authz

package

v0.0.0-...-860e413 Latest Latest Go to latest Published: Oct 21, 2022 License: Apache-2.0 Imports: 16 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/dennigogo/zitadel

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
func CheckUserAuthorization(ctx context.Context, req interface{}, token, orgID string, ...) (ctxSetter func(context.Context) context.Context, err error)
func ExistsPerm(existingPermissions []string, perm string) bool
func GetAllPermissionCtxIDs(perms []string) []string
func GetAllPermissionsFromCtx(ctx context.Context) []string
func GetExplicitPermissionCtxIDs(perms []string, searchPerm string) []string
func GetRequestPermissionsFromCtx(ctx context.Context) []string
func HasGlobalExplicitPermission(perms []string, permToCheck string) bool
func HasGlobalPermission(perms []string) bool
func NewMockContext(instanceID, orgID, userID string) context.Context
func NewMockContextWithPermissions(instanceID, orgID, userID string, permissions []string) context.Context
func SetCtxData(ctx context.Context, ctxData CtxData) context.Context
func SplitPermission(perm string) (string, string)
func WithConsole(ctx context.Context, projectID, appID string) context.Context
func WithInstance(ctx context.Context, instance Instance) context.Context
func WithInstanceID(ctx context.Context, id string) context.Context
func WithRequestedDomain(ctx context.Context, domain string) context.Context
type Config
type CtxData
- func GetCtxData(ctx context.Context) CtxData
- func VerifyTokenAndCreateCtxData(ctx context.Context, token, orgID string, t *TokenVerifier, method string) (_ CtxData, err error)
- func (ctxData CtxData) IsZero() bool
type Grant
type Grants
type Instance
- func GetInstance(ctx context.Context) Instance
type InstanceVerifier
type MemberType
type Membership
type Memberships
type MethodMapping
type Option
type RoleMapping
type SystemAPIUser
type TokenVerifier
- func Start(authZRepo authZRepo, issuer string, keys map[string]*SystemAPIUser) (v *TokenVerifier)
- func (v *TokenVerifier) CheckAuthMethod(method string) (Option, bool)
- func (v *TokenVerifier) ExistsOrg(ctx context.Context, orgID string) (err error)
- func (v *TokenVerifier) ProjectIDAndOriginsByClientID(ctx context.Context, clientID string) (_ string, _ []string, err error)
- func (v *TokenVerifier) RegisterServer(appName, methodPrefix string, mappings MethodMapping)
- func (v *TokenVerifier) SearchMyMemberships(ctx context.Context) (_ []*Membership, err error)
- func (v *TokenVerifier) VerifyAccessToken(ctx context.Context, token string, method string) (userID, clientID, agentID, prefLang, resourceOwner string, err error)

Constants ¶

View Source

const (
	BearerPrefix = "Bearer "
)

Variables ¶

This section is empty.

Functions ¶

func CheckUserAuthorization ¶

func CheckUserAuthorization(ctx context.Context, req interface{}, token, orgID string, verifier *TokenVerifier, authConfig Config, requiredAuthOption Option, method string) (ctxSetter func(context.Context) context.Context, err error)

func ExistsPerm ¶

func ExistsPerm(existingPermissions []string, perm string) bool

func GetAllPermissionCtxIDs ¶

func GetAllPermissionCtxIDs(perms []string) []string

func GetAllPermissionsFromCtx ¶

func GetAllPermissionsFromCtx(ctx context.Context) []string

func GetExplicitPermissionCtxIDs ¶

func GetExplicitPermissionCtxIDs(perms []string, searchPerm string) []string

func GetRequestPermissionsFromCtx ¶

func GetRequestPermissionsFromCtx(ctx context.Context) []string

func HasGlobalExplicitPermission ¶

func HasGlobalExplicitPermission(perms []string, permToCheck string) bool

func HasGlobalPermission ¶

func HasGlobalPermission(perms []string) bool

func NewMockContext ¶

func NewMockContext(instanceID, orgID, userID string) context.Context

func NewMockContextWithPermissions ¶

func NewMockContextWithPermissions(instanceID, orgID, userID string, permissions []string) context.Context

func SetCtxData ¶

func SetCtxData(ctx context.Context, ctxData CtxData) context.Context

func SplitPermission ¶

func SplitPermission(perm string) (string, string)

func WithConsole ¶

func WithConsole(ctx context.Context, projectID, appID string) context.Context

func WithInstance ¶

func WithInstance(ctx context.Context, instance Instance) context.Context

func WithInstanceID ¶

func WithInstanceID(ctx context.Context, id string) context.Context

func WithRequestedDomain ¶

func WithRequestedDomain(ctx context.Context, domain string) context.Context

Types ¶

type Config ¶

type Config struct {
	RolePermissionMappings []RoleMapping
}

type CtxData ¶

type CtxData struct {
	UserID            string
	OrgID             string
	ProjectID         string
	AgentID           string
	PreferredLanguage string
	ResourceOwner     string
}

func GetCtxData ¶

func GetCtxData(ctx context.Context) CtxData

func VerifyTokenAndCreateCtxData ¶

func VerifyTokenAndCreateCtxData(ctx context.Context, token, orgID string, t *TokenVerifier, method string) (_ CtxData, err error)

func (CtxData) IsZero ¶

func (ctxData CtxData) IsZero() bool

type Grant ¶

type Grant struct {
	OrgID string
	Roles []string
}

type Grants ¶

type Grants []*Grant

type Instance ¶

type Instance interface {
	InstanceID() string
	ProjectID() string
	ConsoleClientID() string
	ConsoleApplicationID() string
	RequestedDomain() string
	RequestedHost() string
	DefaultLanguage() language.Tag
	DefaultOrganisationID() string
}

func GetInstance ¶

func GetInstance(ctx context.Context) Instance

type InstanceVerifier ¶

type InstanceVerifier interface {
	InstanceByHost(context.Context, string) (Instance, error)
}

type MemberType ¶

type MemberType int32

const (
	MemberTypeUnspecified MemberType = iota
	MemberTypeOrganisation
	MemberTypeProject
	MemberTypeProjectGrant
	MemberTypeIam
)

type Membership ¶

type Membership struct {
	MemberType  MemberType
	AggregateID string
	//ObjectID differs from aggregate id if object is sub of an aggregate
	ObjectID string

	Roles []string
}

type Memberships ¶

type Memberships []*Membership

type MethodMapping ¶

type MethodMapping map[string]Option

type Option ¶

type Option struct {
	Permission string
	CheckParam string
	Feature    string
}

type RoleMapping ¶

type RoleMapping struct {
	Role        string
	Permissions []string
}

type SystemAPIUser ¶

type SystemAPIUser struct {
	Path    string //if a path is specified, the key will be read from that path
	KeyData []byte //else you can also specify the data directly in the KeyData
}

type TokenVerifier ¶

type TokenVerifier struct {
	// contains filtered or unexported fields
}

func Start ¶

func Start(authZRepo authZRepo, issuer string, keys map[string]*SystemAPIUser) (v *TokenVerifier)

func (*TokenVerifier) CheckAuthMethod ¶

func (v *TokenVerifier) CheckAuthMethod(method string) (Option, bool)

func (*TokenVerifier) ExistsOrg ¶

func (v *TokenVerifier) ExistsOrg(ctx context.Context, orgID string) (err error)

func (*TokenVerifier) ProjectIDAndOriginsByClientID ¶

func (v *TokenVerifier) ProjectIDAndOriginsByClientID(ctx context.Context, clientID string) (_ string, _ []string, err error)

func (*TokenVerifier) RegisterServer ¶

func (v *TokenVerifier) RegisterServer(appName, methodPrefix string, mappings MethodMapping)

func (*TokenVerifier) SearchMyMemberships ¶

func (v *TokenVerifier) SearchMyMemberships(ctx context.Context) (_ []*Membership, err error)

func (*TokenVerifier) VerifyAccessToken ¶

func (v *TokenVerifier) VerifyAccessToken(ctx context.Context, token string, method string) (userID, clientID, agentID, prefLang, resourceOwner string, err error)

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL