rules

package

v0.5.4 Latest Latest Go to latest Published: Feb 5, 2026 License: AGPL-3.0 Imports: 5 Imported by: 0

Details

Package rules contains all rules related logic.

View Source

const NoMatchingRuleIndex = -1

NoMatchingRuleIndex is the rule index used when no rule matched and the default policy was applied.

This section is empty.

This section is empty.

type AuthorizationResult struct {
	Allowed         bool
	RuleIndex       int
	Action          string
	IsDefaultPolicy bool
}

AuthorizationResult contains the result of an authorization check with metadata. RuleIndex is NoMatchingRuleIndex if the default policy was used.

func NewAuthorizationResult(ruleIndex int, action string) AuthorizationResult

NewAuthorizationResult creates a new AuthorizationResult from a rule index and action.

type Engine struct {
	// contains filtered or unexported fields
}

Engine is the access control engine that checks if a given query is allowed by the rules.

func NewEngine(config *config.AccessControl) *Engine

NewEngine creates a new access control engine for the given access control configuration.

func (e *Engine) Authorize(query *Query) AuthorizationResult

Authorize checks if the given query is allowed by the engine's rules and returns detailed result including which rule matched.

func (e *Engine) UpdateConfig(config *config.AccessControl)

UpdateConfig updates the engine's configuration with the given access control configuration.

type Query struct {
	RequestedDomain string
	RequestedMethod string
	SourceIP        netip.Addr
	SourceCountry   string
	SourceASN       uint32
}

Query represents a query to be checked by the access control engine.