auth

package

v1.0.2 Latest Latest Go to latest Published: Jul 4, 2025 License: Apache-2.0 Imports: 4 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/fulcrumproject/core

Links

Open Source Insights

Documentation ¶

Index ¶

func WithIdentity(ctx context.Context, id *Identity) context.Context
type Action
type AllwaysMatchObjectScope
- func (a AllwaysMatchObjectScope) Matches(identity *Identity) bool
type Authenticator
type AuthorizationRule
type Authorizer
type CompositeAuthenticator
- func NewCompositeAuthenticator(authenticators ...Authenticator) *CompositeAuthenticator
- func (c *CompositeAuthenticator) Authenticate(ctx context.Context, token string) (*Identity, error)
- func (c *CompositeAuthenticator) Health(ctx context.Context) error
type DefaultObjectScope
- func (target *DefaultObjectScope) Matches(id *Identity) bool
type Identity
- func MustGetIdentity(ctx context.Context) *Identity
- func (m *Identity) HasRole(role Role) bool
- func (m *Identity) Validate() error
type IdentityScope
type ObjectScope
type ObjectType
type Role
- func (r Role) Validate() error
type RuleBasedAuthorizer
- func NewRuleBasedAuthorizer(rules []AuthorizationRule) *RuleBasedAuthorizer
- func (a *RuleBasedAuthorizer) Authorize(identity *Identity, action Action, object ObjectType, ...) error

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func WithIdentity ¶

func WithIdentity(ctx context.Context, id *Identity) context.Context

WithIdentity adds to the context the identity

Types ¶

type Action ¶

type Action string

Action represents an action that can be performed on an object

type AllwaysMatchObjectScope ¶

type AllwaysMatchObjectScope struct{}

AllwaysMatchObjectScope is a special ObjectScope that always matches any identity

func (AllwaysMatchObjectScope) Matches ¶

func (a AllwaysMatchObjectScope) Matches(identity *Identity) bool

type Authenticator ¶

type Authenticator interface {
	Authenticate(ctx context.Context, token string) (*Identity, error)
	Health(ctx context.Context) error
}

type AuthorizationRule ¶

type AuthorizationRule struct {
	Roles  []Role
	Action Action
	Object ObjectType
}

AuthorizationRule represents a single authorization rule with roles, action, and object

type Authorizer ¶

type Authorizer interface {
	Authorize(identity *Identity, action Action, oject ObjectType, objectScope ObjectScope) error
}

type CompositeAuthenticator ¶

type CompositeAuthenticator struct {
	// contains filtered or unexported fields
}

CompositeAuthenticator implements Authenticator by trying multiple authenticators in order

func NewCompositeAuthenticator ¶

func NewCompositeAuthenticator(authenticators ...Authenticator) *CompositeAuthenticator

NewCompositeAuthenticator creates a new composite authenticator

func (*CompositeAuthenticator) Authenticate ¶

func (c *CompositeAuthenticator) Authenticate(ctx context.Context, token string) (*Identity, error)

Authenticate tries each authenticator in order until one succeeds Returns nil if all authenticators fail

func (*CompositeAuthenticator) Health ¶

func (c *CompositeAuthenticator) Health(ctx context.Context) error

Health checks the health of all underlying authenticators

type DefaultObjectScope ¶

type DefaultObjectScope struct {
	ParticipantID *properties.UUID
	ProviderID    *properties.UUID
	ConsumerID    *properties.UUID
	AgentID       *properties.UUID
}

DefaultObjectScope is the default implementation of ObjectScope

func (*DefaultObjectScope) Matches ¶

func (target *DefaultObjectScope) Matches(id *Identity) bool

Matches checks if the given identity matches the object scope

type Identity ¶

type Identity struct {
	ID    properties.UUID
	Name  string
	Role  Role
	Scope IdentityScope
}

Identity implements the Identifier interface

func MustGetIdentity ¶

func MustGetIdentity(ctx context.Context) *Identity

MustGetIdentity retrieves the authenticated identity from the request context

func (*Identity) HasRole ¶

func (m *Identity) HasRole(role Role) bool

func (*Identity) Validate ¶

func (m *Identity) Validate() error

validateRoleRequirements ensures that role-specific ID requirements are met

type IdentityScope ¶

type IdentityScope struct {
	ParticipantID *properties.UUID
	AgentID       *properties.UUID
}

type ObjectScope ¶

type ObjectScope interface {
	Matches(identity *Identity) bool
}

ObjectScope defines the target object scope in the authorization system

type ObjectType ¶

type ObjectType string

ObjectType represents a target object type in the authorization system

type Role ¶

type Role string

Role represents a role in the authorization system

const (
	RoleAdmin       Role = "admin"
	RoleParticipant Role = "participant"
	RoleAgent       Role = "agent"
)

func (Role) Validate ¶

func (r Role) Validate() error

Validate ensures the Role is one of the predefined values

type RuleBasedAuthorizer ¶

type RuleBasedAuthorizer struct {
	// contains filtered or unexported fields
}

RuleBasedAuthorizer implements the Authorizer interface using a set of predefined rules

func NewRuleBasedAuthorizer ¶

func NewRuleBasedAuthorizer(rules []AuthorizationRule) *RuleBasedAuthorizer

NewRuleBasedAuthorizer creates a new RuleBasedAuthorizer with the given rules

func (*RuleBasedAuthorizer) Authorize ¶

func (a *RuleBasedAuthorizer) Authorize(identity *Identity, action Action, object ObjectType, objectContext ObjectScope) error

Authorize checks if the given identity is authorized to perform the action on the object It matches against the predefined rules based on the identity's roles

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL