rbac

package
v0.9.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 22, 2022 License: Apache-2.0 Imports: 9 Imported by: 3

Documentation

Overview

Package rbac extract common functions to help component to implement a auth system

Index

Constants

View Source 
const (
	ErrAccountNotExist       int32 = 400200
	ErrRoleNotExist          int32 = 400201
	ErrAccountHasInvalidRole int32 = 400202
	ErrAccountNoQuota        int32 = 400203
	ErrRoleNoQuota           int32 = 400204
	ErrRoleIsBound           int32 = 400205
	ErrNewPwdBad             int32 = 400206 // when change password

	ErrUnauthorized             int32 = 401201
	ErrUserOrPwdWrong           int32 = 401202
	ErrNoAuthHeader             int32 = 401204
	ErrTokenExpired             int32 = 401205
	ErrTokenOwnedAccountDeleted int32 = 401206
	ErrOldPwdWrong              int32 = 401207 // when change password

	ErrAccountBlocked              int32 = 403201
	ErrForbidOperateBuildInAccount int32 = 403202
	ErrForbidOperateBuildInRole    int32 = 403203
	ErrForbidOperateSelfAccount    int32 = 403204
	ErrNoPermission                int32 = 403205

	ErrAccountConflict int32 = 409200
	ErrRoleConflict    int32 = 409201
)

error code range: ***200 - ***249

View Source 
const (
	ClaimsUser = "account"
	//Deprecated
	ClaimsRole  = "role"
	ClaimsRoles = "roles"

	RoleAdmin     = "admin"
	RoleDeveloper = "developer"
)
View Source 
const (
	DefaultTTL = 1 * time.Hour
)

Variables

View Source 
var (
	ErrInvalidHeader      = errors.New("invalid auth header")
	ErrSameAsName         = errors.New("account name and password MUST NOT be same")
	ErrSameAsReversedName = errors.New("password MUST NOT be the revered account name")
	ErrNoHeader           = errors.New("should provide Authorization header")
	ErrInvalidCtx         = errors.New("invalid context")
	ErrConvert            = errors.New("type convert error")
)
View Source 
var ErrEmptyPerms = errors.New("perms is empty")
View Source 
var ErrInvalidPerms = errors.New("perms is invalid")
View Source 
var PartialMap = map[string]string{}

PartialMap saves api partial matching

Functions

func Add2WhiteAPIList added in v0.2.0 

func Add2WhiteAPIList(path ...string)

func FromContext added in v0.2.0 

func FromContext(ctx context.Context) (map[string]interface{}, error)

FromContext returns the account claims stored in ctx.

func GetResource added in v0.2.0 

func GetResource(apiPattern string) string

GetResource try to find resource by API path, it has preheat mechanism after program start up an API pattern is like /resource/:id/, /resource/{id}/, MUST NOT pass exact resource id to this API like /resource/100, otherwise you are facing massive memory footprint

func GetRolesList added in v0.2.0 

func GetRolesList(m map[string]interface{}) ([]string, error)

func MapResource added in v0.2.0 

func MapResource(api, resource string)

MapResource saves the mapping from api to resource, it must be exactly match

func MustAuth added in v0.2.0 

func MustAuth(pattern string) bool

func MustRegisterErr added in v0.5.0 

func MustRegisterErr(code int32, message string)

func MustRegisterErrs added in v0.5.0 

func MustRegisterErrs(errs map[int32]string)

func NewContext added in v0.2.0 

func NewContext(ctx context.Context, claims map[string]interface{}) context.Context

NewContext returns a new Context that carries value claims. claims include roles and account name

func NewError added in v0.5.0 

func NewError(code int32, detail string) *errsvc.Error

func PartialMapResource added in v0.3.0 

func PartialMapResource(api, resource string)

PartialMapResource saves the mapping from api to resource, it is partial match

func RolesFromContext added in v0.4.0 

func RolesFromContext(ctx context.Context) ([]string, error)

RoleFromContext only return role name

func WritePerms added in v0.4.0 

func WritePerms(r *Role) error

WritePerms save cache

func WriteRoles added in v0.4.0 

func WriteRoles(roles []*Role)

Types

type Account 

type Account struct {
	ID       string `json:"id,omitempty"`
	Name     string `json:"name,omitempty"`
	Password string `json:"password,omitempty"`
	//Deprecated
	Role                string   `json:"role,omitempty"`
	Roles               []string `json:"roles,omitempty"`
	TokenExpirationTime string   `json:"tokenExpirationTime,omitempty" bson:"token_expiration_time"`
	CurrentPassword     string   `json:"currentPassword,omitempty" bson:"current_password"`
	Status              string   `json:"status,omitempty"`
	CreateTime          string   `json:"createTime,omitempty"`
	UpdateTime          string   `json:"updateTime,omitempty"`
}

func AccountFromContext added in v0.2.0 

func AccountFromContext(ctx context.Context) (*Account, error)

func GetAccount added in v0.5.0 

func GetAccount(m map[string]interface{}) (*Account, error)

func (*Account) Check added in v0.5.0 

func (a *Account) Check() error

type AccountResponse 

type AccountResponse struct {
	Total    int64      `json:"total,omitempty"`
	Accounts []*Account `json:"data,omitempty"`
}

type AuthUser 

type AuthUser struct {
	Username string `json:"name,omitempty"`
	Password string `json:"password,omitempty"`
}

type BatchCreateAccountItemResponse added in v0.9.0 

type BatchCreateAccountItemResponse struct {
	Name string `json:"name"`

	*errsvc.Error
}

BatchCreateAccountItemResponse the item result of batch create accounts

type BatchCreateAccountsRequest added in v0.9.0 

type BatchCreateAccountsRequest struct {
	Accounts []*Account `json:"accounts"`
}

BatchCreateAccountsRequest the request definition of batch create accounts

type BatchCreateAccountsResponse added in v0.9.0 

type BatchCreateAccountsResponse struct {
	Accounts []*BatchCreateAccountItemResponse `json:"accounts"`
}

BatchCreateAccountsResponse the response definition of batch create accounts

type FindPerms added in v0.4.0 

type FindPerms func() ([]*Role, error)

type Permission 

type Permission struct {
	Resources []*Resource `json:"resources,omitempty"`
	Verbs     []string    `json:"verbs,omitempty"`
}

func ReadPerms added in v0.4.0 

func ReadPerms(roleName string) ([]*Permission, error)

ReadPerms only return data in cache

type PersistPerms added in v0.4.0 

type PersistPerms func(r *Role) error

type Resource added in v0.4.0 

type Resource struct {
	Type   string            `json:"type,omitempty"`
	Labels map[string]string `json:"labels,omitempty"`
}

func BuildResourceList added in v0.5.0 

func BuildResourceList(resourceType ...string) []*Resource

BuildResourceList join the resource to an array

type Role 

type Role struct {
	ID         string        `json:"id,omitempty"`
	Name       string        `json:"name,omitempty"`
	Perms      []*Permission `json:"perms,omitempty"`
	CreateTime string        `json:"createTime,omitempty"`
	UpdateTime string        `json:"updateTime,omitempty"`
}

type RoleResponse 

type RoleResponse struct {
	Total int64   `json:"total,omitempty"`
	Roles []*Role `json:"data,omitempty"`
}

type SelfPermissionResponse added in v0.6.0 

type SelfPermissionResponse struct {
	Perms []*Permission `json:"perms,omitempty"`
}

type Token 

type Token struct {
	TokenStr string `json:"token,omitempty"`
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.