authorizer

package
v0.11.7 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Mar 28, 2024 License: Apache-2.0 Imports: 17 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source
var (
	ErrMissingNamespace = elemental.NewError(
		"Forbidden",
		"Missing X-Namespace header",
		"a3s:authorizer",
		http.StatusForbidden,
	)

	ErrInvalidNamespace = elemental.NewError(
		"Forbidden",
		"Invalid X-Namespace header. A namespace must start with /",
		"a3s:authorizer",
		http.StatusForbidden,
	)

	ErrMissingToken = elemental.NewError(
		"Forbidden",
		"Missing token in either Authorization header or X-A3S-Token in cookies",
		"a3s:authorizer",
		http.StatusForbidden,
	)
)

Various Authorizer errors.

Functions

This section is empty.

Types

type Authorizer

type Authorizer interface {
	bahamut.Authorizer

	CheckAuthorization(
		ctx context.Context,
		claims []string,
		op string,
		ns string,
		resource string,
		opts ...OptionCheck,
	) (bool, error)
}

An Authorizer is a bahamut.Authorizer compliant structure that can be used to authorize a session or a request.

func New

func New(ctx context.Context, retriever permissions.Retriever, pubsub bahamut.PubSubClient, options ...Option) Authorizer

New creates a new Authorizer using the given permissions.Retriever and PubSubClient. The authorizer aggressively chache the authentication results and uses the pubsub to update the state of cache, by dropping parts of cache affected by a change in namespace or Authorization policies.

func NewRemote

NewRemote returns a ready to use bahamut.Authorizer that can be used over the API. This is meant to be use by external bahamut service. Updates of the namespace/authorization state comes from the websocket.

type MockOperationTransformer

type MockOperationTransformer interface {
	OperationTransformer
	MockTransform(t *testing.T, impl func(elemental.Operation) string)
}

A MockOperationTransformer allows to mock a transform.OperationTransformer for unit tests.

func NewMockOperationTransformer

func NewMockOperationTransformer() MockOperationTransformer

NewMockOperationTransformer returns a MockOperationTransformer.

type OperationTransformer

type OperationTransformer interface {
	Transform(operation elemental.Operation) string
}

A OperationTransformer is an interface that can transform the operation being evaluated.

type Option

type Option func(*config)

An Option can be used to configure various options in the Authorizer.

func OptionIgnoredResources

func OptionIgnoredResources(identities ...string) Option

OptionIgnoredResources sets the list of identities that should skip authorizations.

func OptionOperationTransformer

func OptionOperationTransformer(t OperationTransformer) Option

OptionOperationTransformer sets operation transformer to apply to each operation.

type OptionCheck

type OptionCheck func(*checkConfig)

An OptionCheck can be used to configure various options when calling CheckPermissions.

func OptionCheckID

func OptionCheckID(id string) OptionCheck

OptionCheckID sets source IP of the request.

func OptionCheckRestrictions

func OptionCheckRestrictions(r permissions.Restrictions) OptionCheck

OptionCheckRestrictions sets source restrictions to apply.

func OptionCheckSourceIP

func OptionCheckSourceIP(ip string) OptionCheck

OptionCheckSourceIP sets source IP of the request.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL