iamruntimemiddleware

package
v0.1.4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 13, 2024 License: Apache-2.0 Imports: 11 Imported by: 0

Documentation

Overview

Package iamruntimemiddleware builds an echo middleware which validates request authorization tokens.

Index

Examples

Constants

This section is empty.

Variables

This section is empty.

Functions

func CheckAccess 

func CheckAccess(c echo.Context, actions []*authorization.AccessRequestAction, opts ...grpc.CallOption) error

CheckAccess executes an access request on the runtime in the context with the provided actions. If any error is returned, the error is converted to an echo error with a proper status code.

Example 
middleware, _ := NewConfig().ToMiddleware()

engine := echo.New()

engine.Use(middleware)

engine.GET("/resources/:resource_id", func(c echo.Context) error {
	check := []*authorization.AccessRequestAction{
		{ResourceId: c.Param("resource_id"), Action: "resource_get"},
	}

	if err := CheckAccess(c, check); err != nil {
		return err
	}

	return c.String(http.StatusOK, "user has access to resource")
})

_ = http.ListenAndServe(":8080", engine)

Output:

func CheckAccessTo added in v0.1.2 

func CheckAccessTo(c echo.Context, resourceIDActionPairs ...string) error

CheckAccessTo builds a check access request and executes it on the runtime in the provided context. Arguments must be pairs of Resource ID and Role Actions.

Example 
middleware, _ := NewConfig().ToMiddleware()

engine := echo.New()

engine.Use(middleware)

engine.GET("/resources/:resource_id", func(c echo.Context) error {
	if err := CheckAccessTo(c, c.Param("resource_id"), "resource_get"); err != nil {
		return err
	}

	return c.String(http.StatusOK, "user has access to resource")
})

_ = http.ListenAndServe(":8080", engine)

Output:

func ContextCheckAccess added in v0.1.4 

func ContextCheckAccess(ctx context.Context, actions []*authorization.AccessRequestAction, opts ...grpc.CallOption) error

ContextCheckAccess same as CheckAccess except it works on a context.Context.

func ContextCheckAccessTo added in v0.1.4 

func ContextCheckAccessTo(ctx context.Context, resourceIDActionPairs ...string) error

ContextCheckAccessTo same as CheckAccessTo except it works on a context.Context.

func ContextCreateRelationships added in v0.1.4 

func ContextCreateRelationships(ctx context.Context, in *authorization.CreateRelationshipsRequest, opts ...grpc.CallOption) (*authorization.CreateRelationshipsResponse, error)

ContextCreateRelationships same as CreateRelationships except it works on a context.Context.

func ContextDeleteRelationships added in v0.1.4 

func ContextDeleteRelationships(ctx context.Context, in *authorization.DeleteRelationshipsRequest, opts ...grpc.CallOption) (*authorization.DeleteRelationshipsResponse, error)

ContextDeleteRelationships same as DeleteRelationships except it works on a context.Context.

func ContextSubject 

func ContextSubject(c echo.Context) string

ContextSubject retrieves the subject from the provided echo context. If the subject is not found in the provided context, an empty string is returned.

Use ContextSubject() from iamruntime if a stdlib context is being used.

func ContextToken 

func ContextToken(c echo.Context) *jwt.Token

ContextToken retrieves the decoded jwt token from the provided echo context. If the token is not found in the provided context, nil is returned.

Use ContextToken() from iamruntime if a stdlib context is being used.

func ContextValidateCredential added in v0.1.4 

func ContextValidateCredential(ctx context.Context, in *authentication.ValidateCredentialRequest, opts ...grpc.CallOption) error

ContextValidateCredential same as ValidateCredential except it works off a context.Context.

func CreateRelationships 

func CreateRelationships(c echo.Context, in *authorization.CreateRelationshipsRequest, opts ...grpc.CallOption) (*authorization.CreateRelationshipsResponse, error)

CreateRelationships executes a create relationship request on the runtime in the context. If any error is returned, the error is converted to an echo error with a proper status code.

Example 
middleware, _ := NewConfig().ToMiddleware()

engine := echo.New()

engine.Use(middleware)

engine.POST("/resources", func(c echo.Context) error {
	resource := CreateResourceFromRequest(c)

	relationRequest := &authorization.CreateRelationshipsRequest{
		ResourceId: resource.ID,
		Relationships: []*authorization.Relationship{
			{
				Relation:  "parent",
				SubjectId: resource.ParentResourceID,
			},
		},
	}

	if _, err := CreateRelationships(c, relationRequest); err != nil {
		return err
	}

	return c.String(http.StatusOK, "resource created with relationships")
})

_ = http.ListenAndServe(":8080", engine)

Output:

func DeleteRelationships 

func DeleteRelationships(c echo.Context, in *authorization.DeleteRelationshipsRequest, opts ...grpc.CallOption) (*authorization.DeleteRelationshipsResponse, error)

DeleteRelationships executes a delete relationship request on the runtime in the context. If any error is returned, the error is converted to an echo error with a proper status code.

Example 
middleware, _ := NewConfig().ToMiddleware()

engine := echo.New()

engine.Use(middleware)

engine.DELETE("/resources/:resource_id", func(c echo.Context) error {
	resource := GetResourceFromRequest(c)

	if err := DeleteResourceFromRequest(c); err != nil {
		return err
	}

	relationRequest := &authorization.DeleteRelationshipsRequest{
		ResourceId: resource.ID,
		Relationships: []*authorization.Relationship{
			{
				Relation:  "parent",
				SubjectId: resource.ParentResourceID,
			},
		},
	}

	if _, err := DeleteRelationships(c, relationRequest); err != nil {
		return err
	}

	return c.String(http.StatusOK, "resource created with relationships")
})

_ = http.ListenAndServe(":8080", engine)

Output:

func ValidateCredential 

func ValidateCredential(c echo.Context, in *authentication.ValidateCredentialRequest, opts ...grpc.CallOption) error

ValidateCredential executes an access request on the runtime in the context with the provided actions. If any error is returned, the error is converted to an echo error with a proper status code.

Example 
middleware, _ := NewConfig().ToMiddleware()

engine := echo.New()

engine.Use(middleware)

engine.GET("/user", func(c echo.Context) error {
	otherToken := c.QueryParam("check-token")

	if err := ValidateCredential(c, &authentication.ValidateCredentialRequest{Credential: otherToken}); err != nil {
		if errors.Is(err, iamruntime.ErrInvalidCredentials) {
			return fmt.Errorf("%w: other credentials are invalid", err)
		}

		return err
	}

	return c.String(http.StatusOK, "other token is valid")
})

_ = http.ListenAndServe(":8080", engine)

Output:

Types

type Config 

type Config struct {
	// Skipper defines a function to skip middleware.
	Skipper middleware.Skipper

	// Socket defines the iam runtime socket path.
	// Default is /tmp/runtime.sock
	// Not used if Runtime is defined.
	Socket string

	// Runtime specifies the middleware will use.
	// If no runtime is provided, a new runtime client is created using the Socket path.
	Runtime Runtime
	// contains filtered or unexported fields
}

Config defines configuration for the iam-runtime middleware. Build the echo middleware by calling Config.ToMiddleware()

func NewConfig 

func NewConfig() Config

NewConfig returns a new empty config.

func (Config) ToMiddleware 

func (c Config) ToMiddleware() (echo.MiddlewareFunc, error)

ToMiddleware builds a new echo middleware function from the defined config. If no runtime client is defined, a default one is initialized. The default runtime will use the configured Socket path to connect to the runtime server. If no Socket is provided, the default socket path is used (/tmp/runtime.sock)

Example 
middleware, _ := NewConfig().ToMiddleware()

engine := echo.New()

engine.Use(middleware)

engine.GET("/user", func(c echo.Context) error {
	return c.String(http.StatusOK, "welcome "+ContextSubject(c))
})

_ = http.ListenAndServe(":8080", engine)

Output:

func (Config) WithRuntime 

func (c Config) WithRuntime(value Runtime) Config

WithRuntime returns a new Config with the provided runtime set.

func (Config) WithSkipper 

func (c Config) WithSkipper(value middleware.Skipper) Config

WithSkipper returns a new Config with the provided skipper set.

func (Config) WithSocket 

func (c Config) WithSocket(value string) Config

WithSocket returns a new Config with the provided socket set.

type Runtime 

type Runtime interface {
	authentication.AuthenticationClient
	authorization.AuthorizationClient
}

Runtime defines the required methods for a supported runtime.

func ContextRuntime 

func ContextRuntime(c echo.Context) Runtime

ContextRuntime retrieves the iam runtime from the context. If the runtime is not found in the provided context, nil is returned.

Use ContextRuntime() or ContextRuntimeAny() from iamruntime if a stdlib context is being used.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.