access

package
v0.1.4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 24, 2026 License: MIT Imports: 6 Imported by: 0

Documentation

Overview

Package access provides a component-reusable access guard that combines principal lookup, authorization checks, and audit recording.

Business modules should depend on *access.Guard instead of directly wiring authz.Authorizer and audit.Recorder in every component. The guard is still provider-neutral: Casdoor/Casbin is only one possible implementation behind the authz/audit interfaces.

Index

Constants

View Source 
const (
	ResultSuccess = audit.ResultSuccess
	ResultFailed  = audit.ResultFailed
)

Variables

This section is empty.

Functions

This section is empty.

Types

type Check 

type Check struct {
	Resource string
	Action   string
	Domain   string
	Reason   string
	Extra    []any
}

Check describes one authorization decision.

type Event 

type Event struct {
	Name       string
	Action     string
	Resource   string
	Result     string
	Message    string
	RequestID  string
	TraceID    string
	ClientIP   string
	UserAgent  string
	Method     string
	URI        string
	Operation  string
	StatusCode int
	Component  string
	OrgID      string
	ProjectID  string
	StartedAt  time.Time
	FinishedAt time.Time
	Metadata   map[string]string
}

Event is the business-facing audit event shape. It intentionally mirrors audit.Event for common fields but keeps this package as the standard entry point for usecases.

type Guard 

type Guard struct {
	// contains filtered or unexported fields
}

Guard is the reusable access-control facade for all AI Sphere services.

func NewGuard 

func NewGuard(opts Options) *Guard

func (*Guard) Can 

func (g *Guard) Can(ctx context.Context, check Check) (bool, error)

func (*Guard) Principal 

func (g *Guard) Principal(ctx context.Context) (*principal.Principal, error)

func (*Guard) Record 

func (g *Guard) Record(ctx context.Context, ev Event) error

func (*Guard) Require 

func (g *Guard) Require(ctx context.Context, check Check) (*principal.Principal, error)

func (*Guard) RequireAndAudit 

func (g *Guard) RequireAndAudit(ctx context.Context, check Check, ev Event) (*principal.Principal, error)

RequireAndAudit performs an authorization check and records the result. It is useful for admin/debug operations and simple CRUD handlers where deny/success audit semantics are identical.

type Options 

type Options struct {
	Authz     authz.Authorizer
	Audit     audit.Recorder
	Logger    *slog.Logger
	Component string
}

Options wires access dependencies. Authz and Audit may be nil depending on feature flags; Require will fail closed when Authz is nil, while Record is a no-op when Audit is nil.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.