authorization

package
v3.3.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 11, 2024 License: Apache-2.0 Imports: 5 Imported by: 14

Documentation

Index

Constants

View Source 
const (
	HeaderName = "authorization"
)

Variables

View Source 
var (
	ErrEmptyAuthorizationHeader = errors.New("authorization header is empty")
	ErrMissingRole              = errors.New("missing required role")
)

Functions

func Context 

func Context[T Ctx](ctx context.Context) (t T)

Context returns a typed implementation the authorization context Ctx. It can be used to get information about the (authorized) user / caller.

func IsAuthorized 

func IsAuthorized(ctx context.Context) bool

IsAuthorized returns if the caller is authorized

func IsGrantedRole 

func IsGrantedRole(ctx context.Context, role string) bool

IsGrantedRole returns if the authorized user is granted the requested role. In case of an unauthorized caller, the returned value is false.

func IsGrantedRoleInOrganization 

func IsGrantedRoleInOrganization(ctx context.Context, role, organisationID string) bool

IsGrantedRoleInOrganization returns if the authorized user is granted the requested role in the specified organisation. In case of an unauthorized caller, the returned value is false.

func UserID 

func UserID(ctx context.Context) string

UserID returns if the ID of the authorized user. In case of an unauthorized caller, the id is empty.

func WithAuthContext 

func WithAuthContext[T Ctx](ctx context.Context, c T) context.Context

WithAuthContext allows to set the authorization context (Ctx), which can later be retrieved by calling the Context function.

Types

type Authorizer 

type Authorizer[T Ctx] struct {
	// contains filtered or unexported fields
}

Authorizer provides the functionality to check for authorization such as token verification including role checks.

func New 

func New[T Ctx](ctx context.Context, zitadel *zitadel.Zitadel, initVerifier VerifierInitializer[T], options ...Option[T]) (*Authorizer[T], error)

func (*Authorizer[T]) CheckAuthorization 

func (a *Authorizer[T]) CheckAuthorization(ctx context.Context, token string, options ...CheckOption) (authCtx T, err error)

CheckAuthorization will verify the token using the configured Verifier and provided Check

type Check 

type Check[T Ctx] struct {
	Checks []func(authCtx T) error
}

Check will be executed during the authorization check and provide a mechanism to require additional permission such as a role. There will be options, e.g. caching and more in the near future.

type CheckOption 

type CheckOption func(*Check[Ctx])

CheckOption allows customization of the Check like additional permission requirements (e.g. roles)

func WithRole 

func WithRole(role string) CheckOption

WithRole requires the authorized user to be granted the provided role. If the role is not granted to the user, an ErrMissingRole is returned.

type Ctx 

type Ctx interface {
	IsAuthorized() bool
	UserID() string
	IsGrantedRole(role string) bool
	IsGrantedRoleInOrganization(role, organizationID string) bool
	SetToken(token string)
	GetToken() string
}

Ctx represents the authorization context with information about the authorized user.

type Option 

type Option[T Ctx] func(authorizer *Authorizer[T])

Option allows customization of the Authorizer such as caching, logging and more.

func WithLogger 

func WithLogger[T Ctx](logger *slog.Logger) Option[T]

WithLogger allows a logger other than slog.Default().

EXPERIMENTAL: Will change to log/slog import after we drop support for Go 1.20

type PermissionDeniedErr 

type PermissionDeniedErr struct {
	// contains filtered or unexported fields
}

PermissionDeniedErr is used to provide the information to the caller, that the provided authorization was valid but not sufficient (missing role).

func NewErrorPermissionDenied 

func NewErrorPermissionDenied(err error) *PermissionDeniedErr

func (*PermissionDeniedErr) Error 

func (e *PermissionDeniedErr) Error() string

func (*PermissionDeniedErr) Is 

func (e *PermissionDeniedErr) Is(target error) bool

func (*PermissionDeniedErr) Unwrap 

func (e *PermissionDeniedErr) Unwrap() error

type UnauthorizedErr 

type UnauthorizedErr struct {
	// contains filtered or unexported fields
}

UnauthorizedErr is used to provide the information to the caller, that the provided authorization is invalid (missing, wrong format, expired, ...).

func NewErrorUnauthorized 

func NewErrorUnauthorized(err error) *UnauthorizedErr

func (*UnauthorizedErr) Error 

func (e *UnauthorizedErr) Error() string

func (*UnauthorizedErr) Is 

func (e *UnauthorizedErr) Is(target error) bool

func (*UnauthorizedErr) Unwrap 

func (e *UnauthorizedErr) Unwrap() error

type Verifier 

type Verifier[T Ctx] interface {
	CheckAuthorization(ctx context.Context, authorizationToken string) (T, error)
}

Verifier defines the possible verification checks such as validation of the authorizationToken.

type VerifierInitializer 

type VerifierInitializer[T Ctx] func(ctx context.Context, zitadel *zitadel.Zitadel) (Verifier[T], error)

VerifierInitializer abstracts the initialization of a Verifier by providing the ZITADEL domain, port and if tls is set

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.