mirror of
https://github.com/go-micro/go-micro.git
synced 2025-03-17 20:28:06 +02:00
separate rules and auth
This commit is contained in:
Asim Aslam
parent
202338bd2d
commit
de4f3ee4a2
16
auth/auth.go
16
auth/auth.go
@ -31,20 +31,24 @@ type Auth interface {
|
||||
Options() Options
|
||||
// Generate a new account
|
||||
Generate(id string, opts ...GenerateOption) (*Account, error)
|
||||
// Verify an account has access to a resource using the rules
|
||||
Verify(acc *Account, res *Resource, opts ...VerifyOption) error
|
||||
// Inspect a token
|
||||
Inspect(token string) (*Account, error)
|
||||
// Token generated using refresh token or credentials
|
||||
Token(opts ...TokenOption) (*Token, error)
|
||||
// String returns the name of the implementation
|
||||
String() string
|
||||
}
|
||||
|
||||
// Rules manages access to resources
|
||||
type Rules interface {
|
||||
// Verify an account has access to a resource using the rules
|
||||
Verify(acc *Account, res *Resource, opts ...VerifyOption) error
|
||||
// Grant access to a resource
|
||||
Grant(rule *Rule) error
|
||||
// Revoke access to a resource
|
||||
Revoke(rule *Rule) error
|
||||
// Rules returns all the rules used to verify requests
|
||||
Rules(...RulesOption) ([]*Rule, error)
|
||||
// String returns the name of the implementation
|
||||
String() string
|
||||
// List returns all the rules used to verify requests
|
||||
List(...ListOption) ([]*Rule, error)
|
||||
}
|
||||
|
||||
// Account provided by an auth provider
|
||||
|
||||
@ -20,10 +20,16 @@ func NewAuth(opts ...Option) Auth {
|
||||
}
|
||||
}
|
||||
|
||||
func NewRules() Rules {
|
||||
return new(noopRules)
|
||||
}
|
||||
|
||||
type noop struct {
|
||||
opts Options
|
||||
}
|
||||
|
||||
type noopRules struct{}
|
||||
|
||||
// String returns the name of the implementation
|
||||
func (n *noop) String() string {
|
||||
return "noop"
|
||||
@ -55,23 +61,23 @@ func (n *noop) Generate(id string, opts ...GenerateOption) (*Account, error) {
|
||||
}
|
||||
|
||||
// Grant access to a resource
|
||||
func (n *noop) Grant(rule *Rule) error {
|
||||
func (n *noopRules) Grant(rule *Rule) error {
|
||||
return nil
|
||||
}
|
||||
|
||||
// Revoke access to a resource
|
||||
func (n *noop) Revoke(rule *Rule) error {
|
||||
func (n *noopRules) Revoke(rule *Rule) error {
|
||||
return nil
|
||||
}
|
||||
|
||||
// Rules used to verify requests
|
||||
func (n *noop) Rules(opts ...RulesOption) ([]*Rule, error) {
|
||||
return []*Rule{}, nil
|
||||
// Verify an account has access to a resource
|
||||
func (n *noopRules) Verify(acc *Account, res *Resource, opts ...VerifyOption) error {
|
||||
return nil
|
||||
}
|
||||
|
||||
// Verify an account has access to a resource
|
||||
func (n *noop) Verify(acc *Account, res *Resource, opts ...VerifyOption) error {
|
||||
return nil
|
||||
func (n *noopRules) List(opts ...ListOption) ([]*Rule, error) {
|
||||
return []*Rule{}, nil
|
||||
}
|
||||
|
||||
// Inspect a token
|
||||
|
||||
@ -16,12 +16,19 @@ func NewAuth(opts ...auth.Option) auth.Auth {
|
||||
return j
|
||||
}
|
||||
|
||||
func NewRules() auth.Rules {
|
||||
return new(jwtRules)
|
||||
}
|
||||
|
||||
type jwt struct {
|
||||
sync.Mutex
|
||||
options auth.Options
|
||||
jwt token.Provider
|
||||
rules []*auth.Rule
|
||||
}
|
||||
|
||||
type jwtRules struct {
|
||||
sync.Mutex
|
||||
rules []*auth.Rule
|
||||
}
|
||||
|
||||
func (j *jwt) String() string {
|
||||
@ -70,14 +77,14 @@ func (j *jwt) Generate(id string, opts ...auth.GenerateOption) (*auth.Account, e
|
||||
return account, nil
|
||||
}
|
||||
|
||||
func (j *jwt) Grant(rule *auth.Rule) error {
|
||||
func (j *jwtRules) Grant(rule *auth.Rule) error {
|
||||
j.Lock()
|
||||
defer j.Unlock()
|
||||
j.rules = append(j.rules, rule)
|
||||
return nil
|
||||
}
|
||||
|
||||
func (j *jwt) Revoke(rule *auth.Rule) error {
|
||||
func (j *jwtRules) Revoke(rule *auth.Rule) error {
|
||||
j.Lock()
|
||||
defer j.Unlock()
|
||||
|
||||
@ -92,7 +99,7 @@ func (j *jwt) Revoke(rule *auth.Rule) error {
|
||||
return nil
|
||||
}
|
||||
|
||||
func (j *jwt) Verify(acc *auth.Account, res *auth.Resource, opts ...auth.VerifyOption) error {
|
||||
func (j *jwtRules) Verify(acc *auth.Account, res *auth.Resource, opts ...auth.VerifyOption) error {
|
||||
j.Lock()
|
||||
defer j.Unlock()
|
||||
|
||||
@ -104,7 +111,7 @@ func (j *jwt) Verify(acc *auth.Account, res *auth.Resource, opts ...auth.VerifyO
|
||||
return auth.Verify(j.rules, acc, res)
|
||||
}
|
||||
|
||||
func (j *jwt) Rules(opts ...auth.RulesOption) ([]*auth.Rule, error) {
|
||||
func (j *jwtRules) List(opts ...auth.ListOption) ([]*auth.Rule, error) {
|
||||
j.Lock()
|
||||
defer j.Unlock()
|
||||
return j.rules, nil
|
||||
|
||||
@ -219,14 +219,14 @@ func VerifyContext(ctx context.Context) VerifyOption {
|
||||
}
|
||||
}
|
||||
|
||||
type RulesOptions struct {
|
||||
type ListOptions struct {
|
||||
Context context.Context
|
||||
}
|
||||
|
||||
type RulesOption func(o *RulesOptions)
|
||||
type ListOption func(o *ListOptions)
|
||||
|
||||
func RulesContext(ctx context.Context) RulesOption {
|
||||
return func(o *RulesOptions) {
|
||||
func RulesContext(ctx context.Context) ListOption {
|
||||
return func(o *ListOptions) {
|
||||
o.Context = ctx
|
||||
}
|
||||
}
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user