rules

package

v0.6.0 Latest Latest Go to latest Published: Feb 23, 2026 License: AGPL-3.0 Imports: 5 Imported by: 0

Details

Package rules contains all rules related logic.

View Source

const NoMatchingRuleIndex = -1

NoMatchingRuleIndex is the rule index used when no rule matched and the default policy was applied.

This section is empty.

This section is empty.

type AuthorizationResult struct {
	RuleIndex int
	Action    string
}

AuthorizationResult contains the result of an authorization check with metadata. RuleIndex is NoMatchingRuleIndex if the default policy was used.

func (r AuthorizationResult) Allowed() bool

Allowed reports whether the result permits access.

func (r AuthorizationResult) IsDefaultPolicy() bool

IsDefaultPolicy reports whether the default policy was applied.

type Engine struct {
	// contains filtered or unexported fields
}

Engine is the access control engine that checks if a given query is allowed by the rules.

func NewEngine(config *config.AccessControl) *Engine

NewEngine creates a new access control engine for the given access control configuration.

func (e *Engine) Authorize(query *Query) AuthorizationResult

Authorize checks if the given query is allowed by the engine's rules and returns detailed result including which rule matched.

func (e *Engine) UpdateConfig(config *config.AccessControl)

UpdateConfig updates the engine's configuration with the given access control configuration.

type Query struct {
	RequestedDomain string
	RequestedMethod string
	SourceIP        netip.Addr
	SourceCountry   string
	SourceASN       uint32
}

Query represents a query to be checked by the access control engine.