go/go-micro
1
0
Fork 0
mirror of https://github.com/go-micro/go-micro.git synced 2025-05-13 21:16:43 +02:00
Code Issues Releases Activity

separate rules and auth

Browse Source
This commit is contained in:
Asim Aslam 2020-12-12 20:08:39 +00:00
parent 202338bd2d
commit de4f3ee4a2
4 changed files with 39 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
auth/auth.go
View File

@ -31,20 +31,24 @@ type Auth interface {
Options() Options Options() Options
// Generate a new account // Generate a new account
Generate(id string, opts ...GenerateOption) (*Account, error) Generate(id string, opts ...GenerateOption) (*Account, error)
// Verify an account has access to a resource using the rules
Verify(acc *Account, res *Resource, opts ...VerifyOption) error
// Inspect a token // Inspect a token
Inspect(token string) (*Account, error) Inspect(token string) (*Account, error)
// Token generated using refresh token or credentials // Token generated using refresh token or credentials
Token(opts ...TokenOption) (*Token, error) Token(opts ...TokenOption) (*Token, error)
// String returns the name of the implementation
String() string
}
// Rules manages access to resources
type Rules interface {
// Verify an account has access to a resource using the rules
Verify(acc *Account, res *Resource, opts ...VerifyOption) error
// Grant access to a resource // Grant access to a resource
Grant(rule *Rule) error Grant(rule *Rule) error
// Revoke access to a resource // Revoke access to a resource
Revoke(rule *Rule) error Revoke(rule *Rule) error
// Rules returns all the rules used to verify requests // List returns all the rules used to verify requests
Rules(...RulesOption) ([]*Rule, error) List(...ListOption) ([]*Rule, error)
// String returns the name of the implementation
String() string
} }
// Account provided by an auth provider // Account provided by an auth provider

20
auth/default.go
View File

@ -20,10 +20,16 @@ func NewAuth(opts ...Option) Auth {
} }
} }
func NewRules() Rules {
return new(noopRules)
}
type noop struct { type noop struct {
opts Options opts Options
} }
type noopRules struct{}
// String returns the name of the implementation // String returns the name of the implementation
func (n *noop) String() string { func (n *noop) String() string {
return "noop" return "noop"
@ -55,23 +61,23 @@ func (n *noop) Generate(id string, opts ...GenerateOption) (*Account, error) {
} }
// Grant access to a resource // Grant access to a resource
func (n *noop) Grant(rule *Rule) error { func (n *noopRules) Grant(rule *Rule) error {
return nil return nil
} }
// Revoke access to a resource // Revoke access to a resource
func (n *noop) Revoke(rule *Rule) error { func (n *noopRules) Revoke(rule *Rule) error {
return nil return nil
} }
// Rules used to verify requests // Rules used to verify requests
func (n *noop) Rules(opts ...RulesOption) ([]*Rule, error) { // Verify an account has access to a resource
return []*Rule{}, nil func (n *noopRules) Verify(acc *Account, res *Resource, opts ...VerifyOption) error {
return nil
} }
// Verify an account has access to a resource func (n *noopRules) List(opts ...ListOption) ([]*Rule, error) {
func (n *noop) Verify(acc *Account, res *Resource, opts ...VerifyOption) error { return []*Rule{}, nil
return nil
} }
// Inspect a token // Inspect a token

17
auth/jwt/jwt.go
View File

@ -16,12 +16,19 @@ func NewAuth(opts ...auth.Option) auth.Auth {
return j return j
} }
func NewRules() auth.Rules {
return new(jwtRules)
}
type jwt struct { type jwt struct {
sync.Mutex
options auth.Options options auth.Options
jwt token.Provider jwt token.Provider
rules []*auth.Rule }
type jwtRules struct {
sync.Mutex sync.Mutex
rules []*auth.Rule
} }
func (j *jwt) String() string { func (j *jwt) String() string {
@ -70,14 +77,14 @@ func (j *jwt) Generate(id string, opts ...auth.GenerateOption) (*auth.Account, e
return account, nil return account, nil
} }
func (j *jwt) Grant(rule *auth.Rule) error { func (j *jwtRules) Grant(rule *auth.Rule) error {
j.Lock() j.Lock()
defer j.Unlock() defer j.Unlock()
j.rules = append(j.rules, rule) j.rules = append(j.rules, rule)
return nil return nil
} }
func (j *jwt) Revoke(rule *auth.Rule) error { func (j *jwtRules) Revoke(rule *auth.Rule) error {
j.Lock() j.Lock()
defer j.Unlock() defer j.Unlock()
@ -92,7 +99,7 @@ func (j *jwt) Revoke(rule *auth.Rule) error {
return nil return nil
} }
func (j *jwt) Verify(acc *auth.Account, res *auth.Resource, opts ...auth.VerifyOption) error { func (j *jwtRules) Verify(acc *auth.Account, res *auth.Resource, opts ...auth.VerifyOption) error {
j.Lock() j.Lock()
defer j.Unlock() defer j.Unlock()
@ -104,7 +111,7 @@ func (j *jwt) Verify(acc *auth.Account, res *auth.Resource, opts ...auth.VerifyO
return auth.Verify(j.rules, acc, res) return auth.Verify(j.rules, acc, res)
} }
func (j *jwt) Rules(opts ...auth.RulesOption) ([]*auth.Rule, error) { func (j *jwtRules) List(opts ...auth.ListOption) ([]*auth.Rule, error) {
j.Lock() j.Lock()
defer j.Unlock() defer j.Unlock()
return j.rules, nil return j.rules, nil

8
auth/options.go
View File

@ -219,14 +219,14 @@ func VerifyContext(ctx context.Context) VerifyOption {
} }
} }
type RulesOptions struct { type ListOptions struct {
Context context.Context Context context.Context
} }
type RulesOption func(o *RulesOptions) type ListOption func(o *ListOptions)
func RulesContext(ctx context.Context) RulesOption { func RulesContext(ctx context.Context) ListOption {
return func(o *RulesOptions) { return func(o *ListOptions) {
o.Context = ctx o.Context = ctx
} }
} }