allowed

package
v0.0.0-...-7544f7c Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 17, 2024 License: BSD-3-Clause Imports: 10 Imported by: 13

Documentation

Index

Constants

View Source
const (
	// GROUP_URL_TEMPLATE is the URL to retrieve the group membership from Chrome Infra Auth server.
	GROUP_URL_TEMPLATE = "https://chrome-infra-auth.appspot.com/auth/api/v1/groups/%s"

	// REFRESH_PERIOD How often to refresh the group membership.
	REFRESH_PERIOD = 15 * time.Minute
)
View Source
const AnyDomain = "*"

AnyDomain is the value to use if any domain is allowed.

Variables

This section is empty.

Functions

This section is empty.

Types

type Allow

type Allow interface {
	// Member returns true if the given email address has access.
	Member(email string) bool
	Emails() []string
}

Allow is used to enforce additional restrictions on who has access to a site, eg. members of a group.

func UnionOf

func UnionOf(allows ...Allow) Allow

UnionOf combines multiple Allows together in an "or" fashion.

type AllowedFromChromeInfraAuth

type AllowedFromChromeInfraAuth struct {
	// contains filtered or unexported fields
}

AllowedFromChromeInfraAuth implements Allow by reading the list of emails and domains from the Chrome Infra Auth API endpoint.

It implements Allow.

func NewAllowedFromChromeInfraAuth

func NewAllowedFromChromeInfraAuth(client *http.Client, group string) (*AllowedFromChromeInfraAuth, error)

NewAllowedFromChromeInfraAuth creates an AllowedFromChromeInfraAuth.

client - Must be authenticated and allowed to access GROUP_URL_TEMPLATE. group - The name of the group we want to restrict access to.

The presumption is that an AllowedFromChromeInfraAuth will be created at startup and if creation fails then the application will not start.

func (*AllowedFromChromeInfraAuth) Emails

func (a *AllowedFromChromeInfraAuth) Emails() []string

func (*AllowedFromChromeInfraAuth) Member

func (a *AllowedFromChromeInfraAuth) Member(email string) bool

type AllowedFromList

type AllowedFromList struct {
	// contains filtered or unexported fields
}

AllowedFromList controls access by checking an email address against a list of approved domain names and email addresses.

It implements Allow.

func Googlers

func Googlers() *AllowedFromList

Googlers creates a new AllowedFromList which restricts to only users logged in with an @google.com account.

func NewAllowedFromList

func NewAllowedFromList(emailsAndDomains []string) *AllowedFromList

NewAllowedFromList creates a new *AllowedFromList from the list of domain names and email addresses.

Example:

a := NewAllowedFromList([]string{"google.com", "chromium.org", "someone@example.org"})

func (*AllowedFromList) Emails

func (a *AllowedFromList) Emails() []string

func (*AllowedFromList) Member

func (a *AllowedFromList) Member(email string) bool

Member returns true if the given email address is AllowedFromList.

type Group

type Group struct {
	Members []string `json:"members"`
	Nested  []string `json:"nested"`
	Globs   []string `json:"globs"`
}

Group is used in Response.

type Response

type Response struct {
	Group Group `json:"group"`
}

Response represents the format returned from GROUP_URL_TEMPLATE.

type Union

type Union []Allow

Union is an Allow which includes members of multiple other Allows.

func (Union) Emails

func (allows Union) Emails() []string

Emails returns a slice of unique emails from the Union.

func (Union) Member

func (allows Union) Member(email string) bool

Member returns true if email is a member of any of the Allow in this union.

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL