Documentation
¶
Index ¶
- func AgentJWTMiddleware(db *gorm.DB, publicKey *rsa.PublicKey) echo.MiddlewareFunc
- func AgentJWTOrPublicMiddleware(db *gorm.DB, publicKey *rsa.PublicKey, allowPublic bool) echo.MiddlewareFunc
- func JWTMiddleware(publicKey *rsa.PublicKey) echo.MiddlewareFunc
- func OptionalUserOrAgentJWTMiddleware(db *gorm.DB, publicKey *rsa.PublicKey, allowPublic bool) echo.MiddlewareFunc
- func SubjectFromContext(c echo.Context) authz.Subject
- type AgentAuthContext
- type AuthorizeOption
- type PEP
- type ResourceGuard
- func (g ResourceGuard) Create(extra ...AuthorizeOption) echo.MiddlewareFunc
- func (g ResourceGuard) Delete(extra ...AuthorizeOption) echo.MiddlewareFunc
- func (g ResourceGuard) Do(action string, extra ...AuthorizeOption) echo.MiddlewareFunc
- func (g ResourceGuard) Read(extra ...AuthorizeOption) echo.MiddlewareFunc
- func (g ResourceGuard) Update(extra ...AuthorizeOption) echo.MiddlewareFunc
- type Validator
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func AgentJWTMiddleware ¶ added in v0.13.0
func AgentJWTOrPublicMiddleware ¶ added in v0.15.0
func JWTMiddleware ¶
func JWTMiddleware(publicKey *rsa.PublicKey) echo.MiddlewareFunc
JWTMiddleware returns an Echo middleware function that verifies JWT tokens using the provided RSA public key.
func OptionalUserOrAgentJWTMiddleware ¶ added in v0.15.0
func OptionalUserOrAgentJWTMiddleware(db *gorm.DB, publicKey *rsa.PublicKey, allowPublic bool) echo.MiddlewareFunc
OptionalUserOrAgentJWTMiddleware accepts authenticated user JWTs, authenticated agent JWTs, or unauthenticated public requests when allowPublic is true.
func SubjectFromContext ¶ added in v0.17.0
SubjectFromContext derives the authz Subject from the principal the authn middleware placed in the context: an authenticated user, an authenticated agent, or an anonymous subject on public-allowed routes. It is the single source of subject derivation, shared by the PEP and the /me/permissions handler. Attributes are intentionally minimal in Phase 1; the authoritative attribute surface is designed in BCH-1319.
Types ¶
type AgentAuthContext ¶ added in v0.15.0
type AgentAuthContext struct {
Claims *authn.AgentClaims
Agent *relational.Agent
Key *relational.AgentServiceAccountKey
}
type AuthorizeOption ¶ added in v0.17.0
type AuthorizeOption func(*authorizeConfig)
AuthorizeOption configures how a route binds request data into the resource the PEP hands the PDP.
func ResourceIDParam ¶ added in v0.17.0
func ResourceIDParam(param string) AuthorizeOption
ResourceIDParam overrides which path parameter identifies the resource instance. The default is "id"; SSP-rooted routes whose primary key is ":sspId", for example, pass ResourceIDParam("sspId").
func ScopeParam ¶ added in v0.17.0
func ScopeParam(param string) AuthorizeOption
ScopeParam binds a URL path parameter as a C0 scope attribute on the resource, so a scope key the URL already carries is supplied for free (no row load). The attribute name is the snake_case form of the param, e.g. ScopeParam("sspId") exports resource prop ssp_id from c.Param("sspId"), and ScopeParam("parentId") exports parent_id. Routes that don't carry the scope key in the URL fall back to a C1 row-load in a later phase (BCH-1319 §9).
type PEP ¶ added in v0.17.0
type PEP struct {
// contains filtered or unexported fields
}
PEP is the single Policy Enforcement Point. It builds an authz Subject from the authenticated principal in the request context and a Resource from the route, asks the configured PDP for a decision, and enforces the result: allow → next; deny → 403 (the reason is logged, never echoed to the client); PDP unavailable → the configured fail mode; any other error → 500. The PEP supplies facts only and holds no policy logic.
func NewPEP ¶ added in v0.17.0
NewPEP constructs a PEP. A nil logger is replaced with a no-op logger and an empty fail mode defaults to fail-closed.
func (*PEP) Authorize ¶ added in v0.17.0
func (p *PEP) Authorize(resource, action string, opts ...AuthorizeOption) echo.MiddlewareFunc
Authorize returns middleware that enforces (resource, action) for the matched route. Options bind route data (the id param, scope params) into the evaluation tuple.
func (*PEP) For ¶ added in v0.17.0
func (p *PEP) For(resource string, opts ...AuthorizeOption) ResourceGuard
For returns a ResourceGuard bound to resource. opts apply to every route the guard guards.
type ResourceGuard ¶ added in v0.17.0
type ResourceGuard struct {
// contains filtered or unexported fields
}
ResourceGuard binds a PEP to one resource so routes can enforce it tersely:
g := pep.For(authz.ResourceRisk)
api.GET("", h.List, g.Read())
api.POST("", h.Create, g.Create())
api.POST("/:id/promote-to-poam", h.Promote, g.Do(authz.ActionPromote))
Each method returns the same middleware as PEP.Authorize(resource, action, opts...); the options passed to For are applied to every route the guard produces (e.g. a scope param a whole group shares). Per-route options can still be passed to Do.
func (ResourceGuard) Create ¶ added in v0.17.0
func (g ResourceGuard) Create(extra ...AuthorizeOption) echo.MiddlewareFunc
func (ResourceGuard) Delete ¶ added in v0.17.0
func (g ResourceGuard) Delete(extra ...AuthorizeOption) echo.MiddlewareFunc
func (ResourceGuard) Do ¶ added in v0.17.0
func (g ResourceGuard) Do(action string, extra ...AuthorizeOption) echo.MiddlewareFunc
Do enforces an explicit action on the bound resource. extra options are appended to the guard's own options for this route only.
func (ResourceGuard) Read ¶ added in v0.17.0
func (g ResourceGuard) Read(extra ...AuthorizeOption) echo.MiddlewareFunc
Read/Create/Update/Delete are the CRUD shorthands for Do.
func (ResourceGuard) Update ¶ added in v0.17.0
func (g ResourceGuard) Update(extra ...AuthorizeOption) echo.MiddlewareFunc
Source Files