openfga

package
v0.4.5 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 8, 2026 License: MIT Imports: 5 Imported by: 0

Documentation

Overview

Package openfga provides an OpenFGA-based Authorizer implementation for pkg/authz. Use NewAuthorizer to create an instance and pass it to authz.Server().

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func NewAuthorizer 

func NewAuthorizer(fgaClient *pkgfga.Client, opts ...Option) authz.Authorizer

NewAuthorizer creates an OpenFGA-backed Authorizer. The fgaClient must not be nil; pass WithRedisCache to enable result caching.

Types

type Authorizer 

type Authorizer struct {
	// contains filtered or unexported fields
}

Authorizer is an OpenFGA-based authorization engine. It optionally caches results in Redis via the WithRedisCache option.

func (*Authorizer) BatchCheck added in v0.4.0 

func (a *Authorizer) BatchCheck(ctx context.Context, reqs []authz.CheckRequest) ([]authz.CheckResult, error)

BatchCheck delegates to *openfga.Client.BatchCheck. Cache is intentionally NOT consulted for batch checks — N Redis lookups would negate the batching win. Callers needing cached batch behavior should issue N Check calls instead.

func (*Authorizer) Check added in v0.4.0 

func (a *Authorizer) Check(ctx context.Context, subject, relation, objectType, objectID string) (bool, error)

Check uses CachedCheck (which falls back to plain Check when redis is nil). Cache-hit signals stay inside this package — they are not surfaced into the ctx-bound *auditpb.AuthzDetail (audit semantics treat allow/deny/error uniformly regardless of cache state).

func (*Authorizer) ListAllowed added in v0.4.0 

func (a *Authorizer) ListAllowed(ctx context.Context, subject, relation, objectType string) ([]string, error)

ListAllowed delegates to *openfga.Client.CachedListObjects (cache opt-in).

type Option 

type Option func(*authorizerConfig)

Option configures the OpenFGA Authorizer.

func WithRedisCache 

func WithRedisCache(rdb *redis.Client, ttl time.Duration) Option

WithRedisCache enables Redis caching of authorization check results. Results are stored for the given TTL. Pass nil redis client to disable caching.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.