Documentation
¶
Index ¶
- func Authorize(lookup auth.Lookup, authorize func(Authorizer, *http.Request)) func(http.Handler) http.Handler
- func AuthorizeField(field string) func(http.Handler) http.Handler
- func AuthorizedActors(ctx context.Context) []uuid.UUID
- func Permission(perms auth.PermissionFetcher, action string, ...) func(http.Handler) http.Handler
- func PermissionField(perms auth.PermissionFetcher, action, aggregateName, field string) func(http.Handler) http.Handler
- type Authorizer
- type Factory
- func (f Factory) Authorize(authorize func(Authorizer, *http.Request)) func(http.Handler) http.Handler
- func (f Factory) AuthorizeField(field string) func(http.Handler) http.Handler
- func (f Factory) Permission(action string, extractRef func(*http.Request) aggregate.Ref) func(http.Handler) http.Handler
- func (f Factory) PermissionField(action, aggregateName, field string) func(http.Handler) http.Handler
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func Authorize ¶
func Authorize(lookup auth.Lookup, authorize func(Authorizer, *http.Request)) func(http.Handler) http.Handler
Authorize returns a middleware that authorizes actors of a request. When a request is made and the middleware is called, the middleware calls the provided authorize function to authorize the actors of the request. The authorize function gets passed an Authorizer which allows authorization of multiple actors. Adding AuthorizeXXX() middleware to a handler does not automatically protect the routes from unauthorized access. PermissionXXX() middleware must be added to actually protect the routes. AuthorizeXXX() middleware must be called before PermissionXXX middleware is called. Otherwise the PermissionXXX middleware will always return 403 Forbidden.
func AuthorizeField ¶
AuthorizeField returns a middleware that authorizes actors of a request. AuthorizeField differs from Authorize in that it extracts the aggregate id of the authorized actor from the request body. The request body is parsed as JSON and the JSON-field with the given name is then parsed as using uuid.Parse.
func AuthorizedActors ¶
AuthorizedActors returns the ids of the currently authorized actors.
func Permission ¶
func Permission(perms auth.PermissionFetcher, action string, extractRef func(*http.Request) aggregate.Ref) func(http.Handler) http.Handler
Permission returns a middleware that protects routes from unauthorized access. When called, the middleware extracts the aggregate that the user wants to act on from the request body by calling the provided extractRef function. The middleware then checks if any of the authorized actors has the permission to perform the given action on the given aggregate. Only if an authorized actor is allowed to perform the action, the next handler is called. Otherwise the middleware returns 403 Forbidden.
func PermissionField ¶
func PermissionField(perms auth.PermissionFetcher, action, aggregateName, field string) func(http.Handler) http.Handler
PermissionField returns a middleware that protects routes from unauthorized access. PermissionField differs from Permission in that it requires the aggregate name to be passed as an argument and that it extracts the aggregate id from the request body.
Types ¶
type Authorizer ¶
type Authorizer interface {
// Lookup returns the aggregate id of the actor with the given actor id.
Lookup(sid string) (uuid.UUID, bool)
// Authorize adds the given actor to the authorized actors of the current request.
Authorize(actorID uuid.UUID)
}
Authorizer is provided by the Authorize() middleware and is used to authorize actors for the current request.
type Factory ¶
type Factory struct {
// contains filtered or unexported fields
}
Factory is the middleware factory. It is not required to be used but it allows to create middleware without having to pass the PermissionRepository and Lookup.
func NewFactory ¶
func NewFactory(perms auth.PermissionFetcher, lookup auth.Lookup) Factory
NewFactory returns a new middleware factory.
func (Factory) Authorize ¶
func (f Factory) Authorize(authorize func(Authorizer, *http.Request)) func(http.Handler) http.Handler
Authorize returns the Authorize middleware.
func (Factory) AuthorizeField ¶
AuthorizeField returns the AuthorizeField middleware.
Source Files