¶
func Add2WhiteAPIList ¶ added in v0.2.0
func Add2WhiteAPIList(path ...string)
func FromContext ¶ added in v0.2.0
FromContext returns the account claims stored in ctx.
func GetResource ¶ added in v0.2.0
GetResource try to find resource by API path, it has preheat mechanism after program start up an API pattern is like /resource/:id/, /resource/{id}/, MUST NOT pass exact resource id to this API like /resource/100, otherwise you are facing massive memory footprint
func GetRolesList ¶ added in v0.2.0
func MapResource ¶ added in v0.2.0
func MapResource(api, resource string)
MapResource saves the mapping from api to resource, it must be exactly match
func MustRegisterErr ¶ added in v0.5.0
func MustRegisterErrs ¶ added in v0.5.0
func NewContext ¶ added in v0.2.0
NewContext returns a new Context that carries value claims. claims include roles and account name
func PartialMapResource ¶ added in v0.3.0
func PartialMapResource(api, resource string)
PartialMapResource saves the mapping from api to resource, it is partial match
func RolesFromContext ¶ added in v0.4.0
RoleFromContext only return role name
func WriteRoles ¶ added in v0.4.0
func WriteRoles(roles []*Role)
Types ¶
type Account ¶
type Account struct { ID string `json:"id,omitempty"` Name string `json:"name,omitempty"` Password string `json:"password,omitempty"` //Deprecated Role string `json:"role,omitempty"` Roles []string `json:"roles,omitempty"` TokenExpirationTime string `json:"tokenExpirationTime,omitempty" bson:"token_expiration_time"` CurrentPassword string `json:"currentPassword,omitempty" bson:"current_password"` Status string `json:"status,omitempty"` CreateTime string `json:"createTime,omitempty"` UpdateTime string `json:"updateTime,omitempty"` }
func AccountFromContext ¶ added in v0.2.0
func GetAccount ¶ added in v0.5.0
type AccountResponse ¶
type BatchCreateAccountItemResponse ¶ added in v0.9.0
BatchCreateAccountItemResponse the item result of batch create accounts
type BatchCreateAccountsRequest ¶ added in v0.9.0
type BatchCreateAccountsRequest struct {
Accounts []*Account `json:"accounts"`
}
BatchCreateAccountsRequest the request definition of batch create accounts
type BatchCreateAccountsResponse ¶ added in v0.9.0
type BatchCreateAccountsResponse struct {
Accounts []*BatchCreateAccountItemResponse `json:"accounts"`
}
BatchCreateAccountsResponse the response definition of batch create accounts
type Permission ¶
type Permission struct { Resources []*Resource `json:"resources,omitempty"` Verbs []string `json:"verbs,omitempty"` }
func ReadPerms ¶ added in v0.4.0
func ReadPerms(roleName string) ([]*Permission, error)
ReadPerms only return data in cache
type PersistPerms ¶ added in v0.4.0
type Resource ¶ added in v0.4.0
type Resource struct { Type string `json:"type,omitempty"` Labels map[string]string `json:"labels,omitempty"` }
func BuildResourceList ¶ added in v0.5.0
BuildResourceList join the resource to an array
type Role ¶
type Role struct { ID string `json:"id,omitempty"` Name string `json:"name,omitempty"` Perms []*Permission `json:"perms,omitempty"` CreateTime string `json:"createTime,omitempty"` UpdateTime string `json:"updateTime,omitempty"` }
type RoleResponse ¶
type SelfPermissionResponse ¶ added in v0.6.0
type SelfPermissionResponse struct {
Perms []*Permission `json:"perms,omitempty"`
}