Documentation
¶
Overview ¶
Package store provides storage abstractions for agent authorization.
Index ¶
- Variables
- func JoinScopes(scopes []string) string
- func SplitScopes(scopes string) []string
- type Agent
- type AuthzServerAdapter
- func (a *AuthzServerAdapter) Close() error
- func (a *AuthzServerAdapter) CreateScopePolicy(ctx context.Context, policy *authzserver.ScopePolicy) error
- func (a *AuthzServerAdapter) CreateToken(ctx context.Context, token *authzserver.Token) error
- func (a *AuthzServerAdapter) DeleteScopePolicy(ctx context.Context, id string) error
- func (a *AuthzServerAdapter) GetScopePolicy(ctx context.Context, id string) (*authzserver.ScopePolicy, error)
- func (a *AuthzServerAdapter) GetToken(ctx context.Context, id string) (*authzserver.Token, error)
- func (a *AuthzServerAdapter) ListScopePolicies(ctx context.Context) ([]*authzserver.ScopePolicy, error)
- func (a *AuthzServerAdapter) ListTokens(ctx context.Context) ([]*authzserver.Token, error)
- func (a *AuthzServerAdapter) RevokeToken(ctx context.Context, id string) error
- type Mission
- type MissionStatus
- type PersonServerAdapter
- func (a *PersonServerAdapter) ApproveMission(ctx context.Context, id string, duration time.Duration) error
- func (a *PersonServerAdapter) Close() error
- func (a *PersonServerAdapter) CreateAgent(ctx context.Context, agent *personserver.Agent) error
- func (a *PersonServerAdapter) CreateMission(ctx context.Context, mission *personserver.Mission) error
- func (a *PersonServerAdapter) CreateToken(ctx context.Context, token *personserver.Token) error
- func (a *PersonServerAdapter) CreateUser(ctx context.Context, user *personserver.User) error
- func (a *PersonServerAdapter) DenyMission(ctx context.Context, id, reason string) error
- func (a *PersonServerAdapter) GetAgent(ctx context.Context, id string) (*personserver.Agent, error)
- func (a *PersonServerAdapter) GetMission(ctx context.Context, id string) (*personserver.Mission, error)
- func (a *PersonServerAdapter) GetToken(ctx context.Context, id string) (*personserver.Token, error)
- func (a *PersonServerAdapter) GetUser(ctx context.Context, id string) (*personserver.User, error)
- func (a *PersonServerAdapter) GetUserByEmail(ctx context.Context, email string) (*personserver.User, error)
- func (a *PersonServerAdapter) ListAgents(ctx context.Context) ([]*personserver.Agent, error)
- func (a *PersonServerAdapter) ListMissionsByUser(ctx context.Context, userID string) ([]*personserver.Mission, error)
- func (a *PersonServerAdapter) ListPendingMissions(ctx context.Context) ([]*personserver.Mission, error)
- func (a *PersonServerAdapter) ListUsers(ctx context.Context) ([]*personserver.User, error)
- func (a *PersonServerAdapter) RevokeToken(ctx context.Context, id string) error
- type PreAuthorization
- type SQLiteStore
- func (s *SQLiteStore) ApproveMission(ctx context.Context, id string, duration time.Duration) error
- func (s *SQLiteStore) Close() error
- func (s *SQLiteStore) CreateAgent(ctx context.Context, agent *Agent) error
- func (s *SQLiteStore) CreateMission(ctx context.Context, mission *Mission) error
- func (s *SQLiteStore) CreatePreAuthorization(ctx context.Context, preAuth *PreAuthorization) error
- func (s *SQLiteStore) CreateScopePolicy(ctx context.Context, policy *ScopePolicy) error
- func (s *SQLiteStore) CreateToken(ctx context.Context, token *Token) error
- func (s *SQLiteStore) CreateUser(ctx context.Context, user *User) error
- func (s *SQLiteStore) DB() *sql.DB
- func (s *SQLiteStore) DeletePreAuthorization(ctx context.Context, userID, agentID string) error
- func (s *SQLiteStore) DeleteScopePolicy(ctx context.Context, id string) error
- func (s *SQLiteStore) DenyMission(ctx context.Context, id, reason string) error
- func (s *SQLiteStore) GetAgent(ctx context.Context, id string) (*Agent, error)
- func (s *SQLiteStore) GetMission(ctx context.Context, id string) (*Mission, error)
- func (s *SQLiteStore) GetPreAuthorization(ctx context.Context, userID, agentID string) (*PreAuthorization, error)
- func (s *SQLiteStore) GetScopePolicy(ctx context.Context, id string) (*ScopePolicy, error)
- func (s *SQLiteStore) GetToken(ctx context.Context, id string) (*Token, error)
- func (s *SQLiteStore) GetUser(ctx context.Context, id string) (*User, error)
- func (s *SQLiteStore) GetUserByEmail(ctx context.Context, email string) (*User, error)
- func (s *SQLiteStore) ListAgents(ctx context.Context) ([]*Agent, error)
- func (s *SQLiteStore) ListMissionsByUser(ctx context.Context, userID string) ([]*Mission, error)
- func (s *SQLiteStore) ListPendingMissions(ctx context.Context) ([]*Mission, error)
- func (s *SQLiteStore) ListScopePolicies(ctx context.Context) ([]*ScopePolicy, error)
- func (s *SQLiteStore) ListTokens(ctx context.Context) ([]*Token, error)
- func (s *SQLiteStore) ListUsers(ctx context.Context) ([]*User, error)
- func (s *SQLiteStore) RevokeToken(ctx context.Context, id string) error
- type ScopePolicy
- type Storer
- type Token
- type User
Constants ¶
This section is empty.
Variables ¶
var ( ErrNotFound = errors.New("not found") ErrAlreadyExists = errors.New("already exists") ErrInvalidInput = errors.New("invalid input") )
Store errors.
Functions ¶
func JoinScopes ¶
JoinScopes joins scopes into a space-separated string.
func SplitScopes ¶
SplitScopes splits a space-separated scope string.
Types ¶
type Agent ¶
type Agent struct {
ID string `json:"id" db:"id"`
Name string `json:"name" db:"name"`
Description string `json:"description,omitempty" db:"description"`
PublicKey string `json:"public_key" db:"public_key"`
RedirectURI string `json:"redirect_uri,omitempty" db:"redirect_uri"`
Trusted bool `json:"trusted" db:"trusted"`
CreatedAt time.Time `json:"created_at" db:"created_at"`
UpdatedAt time.Time `json:"updated_at" db:"updated_at"`
}
Agent represents a registered agent that can request authorization.
type AuthzServerAdapter ¶
type AuthzServerAdapter struct {
// contains filtered or unexported fields
}
AuthzServerAdapter adapts a Storer implementation to the authzserver.Store interface. This allows using SQLiteStore, DynamoDBStore, or any other Storer with the authzserver package.
func NewAuthzServerAdapter ¶
func NewAuthzServerAdapter(store Storer) *AuthzServerAdapter
NewAuthzServerAdapter creates a new adapter for the given store.
func (*AuthzServerAdapter) Close ¶
func (a *AuthzServerAdapter) Close() error
Close closes the underlying store.
func (*AuthzServerAdapter) CreateScopePolicy ¶
func (a *AuthzServerAdapter) CreateScopePolicy(ctx context.Context, policy *authzserver.ScopePolicy) error
func (*AuthzServerAdapter) CreateToken ¶
func (a *AuthzServerAdapter) CreateToken(ctx context.Context, token *authzserver.Token) error
func (*AuthzServerAdapter) DeleteScopePolicy ¶
func (a *AuthzServerAdapter) DeleteScopePolicy(ctx context.Context, id string) error
func (*AuthzServerAdapter) GetScopePolicy ¶
func (a *AuthzServerAdapter) GetScopePolicy(ctx context.Context, id string) (*authzserver.ScopePolicy, error)
func (*AuthzServerAdapter) GetToken ¶
func (a *AuthzServerAdapter) GetToken(ctx context.Context, id string) (*authzserver.Token, error)
func (*AuthzServerAdapter) ListScopePolicies ¶
func (a *AuthzServerAdapter) ListScopePolicies(ctx context.Context) ([]*authzserver.ScopePolicy, error)
func (*AuthzServerAdapter) ListTokens ¶
func (a *AuthzServerAdapter) ListTokens(ctx context.Context) ([]*authzserver.Token, error)
func (*AuthzServerAdapter) RevokeToken ¶
func (a *AuthzServerAdapter) RevokeToken(ctx context.Context, id string) error
type Mission ¶
type Mission struct {
ID string `json:"id" db:"id"`
AgentID string `json:"agent_id" db:"agent_id"`
UserID string `json:"user_id" db:"user_id"`
Name string `json:"name" db:"name"`
Description string `json:"description,omitempty" db:"description"`
Scopes string `json:"scopes" db:"scopes"`
InteractionType string `json:"interaction_type" db:"interaction_type"`
Status MissionStatus `json:"status" db:"status"`
Duration int64 `json:"duration" db:"duration"`
ExpiresAt *time.Time `json:"expires_at,omitempty" db:"expires_at"`
ApprovedAt *time.Time `json:"approved_at,omitempty" db:"approved_at"`
DeniedAt *time.Time `json:"denied_at,omitempty" db:"denied_at"`
DenialReason string `json:"denial_reason,omitempty" db:"denial_reason"`
CreatedAt time.Time `json:"created_at" db:"created_at"`
UpdatedAt time.Time `json:"updated_at" db:"updated_at"`
}
Mission represents an agent's request to act on behalf of a user.
type MissionStatus ¶
type MissionStatus string
MissionStatus represents the status of a mission request.
const ( MissionStatusPending MissionStatus = "pending" MissionStatusApproved MissionStatus = "approved" MissionStatusDenied MissionStatus = "denied" MissionStatusExpired MissionStatus = "expired" MissionStatusRevoked MissionStatus = "revoked" )
Mission statuses.
type PersonServerAdapter ¶
type PersonServerAdapter struct {
// contains filtered or unexported fields
}
PersonServerAdapter adapts a Storer implementation to the personserver.Store interface. This allows using SQLiteStore, DynamoDBStore, or any other Storer with the personserver package.
func NewPersonServerAdapter ¶
func NewPersonServerAdapter(store Storer) *PersonServerAdapter
NewPersonServerAdapter creates a new adapter for the given store.
func (*PersonServerAdapter) ApproveMission ¶
func (*PersonServerAdapter) Close ¶
func (a *PersonServerAdapter) Close() error
Close closes the underlying store.
func (*PersonServerAdapter) CreateAgent ¶
func (a *PersonServerAdapter) CreateAgent(ctx context.Context, agent *personserver.Agent) error
func (*PersonServerAdapter) CreateMission ¶
func (a *PersonServerAdapter) CreateMission(ctx context.Context, mission *personserver.Mission) error
func (*PersonServerAdapter) CreateToken ¶
func (a *PersonServerAdapter) CreateToken(ctx context.Context, token *personserver.Token) error
func (*PersonServerAdapter) CreateUser ¶
func (a *PersonServerAdapter) CreateUser(ctx context.Context, user *personserver.User) error
func (*PersonServerAdapter) DenyMission ¶
func (a *PersonServerAdapter) DenyMission(ctx context.Context, id, reason string) error
func (*PersonServerAdapter) GetAgent ¶
func (a *PersonServerAdapter) GetAgent(ctx context.Context, id string) (*personserver.Agent, error)
func (*PersonServerAdapter) GetMission ¶
func (a *PersonServerAdapter) GetMission(ctx context.Context, id string) (*personserver.Mission, error)
func (*PersonServerAdapter) GetToken ¶
func (a *PersonServerAdapter) GetToken(ctx context.Context, id string) (*personserver.Token, error)
func (*PersonServerAdapter) GetUser ¶
func (a *PersonServerAdapter) GetUser(ctx context.Context, id string) (*personserver.User, error)
func (*PersonServerAdapter) GetUserByEmail ¶
func (a *PersonServerAdapter) GetUserByEmail(ctx context.Context, email string) (*personserver.User, error)
func (*PersonServerAdapter) ListAgents ¶
func (a *PersonServerAdapter) ListAgents(ctx context.Context) ([]*personserver.Agent, error)
func (*PersonServerAdapter) ListMissionsByUser ¶
func (a *PersonServerAdapter) ListMissionsByUser(ctx context.Context, userID string) ([]*personserver.Mission, error)
func (*PersonServerAdapter) ListPendingMissions ¶
func (a *PersonServerAdapter) ListPendingMissions(ctx context.Context) ([]*personserver.Mission, error)
func (*PersonServerAdapter) ListUsers ¶
func (a *PersonServerAdapter) ListUsers(ctx context.Context) ([]*personserver.User, error)
func (*PersonServerAdapter) RevokeToken ¶
func (a *PersonServerAdapter) RevokeToken(ctx context.Context, id string) error
type PreAuthorization ¶
type PreAuthorization struct {
ID string `json:"id" db:"id"`
UserID string `json:"user_id" db:"user_id"`
AgentID string `json:"agent_id" db:"agent_id"`
Scopes string `json:"scopes" db:"scopes"`
CreatedAt time.Time `json:"created_at" db:"created_at"`
ExpiresAt *time.Time `json:"expires_at,omitempty" db:"expires_at"`
}
PreAuthorization allows users to pre-approve certain scopes for agents.
func (*PreAuthorization) Covers ¶
func (p *PreAuthorization) Covers(requestedScopes []string) bool
Covers returns true if this pre-authorization covers the requested scopes.
type SQLiteStore ¶
type SQLiteStore struct {
// contains filtered or unexported fields
}
SQLiteStore provides SQLite-backed storage.
func NewSQLite ¶
func NewSQLite(dbPath string) (*SQLiteStore, error)
NewSQLite creates a new SQLite-backed store.
func (*SQLiteStore) ApproveMission ¶
ApproveMission approves a mission.
func (*SQLiteStore) Close ¶
func (s *SQLiteStore) Close() error
Close closes the database connection.
func (*SQLiteStore) CreateAgent ¶
func (s *SQLiteStore) CreateAgent(ctx context.Context, agent *Agent) error
CreateAgent creates a new agent.
func (*SQLiteStore) CreateMission ¶
func (s *SQLiteStore) CreateMission(ctx context.Context, mission *Mission) error
CreateMission creates a new mission.
func (*SQLiteStore) CreatePreAuthorization ¶
func (s *SQLiteStore) CreatePreAuthorization(ctx context.Context, preAuth *PreAuthorization) error
CreatePreAuthorization creates a pre-authorization.
func (*SQLiteStore) CreateScopePolicy ¶
func (s *SQLiteStore) CreateScopePolicy(ctx context.Context, policy *ScopePolicy) error
CreateScopePolicy creates a scope policy.
func (*SQLiteStore) CreateToken ¶
func (s *SQLiteStore) CreateToken(ctx context.Context, token *Token) error
CreateToken creates a new token record.
func (*SQLiteStore) CreateUser ¶
func (s *SQLiteStore) CreateUser(ctx context.Context, user *User) error
CreateUser creates a new user.
func (*SQLiteStore) DB ¶
func (s *SQLiteStore) DB() *sql.DB
DB returns the underlying database connection for advanced use cases.
func (*SQLiteStore) DeletePreAuthorization ¶
func (s *SQLiteStore) DeletePreAuthorization(ctx context.Context, userID, agentID string) error
DeletePreAuthorization deletes a pre-authorization.
func (*SQLiteStore) DeleteScopePolicy ¶
func (s *SQLiteStore) DeleteScopePolicy(ctx context.Context, id string) error
DeleteScopePolicy deletes a scope policy.
func (*SQLiteStore) DenyMission ¶
func (s *SQLiteStore) DenyMission(ctx context.Context, id, reason string) error
DenyMission denies a mission.
func (*SQLiteStore) GetMission ¶
GetMission retrieves a mission by ID.
func (*SQLiteStore) GetPreAuthorization ¶
func (s *SQLiteStore) GetPreAuthorization(ctx context.Context, userID, agentID string) (*PreAuthorization, error)
GetPreAuthorization retrieves a pre-authorization for a user/agent pair.
func (*SQLiteStore) GetScopePolicy ¶
func (s *SQLiteStore) GetScopePolicy(ctx context.Context, id string) (*ScopePolicy, error)
GetScopePolicy retrieves a scope policy by ID.
func (*SQLiteStore) GetUserByEmail ¶
GetUserByEmail retrieves a user by email.
func (*SQLiteStore) ListAgents ¶
func (s *SQLiteStore) ListAgents(ctx context.Context) ([]*Agent, error)
ListAgents lists all agents.
func (*SQLiteStore) ListMissionsByUser ¶
ListMissionsByUser lists missions for a user.
func (*SQLiteStore) ListPendingMissions ¶
func (s *SQLiteStore) ListPendingMissions(ctx context.Context) ([]*Mission, error)
ListPendingMissions lists all pending missions.
func (*SQLiteStore) ListScopePolicies ¶
func (s *SQLiteStore) ListScopePolicies(ctx context.Context) ([]*ScopePolicy, error)
ListScopePolicies lists all scope policies.
func (*SQLiteStore) ListTokens ¶
func (s *SQLiteStore) ListTokens(ctx context.Context) ([]*Token, error)
ListTokens returns all tokens.
func (*SQLiteStore) ListUsers ¶
func (s *SQLiteStore) ListUsers(ctx context.Context) ([]*User, error)
ListUsers lists all users.
func (*SQLiteStore) RevokeToken ¶
func (s *SQLiteStore) RevokeToken(ctx context.Context, id string) error
RevokeToken revokes a token.
type ScopePolicy ¶
type ScopePolicy struct {
ID string `json:"id" db:"id"`
Pattern string `json:"pattern" db:"pattern"`
Protocol string `json:"protocol" db:"protocol"`
InteractionType string `json:"interaction_type,omitempty" db:"interaction_type"`
Description string `json:"description,omitempty" db:"description"`
Priority int `json:"priority" db:"priority"`
CreatedAt time.Time `json:"created_at" db:"created_at"`
}
ScopePolicy represents a scope policy stored in the database.
type Storer ¶
type Storer interface {
// Close closes the store connection.
Close() error
// User operations
CreateUser(ctx context.Context, user *User) error
GetUser(ctx context.Context, id string) (*User, error)
GetUserByEmail(ctx context.Context, email string) (*User, error)
ListUsers(ctx context.Context) ([]*User, error)
// Agent operations
CreateAgent(ctx context.Context, agent *Agent) error
GetAgent(ctx context.Context, id string) (*Agent, error)
ListAgents(ctx context.Context) ([]*Agent, error)
// Mission operations
CreateMission(ctx context.Context, mission *Mission) error
GetMission(ctx context.Context, id string) (*Mission, error)
ApproveMission(ctx context.Context, id string, duration time.Duration) error
DenyMission(ctx context.Context, id, reason string) error
ListPendingMissions(ctx context.Context) ([]*Mission, error)
ListMissionsByUser(ctx context.Context, userID string) ([]*Mission, error)
// Token operations
CreateToken(ctx context.Context, token *Token) error
GetToken(ctx context.Context, id string) (*Token, error)
RevokeToken(ctx context.Context, id string) error
ListTokens(ctx context.Context) ([]*Token, error)
// Pre-authorization operations
CreatePreAuthorization(ctx context.Context, preAuth *PreAuthorization) error
GetPreAuthorization(ctx context.Context, userID, agentID string) (*PreAuthorization, error)
DeletePreAuthorization(ctx context.Context, userID, agentID string) error
// Scope policy operations
CreateScopePolicy(ctx context.Context, policy *ScopePolicy) error
GetScopePolicy(ctx context.Context, id string) (*ScopePolicy, error)
ListScopePolicies(ctx context.Context) ([]*ScopePolicy, error)
DeleteScopePolicy(ctx context.Context, id string) error
}
Storer defines the interface for authorization storage backends. Both SQLite and DynamoDB implementations satisfy this interface.
type Token ¶
type Token struct {
ID string `json:"id" db:"id"`
MissionID string `json:"mission_id,omitempty" db:"mission_id"`
AgentID string `json:"agent_id" db:"agent_id"`
UserID string `json:"user_id" db:"user_id"`
Scopes string `json:"scopes" db:"scopes"`
TokenType string `json:"token_type" db:"token_type"`
Protocol string `json:"protocol" db:"protocol"`
IssuedAt time.Time `json:"issued_at" db:"issued_at"`
ExpiresAt time.Time `json:"expires_at" db:"expires_at"`
RevokedAt *time.Time `json:"revoked_at,omitempty" db:"revoked_at"`
}
Token represents an issued auth token.
type User ¶
type User struct {
ID string `json:"id" db:"id"`
Email string `json:"email" db:"email"`
Name string `json:"name" db:"name"`
CreatedAt time.Time `json:"created_at" db:"created_at"`
UpdatedAt time.Time `json:"updated_at" db:"updated_at"`
}
User represents a person who can authorize agents.