authz

package

v0.53.0 Latest Latest Go to latest Published: Jan 19, 2026 License: Apache-2.0 Imports: 5 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/dioad/net

Links

Open Source Insights

Documentation ¶

Overview ¶

Package authz provides network-based and principal-based access control utilities.

Index ¶

func IsPrincipalAuthorised(user string, allowList []string, denyList []string) bool
type Listener
type NetworkACL
- func NewNetworkACL(cfg NetworkACLConfig) (*NetworkACL, error)
type NetworkACLConfig
type PrincipalACLConfig

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func IsPrincipalAuthorised ¶ added in v0.40.0

func IsPrincipalAuthorised(user string, allowList []string, denyList []string) bool

IsPrincipalAuthorised checks if a user is authorised based on allow and deny lists.

Types ¶

type Listener ¶

type Listener struct {
	NetworkACL *NetworkACL
	Listener   net.Listener
	Logger     zerolog.Logger
}

Listener is a network listener that enforces a NetworkACL on all incoming connections.

func (*Listener) Accept ¶

func (l *Listener) Accept() (net.Conn, error)

Accept waits for and returns the next connection to the listener. It checks each connection against the NetworkACL and closes it if not authorised.

func (*Listener) Addr ¶

func (l *Listener) Addr() net.Addr

Addr returns the listener's network address.

func (*Listener) Close ¶

func (l *Listener) Close() error

Close closes the listener.

type NetworkACL ¶

type NetworkACL struct {
	AllowByDefault bool
	// contains filtered or unexported fields
}

NetworkACL describes network-based access control rules.

func NewNetworkACL ¶

func NewNetworkACL(cfg NetworkACLConfig) (*NetworkACL, error)

NewNetworkACL creates a new NetworkACL from the provided configuration.

func (*NetworkACL) Allow ¶

func (a *NetworkACL) Allow(n *net.IPNet)

Allow adds a network to the allow list.

func (*NetworkACL) AllowFromString ¶

func (a *NetworkACL) AllowFromString(n string) error

AllowFromString parses a network string and adds it to the allow list.

func (*NetworkACL) Authorise ¶

func (a *NetworkACL) Authorise(addr *net.TCPAddr) bool

Authorise checks if the provided TCP address is authorised. If both allow and deny lists are present, allow is checked first. If an IP is in the allow list but also matches a deny rule, authorisation is denied. This allows denying subsets of allowed CIDR ranges.

func (*NetworkACL) AuthoriseConn ¶

func (a *NetworkACL) AuthoriseConn(c net.Conn) (bool, error)

AuthoriseConn checks if the provided connection is authorised.

func (*NetworkACL) AuthoriseFromString ¶

func (a *NetworkACL) AuthoriseFromString(addr string) (bool, error)

AuthoriseFromString checks if the provided address string is authorised.

func (*NetworkACL) Deny ¶

func (a *NetworkACL) Deny(net *net.IPNet)

Deny adds a network to the deny list.

func (*NetworkACL) DenyFromString ¶

func (a *NetworkACL) DenyFromString(n string) error

DenyFromString parses a network string and adds it to the deny list.

type NetworkACLConfig ¶

type NetworkACLConfig struct {
	AllowedNets    []string `mapstructure:"allow"`
	DeniedNets     []string `mapstructure:"deny"`
	AllowByDefault bool     `mapstructure:"allow-by-default"`
}

NetworkACLConfig describes the configuration for network-based access control.

type PrincipalACLConfig ¶

type PrincipalACLConfig struct {
	AllowList []string `mapstructure:"allow-list"`
	DenyList  []string `mapstructure:"deny-list"`
}

PrincipalACLConfig describes the configuration for principal-based access control.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
prefixlist Package prefixlist provides utilities for fetching and managing IP prefix lists from various cloud providers.	Package prefixlist provides utilities for fetching and managing IP prefix lists from various cloud providers.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL