goauthz

package module
v0.2.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 17, 2023 License: MIT Imports: 3 Imported by: 10

README

go-authz
Go Reference

go-authz is an authorization library based on policies and rule functions. The goal is to have declarative policies in go alongside one simple API for granting and denying access.

Installation

 $ go get github.com/Subomi/go-authz

Usage

package main

// Policy Definition
type ProjectPolicy {
    *authz.BasePolicy
}

func (pp *ProjectPolicy) GetAll(ctx context.Context) error {
    // logic for granting access.
    return nil
}

func (pp *ProjectPolicy) Delete(ctx context.Context, p Project) error {
    return nil
}

func (pp *ProjectPolicy) GetName() string {
    return "project"
}

func ApproveGuestAccess(ctx context.Context, resource interface{}) error {
    return nil
}

func main() {
    a := authz.NewAuthz(&AuthzOpts{})

    // Register a rule on the default policy.
    err := authz.RegisterRule("validate-guess-access", authz.RuleFunc(ApproveGuestAccess))


    // Register a policy.
    err := authz.RegisterPolicy(func() authz.Policy {
        po := &ProjectPolicy{
            BasePolicy: NewBasePolicy(),
        }

        po.SetRule("getall", authz.RuleFunc(po.GetAll))
        po.SetRule("delete", authz.RuleFunc(po.Delete))

        return po
    }

    if err != nil {
       return err 
    }

    // Set authCtx in context ideally immediately after authentication.
    ctx := a.SetAuthCtx(r.Context(), authUser)

    // Grant or Deny Permission
    err := a.Authorize(ctx, "project.create", resource)
    if err != nil {
	    // access denied
	    return err
    }
}

Documentation

Index

Constants

View Source 
const DefaultSeperator = "."

Variables

View Source 
var (
	// ErrRuleNotFound is the error we return when we can't find a method on a policy.
	ErrRuleNotFound = errors.New("rule not found on policy")

	ErrPolicyAlreadyRegistered = errors.New("Policy already in policy store")

	ErrInvalidRuleName = errors.New("Rule name provided was invalid")
)

Functions

This section is empty.

Types

type AuthCtxType added in v0.2.0 

type AuthCtxType string
const AuthCtxKey AuthCtxType = "GoAuthzCtx"

type Authz 

type Authz struct {
	// contains filtered or unexported fields
}

Authz exposes a single API for authorization

func NewAuthz 

func NewAuthz(opts *AuthzOpts) (*Authz, error)

func (*Authz) Authorize 

func (a *Authz) Authorize(ctx context.Context, ruleName string, res interface{}) error

func (*Authz) RegisterPolicy 

func (a *Authz) RegisterPolicy(po Policy) error

func (*Authz) RegisterRule 

func (a *Authz) RegisterRule(name string, rule Rule) error

func (*Authz) SetAuthCtx 

func (a *Authz) SetAuthCtx(ctx context.Context, authCtx interface{}) context.Context

type AuthzOpts 

type AuthzOpts struct {
	AuthCtxKey AuthCtxType
	Seperator  string
}

type BasePolicy 

type BasePolicy struct {
	// contains filtered or unexported fields
}

func NewBasePolicy 

func NewBasePolicy() *BasePolicy

func (*BasePolicy) GetRule 

func (bP *BasePolicy) GetRule(name string) (Rule, error)

func (*BasePolicy) GetRules 

func (bP *BasePolicy) GetRules() RuleStore

func (*BasePolicy) SetRule 

func (bP *BasePolicy) SetRule(name string, rule Rule)

type DefaultPolicy 

type DefaultPolicy struct {
	*BasePolicy
}

func (*DefaultPolicy) GetName 

func (df *DefaultPolicy) GetName() string

type Policy 

type Policy interface {
	GetName() string
	GetRule(name string) (Rule, error)
	GetRules() RuleStore
	SetRule(name string, rule Rule)
}

type Rule 

type Rule interface {
	Authorize(ctx context.Context, resource interface{}) error
}

type RuleFunc 

type RuleFunc func(ctx context.Context, resource interface{}) error

Adapter type to turn a func to a Rule type rule := RuleFunc(fn)

func (RuleFunc) Authorize 

func (f RuleFunc) Authorize(ctx context.Context, resource interface{}) error

type RuleStore 

type RuleStore map[string]Rule

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.