httprouterext

package module
v0.0.0-...-599013f Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 21, 2025 License: Apache-2.0 Imports: 12 Imported by: 0

README

Go Client for NIO Authorization

A Go client library for the NIO Authorization Service, a high-performance, relationship-based authorization system. This library provides a gRPC client to interact with the service and includes middleware for easy integration with the julienschmidt/httprouter framework.

Usage

See the cmd directory for how to use with httprouter and for how to use the client.

Updating gRPC Code

Run

go generate ./...

to update the protobuf generated files.

The original proto file is located at https://raw.githubusercontent.com/ecociel/nio-client/refs/heads/main/proto/iam.proto

License

This project is licensed under the Apache 2.0 License. See the LICENSE file for details.

Documentation

Index

Constants

View Source 
const Impossible = Permission("impossible")

TODO const None = Permission("none")

View Source 
const NsRoot = Namespace("root")

NsRoot is the root namespace.

View Source 
const ObjRoot = Obj("root")

ObjRoot is the root object.

View Source 
const RelParent = Permission("parent")
View Source 
const RelUnspecified = Permission("...")

RelUnspecified is the unspecified permission.

Variables

View Source 
var (
	// ErrEmptyPrincipal is returned when a check is successful but the principal is empty.
	ErrEmptyPrincipal = errors.New("unexpected empty principal")
)

Functions

func BasicWrap 

func BasicWrap(wrapper BasicWrapper, extract func(r *http.Request, p httprouter.Params) (Resource, error), hdl HandlerFunc) httprouter.Handle

func Observe 

func Observe(w http.ResponseWriter, r *http.Request, f func(w http.ResponseWriter) error)

func Wrap 

func Wrap(wrapper Wrapper, extract func(r *http.Request, p httprouter.Params) (Resource, error), hdl HandlerFunc) httprouter.Handle

Types

type BasicWrapper 

type BasicWrapper interface {
	Authenticate(ctx context.Context, username, password []byte) (bool, error)
}

type Client 

type Client struct {
	// contains filtered or unexported fields
}

Client is a client for the check service.

func New 

func New(conn *grpc.ClientConn) *Client

New creates a new client.

func (*Client) AddOneUserId 

func (c *Client) AddOneUserId(ctx context.Context, ns Namespace, obj Obj, rel Permission, userId UserId) error

AddOneUserId adds a user to an object with a specific relation.

func (*Client) AddOneUserSet 

func (c *Client) AddOneUserSet(ctx context.Context, ns Namespace, obj Obj, rel Permission, userSet UserSet) error

func (*Client) AddParent 

func (c *Client) AddParent(ctx context.Context, ns Namespace, obj Obj, parentNs Namespace, parentObj Obj) error

AddParent adds an inheritance relationship using the quasi-stanard relation "parent.

func (*Client) Check 

func (c *Client) Check(ctx context.Context, ns Namespace, obj Obj, permission Permission, userId UserId) (principal Principal, ok bool, err error)

Check checks if a user has a permission on an object. It returns the principal that granted the permission, whether the check was successful, and an error.

func (*Client) CheckWithTimestamp 

func (c *Client) CheckWithTimestamp(ctx context.Context, ns Namespace, obj Obj, permission Permission, userId UserId, ts Timestamp) (principal Principal, ok bool, err error)

CheckWithTimestamp checks if a user has a permission on an object at a specific timestamp. It returns the principal that granted the permission, whether the check was successful, and an error.

func (*Client) List 

func (c *Client) List(ctx context.Context, ns Namespace, permission Permission, userId UserId) ([]string, error)

List lists the objects a user has permission to. It returns a list of object IDs.

func (*Client) WithObserveCheck 

func (c *Client) WithObserveCheck(f func(ns Namespace, obj Obj, permission Permission, userId UserId, duration time.Duration, ok bool, isError bool)) *Client

WithObserveCheck sets the observe function for checks. The observe function is called after each check. It can be used to collect metrics about the checks.

func (*Client) WithObserveList 

func (c *Client) WithObserveList(f func(ns Namespace, permission Permission, userId UserId, duration time.Duration, isError bool)) *Client

WithObserveList sets the observe function for lists. The observe function is called after each list. It can be used to collect metrics about the lists.

type HandlerFunc 

type HandlerFunc func(http.ResponseWriter, *http.Request, httprouter.Params, Resource, User) error

HandlerFunc is a specialized handler type that provides the following features:

  • passes a Resource to the handler that can be used to access the extracted parameters
  • passes a User to the handler that can be used to access the authenticated user and perform further authorize checks
  • allows the handler to return an error. This error can implement the problemer interface to control how error response is constructured.

type Meter 

type Meter interface {
}

type NaiveBasicClient 

type NaiveBasicClient struct {
	// contains filtered or unexported fields
}

NaiveBasicClient is a basic auth authenticator that holds a single username and password.

func NewNaiveBasicClient 

func NewNaiveBasicClient(username, password string) *NaiveBasicClient

NewNaiveBasicClient creates a new naive basic client.

func (*NaiveBasicClient) Authenticate 

func (c *NaiveBasicClient) Authenticate(_ context.Context, username, password []byte) (bool, error)

Authenticate authenticates a user with a username and password. It returns whether the authentication was successful and an error.

type Namespace 

type Namespace string

Namespace is a collection of objects.

func (Namespace) String 

func (s Namespace) String() string

String returns the string representation of the namespace.

type Obj 

type Obj string

Obj is an object.

func (Obj) String 

func (s Obj) String() string

String returns the string representation of the object.

type Permission 

type Permission string

Permission is a permission on an object.

func (Permission) String 

func (s Permission) String() string

String returns the string representation of the permission.

type Principal 

type Principal string

Principal is a user or a group of users.

func (Principal) String 

func (s Principal) String() string

String returns the string representation of the principal.

type Resource 

type Resource interface {
	Requires(principalOrToken string, method string) (ns Namespace, obj Obj, permission Permission)
}

type Timestamp 

type Timestamp string

Timestamp is a timestamp.

func TimestampEpoch 

func TimestampEpoch() Timestamp

TimestampEpoch returns the epoch timestamp.

func (Timestamp) String 

func (s Timestamp) String() string

String returns the string representation of the timestamp.

type User 

type User interface {
	Principal() string
	HasPermission(args ...string) (bool, error)
	List(ns string, permission string) ([]string, error)
}

type UserId 

type UserId string

UserId is a user's ID.

func (UserId) String 

func (s UserId) String() string

String returns the string representation of the user ID.

type UserSet 

type UserSet struct {
	Ns  Namespace
	Obj Obj
	Rel Permission
}

UserSet is a set of users.

func (UserSet) String 

func (s UserSet) String() string

String returns the string representation of the user set.

type Wrapper 

type Wrapper interface {
	Meter
	Check(ctx context.Context, ns Namespace, obj Obj, permission Permission, userId UserId) (principal Principal, ok bool, err error)
	CheckWithTimestamp(ctx context.Context, ns Namespace, obj Obj, permission Permission, userId UserId, ts Timestamp) (principal Principal, ok bool, err error)
	List(ctx context.Context, ns Namespace, permission Permission, userId UserId) ([]string, error)
}

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.