Documentation
¶
Index ¶
- Constants
- func AuthMiddleware(next http.Handler) http.Handler
- func Chain(middlewares ...func(http.Handler) http.Handler) func(http.Handler) http.Handler
- func CompleteExample(db *gorm.DB) (http.Handler, error)
- func ExampleAuthenticateFromHeader(r *http.Request) (userID int, roles string, err error)
- func ExampleAuthenticateFromJWT(r *http.Request) (userID int, roles string, err error)
- func ExampleAuthenticateFromSession(r *http.Request) (userID int, roles string, err error)
- func ExampleWithMux(db *gorm.DB) (*mux.Router, error)
- func GetUserID(ctx context.Context) (int, bool)
- func GetUserRoles(ctx context.Context) (string, bool)
- func RegisterSecurityHooks(handler *restheadspec.Handler, securityList *SecurityList)
- func SetSecurityMiddleware(next http.Handler) http.Handler
- func SetupCallbacksExample()
- func SetupSecurityProvider(handler *restheadspec.Handler, securityList *SecurityList) error
- type AuthenticateFunc
- type CONTEXT_KEY
- type ColumnSecurity
- type LoadColumnSecurityFunc
- type LoadRowSecurityFunc
- type RowSecurity
- type SecurityList
- func (m *SecurityList) ApplyColumnSecurity(records reflect.Value, modelType reflect.Type, pUserID int, ...) (reflect.Value, error)
- func (m *SecurityList) ClearSecurity(pUserID int, pSchema, pTablename string) error
- func (m *SecurityList) ColumSecurityApplyOnRecord(prevRecord reflect.Value, newRecord reflect.Value, modelType reflect.Type, ...) ([]string, error)
- func (m *SecurityList) GetRowSecurityTemplate(pUserID int, pSchema, pTablename string) (RowSecurity, error)
- func (m *SecurityList) LoadColumnSecurity(pUserID int, pSchema, pTablename string, pOverwrite bool) error
- func (m *SecurityList) LoadRowSecurity(pUserID int, pSchema, pTablename string, pOverwrite bool) (RowSecurity, error)
Constants ¶
const ( // Context keys for user information UserIDKey contextKey = "user_id" UserRolesKey contextKey = "user_roles" UserTokenKey contextKey = "user_token" )
Variables ¶
This section is empty.
Functions ¶
func AuthMiddleware ¶
AuthMiddleware extracts user authentication from request and adds to context This should be applied before the ResolveSpec handler Uses GlobalSecurity.AuthenticateCallback if set, otherwise returns error
func CompleteExample ¶
CompleteExample shows a full integration example with Gorilla Mux
func ExampleAuthenticateFromHeader ¶
ExampleAuthenticateFromHeader extracts user ID from X-User-ID header
func ExampleAuthenticateFromJWT ¶
ExampleAuthenticateFromJWT parses a JWT token and extracts user info You'll need to import a JWT library like github.com/golang-jwt/jwt/v5
func ExampleAuthenticateFromSession ¶
ExampleAuthenticateFromSession validates a session cookie
func ExampleWithMux ¶
ExampleWithMux shows a simpler integration with Mux
func GetUserRoles ¶
GetUserRoles extracts user roles from context
func RegisterSecurityHooks ¶
func RegisterSecurityHooks(handler *restheadspec.Handler, securityList *SecurityList)
RegisterSecurityHooks registers all security-related hooks with the handler
func SetSecurityMiddleware ¶
SetSecurityMiddleware adds security context to requests
func SetupCallbacksExample ¶
func SetupCallbacksExample()
SetupCallbacksExample shows how to configure all callbacks
func SetupSecurityProvider ¶
func SetupSecurityProvider(handler *restheadspec.Handler, securityList *SecurityList) error
SetupSecurityProvider initializes and configures the security provider This should be called when setting up your HTTP server
IMPORTANT: You MUST configure the callbacks before calling this function:
- GlobalSecurity.AuthenticateCallback
- GlobalSecurity.LoadColumnSecurityCallback
- GlobalSecurity.LoadRowSecurityCallback
Example usage in your main.go or server setup:
// Step 1: Configure callbacks (REQUIRED) security.GlobalSecurity.AuthenticateCallback = myAuthFunction security.GlobalSecurity.LoadColumnSecurityCallback = myLoadColumnSecurityFunction security.GlobalSecurity.LoadRowSecurityCallback = myLoadRowSecurityFunction // Step 2: Setup security provider handler := restheadspec.NewHandlerWithGORM(db) security.SetupSecurityProvider(handler, &security.GlobalSecurity) // Step 3: Apply middleware router.Use(mux.MiddlewareFunc(security.AuthMiddleware)) router.Use(mux.MiddlewareFunc(security.SetSecurityMiddleware))
Types ¶
type AuthenticateFunc ¶
AuthenticateFunc extracts user ID and roles from HTTP request Return userID, roles, error. If error is not nil, request will be rejected.
type CONTEXT_KEY ¶ added in v0.0.20
type CONTEXT_KEY string
const SECURITY_CONTEXT_KEY CONTEXT_KEY = "SecurityList"
type ColumnSecurity ¶
type ColumnSecurity struct {
Schema string
Tablename string
Path []string
ExtraFilters map[string]string
UserID int
Accesstype string `json:"accesstype"`
MaskStart int
MaskEnd int
MaskInvert bool
MaskChar string
Control string `json:"control"`
ID int `json:"id"`
}
func ExampleLoadColumnSecurityFromConfig ¶
func ExampleLoadColumnSecurityFromConfig(pUserID int, pSchema, pTablename string) ([]ColumnSecurity, error)
ExampleLoadColumnSecurityFromConfig loads column security from static config
func ExampleLoadColumnSecurityFromDatabase ¶
func ExampleLoadColumnSecurityFromDatabase(pUserID int, pSchema, pTablename string) ([]ColumnSecurity, error)
ExampleLoadColumnSecurityFromDatabase loads column security rules from database This implementation assumes the following database schema:
CREATE TABLE core.secacces (
rid_secacces SERIAL PRIMARY KEY,
rid_hub INTEGER,
control TEXT, -- Format: "schema.table.column"
accesstype TEXT, -- "mask" or "hide"
jsonvalue JSONB -- Masking configuration
);
CREATE TABLE core.hub_link (
rid_hub_parent INTEGER, -- Security group ID
rid_hub_child INTEGER, -- User ID
parent_hubtype TEXT -- 'secgroup'
);
type LoadColumnSecurityFunc ¶
type LoadColumnSecurityFunc func(pUserID int, pSchema, pTablename string) ([]ColumnSecurity, error)
LoadColumnSecurityFunc loads column security rules for a user and entity Override this to customize how column security is loaded from your data source
type LoadRowSecurityFunc ¶
type LoadRowSecurityFunc func(pUserID int, pSchema, pTablename string) (RowSecurity, error)
LoadRowSecurityFunc loads row security rules for a user and entity Override this to customize how row security is loaded from your data source
type RowSecurity ¶
func ExampleLoadRowSecurityFromConfig ¶
func ExampleLoadRowSecurityFromConfig(pUserID int, pSchema, pTablename string) (RowSecurity, error)
ExampleLoadRowSecurityFromConfig loads row security from static config
func ExampleLoadRowSecurityFromDatabase ¶
func ExampleLoadRowSecurityFromDatabase(pUserID int, pSchema, pTablename string) (RowSecurity, error)
ExampleLoadRowSecurityFromDatabase loads row security rules from database This implementation assumes a PostgreSQL function:
CREATE FUNCTION core.api_sec_rowtemplate(
p_schema TEXT,
p_table TEXT,
p_userid INTEGER
) RETURNS TABLE (
p_retval INTEGER,
p_errmsg TEXT,
p_template TEXT,
p_block BOOLEAN
);
func (*RowSecurity) GetTemplate ¶
func (m *RowSecurity) GetTemplate(pPrimaryKeyName string, pModelType reflect.Type) string
type SecurityList ¶
type SecurityList struct {
ColumnSecurityMutex sync.RWMutex
ColumnSecurity map[string][]ColumnSecurity
RowSecurityMutex sync.RWMutex
RowSecurity map[string]RowSecurity
// Overridable callbacks
AuthenticateCallback AuthenticateFunc
LoadColumnSecurityCallback LoadColumnSecurityFunc
LoadRowSecurityCallback LoadRowSecurityFunc
}
var GlobalSecurity SecurityList
func (*SecurityList) ApplyColumnSecurity ¶
func (*SecurityList) ClearSecurity ¶
func (m *SecurityList) ClearSecurity(pUserID int, pSchema, pTablename string) error
func (*SecurityList) ColumSecurityApplyOnRecord ¶
func (*SecurityList) GetRowSecurityTemplate ¶
func (m *SecurityList) GetRowSecurityTemplate(pUserID int, pSchema, pTablename string) (RowSecurity, error)
func (*SecurityList) LoadColumnSecurity ¶
func (m *SecurityList) LoadColumnSecurity(pUserID int, pSchema, pTablename string, pOverwrite bool) error
func (*SecurityList) LoadRowSecurity ¶
func (m *SecurityList) LoadRowSecurity(pUserID int, pSchema, pTablename string, pOverwrite bool) (RowSecurity, error)
Source Files