std

package

v0.8.13 Latest Latest Go to latest Published: Sep 19, 2022 License: MIT Imports: 9 Imported by: 1

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/aserto-dev/aserto-go

Links

Open Source Insights

Documentation ¶

Overview ¶

Package std provides authorization middleware for HTTP servers built on top of the standard net/http.

The middleware intercepts incoming requests and calls the Aserto authorizer service to determine if access should be allowed or denied.

Example ¶

package main

import (
	"context"
	"log"
	"net/http"

	"github.com/aserto-dev/aserto-go/authorizer/grpc"
	"github.com/aserto-dev/aserto-go/client"
	mw "github.com/aserto-dev/aserto-go/middleware/http/std"
)

func Hello(w http.ResponseWriter, r *http.Request) {
	if _, err := w.Write([]byte(`"hello"`)); err != nil {
		log.Println("Failed to write HTTP response:", err)
	}
}

func main() {
	ctx := context.Background()

	// Create authorizer client.
	authorizer, err := grpc.New(
		ctx,
		client.WithAPIKeyAuth("<Aserto authorizer API Key>"),
		client.WithTenantID("<Aserto tenant ID>"),
	)
	if err != nil {
		log.Fatal("Failed to create authorizer client:", err)
	}

	// Create HTTP middleware.
	middleware := mw.New(
		authorizer,
		mw.Policy{
			ID:       "<Aserto policy ID>",
			Decision: "<authorization decision (e.g. 'allowed')",
		},
	)

	// Define HTTP route.
	http.Handle(
		"/",
		middleware.Handler(http.HandlerFunc(Hello)), // Attach middleware to route.
	)

	// Start server.
	log.Fatal(http.ListenAndServe(":8080", nil))
}

Output:

Index ¶

type AuthorizerClient
type Middleware
- func New(client AuthorizerClient, policy Policy) *Middleware
type Policy
type StringMapper
type StructMapper

Examples ¶

Package

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type AuthorizerClient ¶

type AuthorizerClient = authorizer.AuthorizerClient

type Middleware ¶

type Middleware struct {
	// Identity determines the caller identity used in authorization calls.
	Identity *httpmw.IdentityBuilder
	// contains filtered or unexported fields
}

Middleware implements an http.Handler that can be added to routes in net/http servers.

To authorize incoming requests, the middleware needs information about:

1. The user making the request.

2. The Aserto authorization policy to evaluate.

3. Optional, additional input data to the authorization policy.

The values for these parameters can be set globally or extracted dynamically from incoming messages.

func New ¶

func New(client AuthorizerClient, policy Policy) *Middleware

New creates middleware for the specified policy.

The new middleware is created with default identity and policy path mapper. Those can be overridden using `Middleware.Identity` to specify the caller's identity, or using the middleware's ".With...()" functions to set policy path and resource mappers.

func (*Middleware) Handler ¶

func (m *Middleware) Handler(next http.Handler) http.Handler

Handler is the middleware implementation. It is how an Authorizer is wired to an HTTP server.

func (*Middleware) WithNoResourceContext ¶

func (m *Middleware) WithNoResourceContext() *Middleware

WithNoResourceContext causes the middleware to include no resource context in authorization request instead of the default behavior that sends all URL path parameters.

func (*Middleware) WithPolicyFromURL ¶

func (m *Middleware) WithPolicyFromURL(prefix string) *Middleware

WithPolicyFromURL instructs the middleware to construct the policy path from the path segment of the incoming request's URL.

Path separators ('/') are replaced with dots ('.'). If the request uses gorilla/mux to define path parameters, those are added to the path with two leading underscores. An optional prefix can be specified to be included in all paths.

Example ¶

Using 'WithPolicyFromURL("myapp")', the route

POST /products/{id}

becomes the policy path

"myapp.POST.products.__id"

func (*Middleware) WithPolicyPathMapper ¶

func (m *Middleware) WithPolicyPathMapper(mapper StringMapper) *Middleware

WithPolicyPathMapper sets a custom policy mapper, a function that takes an incoming request and returns the path within the policy of the package to query.

func (*Middleware) WithResourceMapper ¶

func (m *Middleware) WithResourceMapper(mapper StructMapper) *Middleware

WithResourceMapper sets a custom resource mapper, a function that takes an incoming request and returns the resource object to include with the authorization request as a `structpb.Struct`.

type Policy ¶

type Policy = middleware.Policy

type StringMapper ¶

type StringMapper func(*http.Request) string

StringMapper functions are used to extract string values from incoming requests. They are used to define policy mappers.

type StructMapper ¶

type StructMapper func(*http.Request) *structpb.Struct

StructMapper functions are used to extract structured data from incoming requests. The optional resource mapper is a StructMapper.

Source Files ¶

View all Source files

http.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL