authority

package
v0.0.0-...-8d08159 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Feb 11, 2020 License: MIT, MIT Imports: 8 Imported by: 0

README

Authority

Authority is an authorization package for Golang.

When building web applications, we usually have requirements like verify current user has access to something or not, Authority could help you by providing HTTP middleware and helper method.

It is based on Roles, means to define an ability, you need to register a role with Roles, refer Roles for how to do that.

Usage

Initialize Authority

Authority could use with Auth to get current user, handle sessions, you could use it, or implement your own AuthInterface

import (
  "github.com/rundaz/security/auth"
  "github.com/rundaz/security/auth/authority"
  "github.com/rundaz/security/roles"
)

func main() {
  Auth := auth.New(&auth.Config{})

  Authority := authority.New(&authority.Config{
    Auth: Auth,
    Role: roles.Global, // default configuration
    AccessDeniedHandler: func(w http.ResponseWriter, req *http.Request) { // redirect to home page by default
      http.Redirect(w, req, "/", http.StatusSeeOther)
    },
  })
}

Defining Abilities

Refer Roles for how to use roles to register roles, here is a sample:

roles.Register("admin", func(req *http.Request, currentUser interface{}) bool {
  return req.RemoteAddr == "127.0.0.1" || (currentUser.(*User) != nil && currentUser.(*User).Role == "admin")
})

You might have some requirements like time based authorization, for example:

  • I get distracted, come back to the site in 2 hours, then no access to my account details page, but still be able to visit shopping cart
  • When place an order, I have to been authorized less than 60 minutes

Authority provides some Rules to make you define them easily, used like:

Authority.Register("access_account_pages", authority.Rule{
  TimeoutSinceLastActive: 2 * time.Hour,
})

Authority.Register("place_an_order", authority.Rule{
  TimeoutSinceLastAuth: time.Hour,
})

Authorization Middleware

func main() {
  mux := http.NewServeMux()

  // Require current user has `access_account_pages` ability to acccess `AccountProfileHandler`
  mux.Handle("/account/profile", Authority.Authorize("access_account_pages")(AccountProfileHandler))

  // Any logged user could acccess `AccountProfileHandler` if no roles specfied
  mux.Handle("/account/profile", Authority.Authorize()(AccountProfileHandler))

  http.ListenAndServe(":9000", mux)
}

func AccountProfileHandler(w http.ResponseWriter, req *http.Request) {
  // ...
}

Authorization Helper Method

func updateCreditCard(w http.ResponseWriter, req *http.Request) {
  if Authority.Allow("place_an_order", req) {
    // do something
  } else {
    // do something
  }
}

Documentation

Index

Constants

This section is empty.

Variables

View Source
var (
	// AccessDeniedFlashMessage access denied message
	AccessDeniedFlashMessage = template.HTML("Access Denied!")
)
View Source
var ClaimsContextKey utils.ContextKey = "authority_claims"

ClaimsContextKey authority claims key

Functions

func NewAccessDeniedHandler

func NewAccessDeniedHandler(Auth AuthInterface, redirectPath string) func(http.ResponseWriter, *http.Request)

NewAccessDeniedHandler new access denied handler

Types

type AuthInterface

type AuthInterface interface {
	auth.SessionStorerInterface
	GetCurrentUser(req *http.Request) interface{}
}

AuthInterface auth interface

type Authority

type Authority struct {
	*Config
}

Authority authority struct

func New

func New(config *Config) *Authority

New initialize Authority

func (*Authority) Allow

func (authority *Authority) Allow(role string, req *http.Request) bool

Allow Check allow role or not

func (*Authority) Authorize

func (authority *Authority) Authorize(roles ...string) func(http.Handler) http.Handler

Authorize authorize specfied roles or authenticated user to access wrapped handler

func (Authority) Handler

func (authority Authority) Handler(rule Rule) roles.Checker

Handler generate roles checker

func (*Authority) Middleware

func (authority *Authority) Middleware(handler http.Handler) http.Handler

Middleware authority middleware used to record activity time

func (*Authority) Register

func (authority *Authority) Register(name string, rule Rule)

Register register authority rule into Role

type Config

type Config struct {
	Auth                AuthInterface
	Role                *roles.Role
	AccessDeniedHandler func(w http.ResponseWriter, req *http.Request)
}

Config authority config

type Rule

type Rule struct {
	TimeoutSinceLastLogin            time.Duration
	LongestDistractionSinceLastLogin time.Duration
}

Rule authority rule's definition

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL