authority

package

v0.0.0-...-8d08159 Latest Latest Go to latest Published: Feb 11, 2020 License: MIT, MIT Imports: 8 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/rundaz/security

Links

Open Source Insights

README ¶

Authority

Authority is an authorization package for Golang.

When building web applications, we usually have requirements like verify current user has access to something or not, Authority could help you by providing HTTP middleware and helper method.

It is based on Roles, means to define an ability, you need to register a role with Roles, refer Roles for how to do that.

Usage

Initialize Authority

Authority could use with Auth to get current user, handle sessions, you could use it, or implement your own AuthInterface

import (
  "github.com/rundaz/security/auth"
  "github.com/rundaz/security/auth/authority"
  "github.com/rundaz/security/roles"
)

func main() {
  Auth := auth.New(&auth.Config{})

  Authority := authority.New(&authority.Config{
    Auth: Auth,
    Role: roles.Global, // default configuration
    AccessDeniedHandler: func(w http.ResponseWriter, req *http.Request) { // redirect to home page by default
      http.Redirect(w, req, "/", http.StatusSeeOther)
    },
  })
}

Defining Abilities

Refer Roles for how to use roles to register roles, here is a sample:

roles.Register("admin", func(req *http.Request, currentUser interface{}) bool {
  return req.RemoteAddr == "127.0.0.1" || (currentUser.(*User) != nil && currentUser.(*User).Role == "admin")
})

You might have some requirements like time based authorization, for example:

I get distracted, come back to the site in 2 hours, then no access to my account details page, but still be able to visit shopping cart
When place an order, I have to been authorized less than 60 minutes

Authority provides some Rules to make you define them easily, used like:

Authority.Register("access_account_pages", authority.Rule{
  TimeoutSinceLastActive: 2 * time.Hour,
})

Authority.Register("place_an_order", authority.Rule{
  TimeoutSinceLastAuth: time.Hour,
})

Authorization Middleware

func main() {
  mux := http.NewServeMux()

  // Require current user has `access_account_pages` ability to acccess `AccountProfileHandler`
  mux.Handle("/account/profile", Authority.Authorize("access_account_pages")(AccountProfileHandler))

  // Any logged user could acccess `AccountProfileHandler` if no roles specfied
  mux.Handle("/account/profile", Authority.Authorize()(AccountProfileHandler))

  http.ListenAndServe(":9000", mux)
}

func AccountProfileHandler(w http.ResponseWriter, req *http.Request) {
  // ...
}

Authorization Helper Method

func updateCreditCard(w http.ResponseWriter, req *http.Request) {
  if Authority.Allow("place_an_order", req) {
    // do something
  } else {
    // do something
  }
}

Documentation ¶

Index ¶

Variables
func NewAccessDeniedHandler(Auth AuthInterface, redirectPath string) func(http.ResponseWriter, *http.Request)
type AuthInterface
type Authority
- func New(config *Config) *Authority
type Config
type Rule

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	// AccessDeniedFlashMessage access denied message
	AccessDeniedFlashMessage = template.HTML("Access Denied!")
)

View Source

var ClaimsContextKey utils.ContextKey = "authority_claims"

ClaimsContextKey authority claims key

Functions ¶

func NewAccessDeniedHandler ¶

func NewAccessDeniedHandler(Auth AuthInterface, redirectPath string) func(http.ResponseWriter, *http.Request)

NewAccessDeniedHandler new access denied handler

Types ¶

type AuthInterface ¶

type AuthInterface interface {
	auth.SessionStorerInterface
	GetCurrentUser(req *http.Request) interface{}
}

AuthInterface auth interface

type Authority ¶

type Authority struct {
	*Config
}

Authority authority struct

func New ¶

func New(config *Config) *Authority

New initialize Authority

func (*Authority) Allow ¶

func (authority *Authority) Allow(role string, req *http.Request) bool

Allow Check allow role or not

func (*Authority) Authorize ¶

func (authority *Authority) Authorize(roles ...string) func(http.Handler) http.Handler

Authorize authorize specfied roles or authenticated user to access wrapped handler

func (Authority) Handler ¶

func (authority Authority) Handler(rule Rule) roles.Checker

Handler generate roles checker

func (*Authority) Middleware ¶

func (authority *Authority) Middleware(handler http.Handler) http.Handler

Middleware authority middleware used to record activity time

func (*Authority) Register ¶

func (authority *Authority) Register(name string, rule Rule)

Register register authority rule into Role

type Config ¶

type Config struct {
	Auth                AuthInterface
	Role                *roles.Role
	AccessDeniedHandler func(w http.ResponseWriter, req *http.Request)
}

Config authority config

type Rule ¶

type Rule struct {
	TimeoutSinceLastLogin            time.Duration
	LongestDistractionSinceLastLogin time.Duration
}

Rule authority rule's definition

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL