authorization

package

v0.44.5 Latest Latest Go to latest Published: Dec 29, 2025 License: Unlicense Imports: 2 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

git.nostrdev.com/mleku/next.orly.dev

Links

Open Source Insights

Documentation ¶

Overview ¶

Package authorization provides event authorization services for the ORLY relay. It handles ACL checks, policy evaluation, and access level decisions.

Index ¶

type ACLRegistry
type Authorizer
type Config
type Decision
- func Allow(accessLevel string) Decision
- func Deny(reason string, requireAuth bool) Decision
type PolicyManager
type Service
- func New(cfg *Config, acl ACLRegistry, policy PolicyManager, sync SyncManager) *Service
- func (s *Service) Authorize(ev *event.E, authedPubkey []byte, remote string, eventKind uint16) Decision
type SyncManager

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type ACLRegistry ¶

type ACLRegistry interface {
	// GetAccessLevel returns the access level for a pubkey and remote address.
	GetAccessLevel(pub []byte, address string) string
	// CheckPolicy checks if an event passes ACL policy.
	CheckPolicy(ev *event.E) (bool, error)
	// Active returns the active ACL mode name.
	Active() string
}

ACLRegistry abstracts the ACL registry for authorization checks.

type Authorizer ¶

type Authorizer interface {
	// Authorize checks if event is allowed based on ACL and policy.
	Authorize(ev *event.E, authedPubkey []byte, remote string, eventKind uint16) Decision
}

Authorizer makes authorization decisions for events.

type Config ¶

type Config struct {
	AuthRequired bool     // Whether auth is required for all operations
	AuthToWrite  bool     // Whether auth is required for write operations
	Admins       [][]byte // Admin pubkeys
	Owners       [][]byte // Owner pubkeys
}

Config holds configuration for the authorization service.

type Decision ¶

type Decision struct {
	Allowed      bool
	AccessLevel  string // none/read/write/admin/owner/blocked/banned
	IsAdmin      bool
	IsOwner      bool
	IsPeerRelay  bool
	SkipACLCheck bool   // For admin/owner deletes
	DenyReason   string // Human-readable reason for denial
	RequireAuth  bool   // Should send AUTH challenge
}

Decision carries authorization context through the event processing pipeline.

func Allow ¶

func Allow(accessLevel string) Decision

Allow returns an allowed decision with the given access level.

func Deny ¶

func Deny(reason string, requireAuth bool) Decision

Deny returns a denied decision with the given reason.

type PolicyManager ¶

type PolicyManager interface {
	// IsEnabled returns whether policy is enabled.
	IsEnabled() bool
	// CheckPolicy checks if an action is allowed by policy.
	CheckPolicy(action string, ev *event.E, pubkey []byte, remote string) (bool, error)
}

PolicyManager abstracts the policy manager for authorization checks.

type Service ¶

type Service struct {
	// contains filtered or unexported fields
}

Service implements the Authorizer interface.

func New ¶

func New(cfg *Config, acl ACLRegistry, policy PolicyManager, sync SyncManager) *Service

New creates a new authorization service.

func (*Service) Authorize ¶

func (s *Service) Authorize(ev *event.E, authedPubkey []byte, remote string, eventKind uint16) Decision

Authorize checks if event is allowed based on ACL and policy.

type SyncManager ¶

type SyncManager interface {
	// GetPeers returns the list of peer relay URLs.
	GetPeers() []string
	// IsAuthorizedPeer checks if a pubkey is an authorized peer.
	IsAuthorizedPeer(url, pubkey string) bool
}

SyncManager abstracts the sync manager for peer relay checking.

Source Files ¶

authorization.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL