warden

package
v0.7.3 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 22, 2017 License: Apache-2.0 Imports: 19 Imported by: 0

Documentation

Overview

Package warden decides if access requests should be allowed or denied. In a scientific taxonomy, the warden is classified as a Policy Decision Point. THe warden's primary goal is to implement `github.com/ory-am/hydra/firewall.Firewall`. To read up on the warden, go to:

- https://ory-am.gitbooks.io/hydra/content/policy.html

- http://docs.hdyra.apiary.io/#reference/warden:-access-control-for-resource-providers

Contains source files:

- handler.go: A HTTP handler capable of validating access tokens.

- warden_http.go: A Go API using HTTP to validate access tokens.

- warden_local.go: A Go API using storage managers to validate access tokens.

- warden_test.go: Functional tests all of the above.

Index

Constants

View Source
const (
	// TokenAllowedHandlerPath points to the token access request validation endpoint.
	TokenAllowedHandlerPath = "/warden/token/allowed"

	// AllowedHandlerPath points to the access request validation endpoint.
	AllowedHandlerPath = "/warden/allowed"
)

Variables

This section is empty.

Functions

func TokenFromRequest

func TokenFromRequest(r *http.Request) string

Types

type HTTPWarden

type HTTPWarden struct {
	Client   *http.Client
	Dry      bool
	Endpoint *url.URL
}

func (*HTTPWarden) IsAllowed

func (w *HTTPWarden) IsAllowed(ctx context.Context, a *firewall.AccessRequest) error

IsAllowed checks if an arbitrary subject is allowed to perform an action on a resource.

The HTTP API is documented at http://docs.hdyra.apiary.io/#reference/warden:-access-control-for-resource-providers/check-if-a-subject-is-allowed-to-do-something

func (*HTTPWarden) SetClient

func (w *HTTPWarden) SetClient(c *clientcredentials.Config)

func (*HTTPWarden) TokenAllowed

func (w *HTTPWarden) TokenAllowed(ctx context.Context, token string, a *firewall.TokenAccessRequest, scopes ...string) (*firewall.Context, error)

TokenAllowed checks if a token is valid and if the token owner is allowed to perform an action on a resource. This endpoint requires a token, a scope, a resource name, an action name and a context.

The HTTP API is documented at http://docs.hdyra.apiary.io/#reference/warden:-access-control-for-resource-providers/check-if-an-access-tokens-subject-is-allowed-to-do-something

func (*HTTPWarden) TokenFromRequest

func (w *HTTPWarden) TokenFromRequest(r *http.Request) string

type LocalWarden

type LocalWarden struct {
	Warden ladon.Warden
	OAuth2 fosite.OAuth2Provider
	Groups group.Manager

	AccessTokenLifespan time.Duration
	Issuer              string
}

func (*LocalWarden) IsAllowed

func (w *LocalWarden) IsAllowed(ctx context.Context, a *firewall.AccessRequest) error

func (*LocalWarden) TokenAllowed

func (w *LocalWarden) TokenAllowed(ctx context.Context, token string, a *firewall.TokenAccessRequest, scopes ...string) (*firewall.Context, error)

func (*LocalWarden) TokenFromRequest

func (w *LocalWarden) TokenFromRequest(r *http.Request) string

type WardenHandler

type WardenHandler struct {
	H      herodot.Herodot
	Warden firewall.Firewall
}

WardenHandler is capable of handling HTTP request and validating access tokens and access requests.

func NewHandler

func NewHandler(c *config.Config, router *httprouter.Router) *WardenHandler

func (*WardenHandler) Allowed

func (*WardenHandler) SetRoutes

func (h *WardenHandler) SetRoutes(r *httprouter.Router)

func (*WardenHandler) TokenAllowed

func (h *WardenHandler) TokenAllowed(w http.ResponseWriter, r *http.Request, _ httprouter.Params)

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL