casbin

package
v1.0.7 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 6, 2021 License: Apache-2.0 Imports: 21 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	// PolicyModel casbin使用的对比模型
	PolicyModel = `` /* 233-byte string literal not displayed */

	// DefaultMatcher casbin使用的对比模型
	DefaultMatcher = `` /* 204-byte string literal not displayed */
)
View Source 
var (
	// CachedExpireAt 缓存定时器刷新时间
	CachedExpireAt = 4 * time.Minute
	// EnforcerCheckAt 引擎检测版本时间
	EnforcerCheckAt = 2 * time.Minute
	// EnforcerExpireAt 引擎标记过期时间
	EnforcerExpireAt = 8 * time.Minute
	// ServiceCodeExpireAt 服务缓存过期时间
	ServiceCodeExpireAt = 2 * time.Minute
	// ServiceTenantExpireAt 租户缓存过期时间
	ServiceTenantExpireAt = 2 * time.Minute
)
View Source 
var (
	// SvcRoleKey 角色配置
	SvcRoleKey = "X-Request-Svc-%s-Role" // "X-Request-Svc-[service name]-Role"
	// SysRoleKey 系统平台角色
	SysRoleKey = "X-Request-Sys-Role"
	// SvcPublic 公共服务
	SvcPublic = "pub-"
	// RolePrefix 角色
	RolePrefix = "r:"
	// UserPrefix 用户
	UserPrefix = "u:"
	// PolicyPrefix 策略
	PolicyPrefix = "p:"
	// ActionPrefix 策略
	ActionPrefix = "a:"
	// SourcePrefix 策略
	SourcePrefix = "s:"
)

Functions

func AudienceMatchFunc 

func AudienceMatchFunc(args ...interface{}) (interface{}, error)

AudienceMatchFunc func

func ConvertMapToArray 

func ConvertMapToArray(data *map[string]map[string][]string) *[][]string

ConvertMapToArray ...

func CustomMatchFunc 

func CustomMatchFunc(args ...interface{}) (interface{}, error)

CustomMatchFunc func

func DomainMatch 

func DomainMatch(key1 string, key2 string) bool

DomainMatch func

func DomainMatchFunc 

func DomainMatchFunc(args ...interface{}) (interface{}, error)

DomainMatchFunc func

func HasPrefixFunc 

func HasPrefixFunc(args ...interface{}) (interface{}, error)

HasPrefixFunc func

func HasSuffixFunc 

func HasSuffixFunc(args ...interface{}) (interface{}, error)

HasSuffixFunc func

func MethodMatchFunc 

func MethodMatchFunc(args ...interface{}) (interface{}, error)

MethodMatchFunc func

Types

type Adapter 

type Adapter struct {
	DB2    *sqlx.DB // database
	Tbl    string   //table name
	Mid    int64    // model id
	Ver    string   // model ver
	Enable bool     // 是否启用适配器
}

Adapter 适配器

func NewCasbinAdapter 

func NewCasbinAdapter(db2 *sqlx.DB, tbl string, mid int64, ver string) *Adapter

NewCasbinAdapter is the constructor for Adapter with existed connection

func (*Adapter) AddPolicies 

func (a *Adapter) AddPolicies(sec string, ptype string, rules [][]string) (err error)

AddPolicies adds policy rules to the storage. This is part of the Auto-Save feature.

func (*Adapter) AddPolicy 

func (a *Adapter) AddPolicy(sec string, ptype string, rule []string) (err error)

AddPolicy adds a policy rule to the storage.

func (*Adapter) LoadPolicy 

func (a *Adapter) LoadPolicy(m model.Model) error

LoadPolicy loads policy from database.

func (*Adapter) RemoveFilteredPolicy 

func (a *Adapter) RemoveFilteredPolicy(sec string, ptype string, fieldIndex int, fieldValues ...string) (err error)

RemoveFilteredPolicy removes policy rules that match the filter from the storage.

func (*Adapter) RemovePolicies 

func (a *Adapter) RemovePolicies(sec string, ptype string, rules [][]string) (err error)

RemovePolicies removes policy rules from the storage. This is part of the Auto-Save feature.

func (*Adapter) RemovePolicy 

func (a *Adapter) RemovePolicy(sec string, ptype string, rule []string) (err error)

RemovePolicy removes a policy rule from the storage.

func (*Adapter) SavePolicy 

func (a *Adapter) SavePolicy(model model.Model) (err error)

SavePolicy saves policy to database.

type Auther 

type Auther struct {
	Implor         Implor
	CachedEnforcer map[string]*Enforcer // 验证器
	CachedExpireAt time.Time            // 刷新时间
	Mutex          sync.RWMutex         // 同步锁
}

Auther 权限管理

func (*Auther) ClearEnforcer 

func (a *Auther) ClearEnforcer(force bool, org string)

ClearEnforcer 清理缓存 缓存全部情况后, 引擎立即完成刷新操作

func (*Auther) GetEnforcer 

func (a *Auther) GetEnforcer(c *gin.Context, user auth.UserInfo, svc, org string) (*casbin.SyncedEnforcer, error)

GetEnforcer 获取验证控制器

func (*Auther) GetEnforcer2 

func (a *Auther) GetEnforcer2(user auth.UserInfo,
	cached *Enforcer, svc, org, key, ver string) (*casbin.SyncedEnforcer, error)

GetEnforcer2 获取验证控制器

func (*Auther) GetUserRole 

func (a *Auther) GetUserRole(c *gin.Context, user auth.UserInfo, svc, org string) (role string, err error)

GetUserRole 获取验证控制器

func (*Auther) IsPassPermission 

func (a *Auther) IsPassPermission(c *gin.Context, user auth.UserInfo, svc, org string) (bool, error)

IsPassPermission 跳过权限判断 确定管理员身份, 这里是否担心管理员身份被篡改?如果签名密钥泄漏, 会发生签名篡改问题, 所以需要保密服务器签名密钥

func (*Auther) UseAuthBasicMiddleware 

func (a *Auther) UseAuthBasicMiddleware(skippers ...middleware.SkipperFunc) gin.HandlerFunc

UseAuthBasicMiddleware 用户授权中间件, 只判定登录权限

func (*Auther) UseAuthCasbinMiddleware 

func (a *Auther) UseAuthCasbinMiddleware(skippers ...middleware.SkipperFunc) gin.HandlerFunc

UseAuthCasbinMiddleware 用户授权中间件

func (*Auther) UseAuthCasbinMiddlewareByOrigin 

func (a *Auther) UseAuthCasbinMiddlewareByOrigin(handle func(*gin.Context, string) (string, error), skippers ...middleware.SkipperFunc) gin.HandlerFunc

UseAuthCasbinMiddlewareByOrigin 用户授权中间件

type Enforcer 

type Enforcer struct {
	Enforcer *casbin.SyncedEnforcer // 验证器
	ExpireAt time.Time              // 过期时间
	CheckAt  time.Time              // 刷新时间
	Version  string                 // 验证版本
	Mutex    sync.RWMutex           // 同步锁
	Check    bool
}

Enforcer 验证器

type Implor 

type Implor interface {
	GetAuther() auth.Auther
	GetStorer() store.Storer
	GetTable() string
	GetSqlx2() *sqlx.DB
	GetSuperUserCode() string
	GetPlatformCode() string
	UpdateModelEnable(mid int64) error
	QueryPolicies(org, ver string) (*Policy, error)
	QueryServiceCode(ctx *gin.Context, user auth.UserInfo, host, path, org string) (string, int64, error)
	CheckTenantService(ctx *gin.Context, user auth.UserInfo, org, svc string, sid int64) (bool, error)
}

Implor 外部需要实现的接口

type Object 

type Object struct {
	Svc    string
	Host   string
	Path   string
	Method string
	Client string
}

Object subject

type Policy 

type Policy struct {
	Mid       int64
	Ver       string
	New       bool                           // 重新构建
	ModelText string                         // 模型声明
	Grouping  map[string]map[string]bool     // 角色声明
	Policies  map[string]map[string][]string // 策略声明
	Version   string                         // 策略版本
}

Policy 策略

func (*Policy) GetGrouping 

func (a *Policy) GetGrouping() *[][]string

GetGrouping ...

func (*Policy) GetPolicies 

func (a *Policy) GetPolicies() *[][]string

GetPolicies ...

type Rule 

type Rule struct {
	Mid   int64          `db:"mid"`
	Ver   string         `db:"ver"`
	PType string         `db:"p_type"`
	V0    sql.NullString `db:"v0"`
	V1    sql.NullString `db:"v1"`
	V2    sql.NullString `db:"v2"`
	V3    sql.NullString `db:"v3"`
	V4    sql.NullString `db:"v4"`
	V5    sql.NullString `db:"v5"`
	V6    sql.NullString `db:"v6"`
	V7    sql.NullString `db:"v7"`
	V8    sql.NullString `db:"v8"`
	V9    sql.NullString `db:"v9"`
	CT    sql.NullTime   `db:"created_at"`
}

Rule ...

type Subject 

type Subject struct {
	//UsrID    int
	//AccID    int
	Role   string
	Acc1   string
	Acc2   string
	Usr    string
	Org    string
	OrgUsr string
	Iss    string
	Aud    string
	Cip    string
	Agent  string
	Scope  string
}

Subject subject

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.