Documentation ¶
Index ¶
- Constants
- Variables
- func AddPermissionsContext(ctx context.Context, perms map[string]struct{}) context.Context
- func AddRolesContext(ctx context.Context, rb RoleBindings) context.Context
- func AddTargetIDContext(ctx context.Context, id string) context.Context
- func AddUserIDContext(ctx context.Context, id string) context.Context
- func GetPermissionsContext(ctx context.Context) (perms map[string]struct{})
- func GetTargetID(ctx context.Context) string
- func GetTargetIDContext(ctx context.Context) string
- func GetToken(ctx context.Context) string
- func GetUserIDContext(ctx context.Context) string
- func IsAuthorized(ctx context.Context, required ...*permissions.Permission) error
- func OverwritePerfomerContext(ctx context.Context, userID, targetID string, systemRole *roles.SystemRole) context.Context
- func PerformerOverwritingStreamClientInterceptor(userID string, systemRole *roles.SystemRole) grpc.StreamClientInterceptor
- func PerformerOverwritingUnaryClientInterceptor(userID string, systemRole *roles.SystemRole) grpc.UnaryClientInterceptor
- func StreamClientInterceptor(token string) grpc.StreamClientInterceptor
- func StreamServerInterceptor(tokens []string) grpc.StreamServerInterceptor
- func UnaryClientInterceptor(token string) grpc.UnaryClientInterceptor
- func UnaryServerInterceptor(tokens []string) grpc.UnaryServerInterceptor
- type AuthenticatedMetadata
- type AuthorizerInterceptor
- type ClientInterceptor
- type GatewayAuthorizer
- type IsPrivateService
- type RoleBindings
Constants ¶
View Source
const ( UserIDContext contextKey = "user-id-context" TargetIDContext contextKey = "target-id-context" RolesContext contextKey = "roles-context" PermissionsContext contextKey = "role-context" UserIDHeader = "X-Modoki-Executor-User-ID" TargetIDHeader = "X-Modoki-Target-ID" RolesHeader = "X-Modoki-Roles" )
Variables ¶
View Source
var ( // ErrUnauthenticated returns an error when authentication failed ErrUnauthenticated = xerrors.Errorf("unauthenticated") )
Functions ¶
func AddPermissionsContext ¶
func AddRolesContext ¶
func AddRolesContext(ctx context.Context, rb RoleBindings) context.Context
func GetPermissionsContext ¶
func GetTargetID ¶
GetTargetID returns the target to exec API for
func GetTargetIDContext ¶
func GetUserIDContext ¶
func IsAuthorized ¶
func IsAuthorized(ctx context.Context, required ...*permissions.Permission) error
func OverwritePerfomerContext ¶
func OverwritePerfomerContext(ctx context.Context, userID, targetID string, systemRole *roles.SystemRole) context.Context
OverwritePerfomerContext overwrites context to call API
func PerformerOverwritingStreamClientInterceptor ¶
func PerformerOverwritingStreamClientInterceptor(userID string, systemRole *roles.SystemRole) grpc.StreamClientInterceptor
PerformerOverwritingStreamClientInterceptor calls other service explicitly as the specified user with system role
func PerformerOverwritingUnaryClientInterceptor ¶
func PerformerOverwritingUnaryClientInterceptor(userID string, systemRole *roles.SystemRole) grpc.UnaryClientInterceptor
PerformerOverwritingUnaryClientInterceptor calls other service explicitly as the specified user with system role
func StreamClientInterceptor ¶
func StreamClientInterceptor(token string) grpc.StreamClientInterceptor
func StreamServerInterceptor ¶
func StreamServerInterceptor(tokens []string) grpc.StreamServerInterceptor
StreamServerInterceptor handles authentication for each call
func UnaryClientInterceptor ¶
func UnaryClientInterceptor(token string) grpc.UnaryClientInterceptor
func UnaryServerInterceptor ¶
func UnaryServerInterceptor(tokens []string) grpc.UnaryServerInterceptor
UnaryServerInterceptor handles authentication for each call
Types ¶
type AuthenticatedMetadata ¶
type AuthenticatedMetadata struct { UserID string Roles RoleBindings TargetID string PermissionsForTarget map[string]struct{} }
AuthenticatedMetadata represents data retrieved from the access token
type AuthorizerInterceptor ¶
type AuthorizerInterceptor struct {
// contains filtered or unexported fields
}
type ClientInterceptor ¶
type ClientInterceptor struct {
// contains filtered or unexported fields
}
type GatewayAuthorizer ¶
type GatewayAuthorizer struct {
// contains filtered or unexported fields
}
func NewGatewayAuthorizer ¶
func NewGatewayAuthorizer(tokenClient api.TokenClient, userOrgClient api.UserOrgClient) *GatewayAuthorizer
func (*GatewayAuthorizer) GetAuthenticatedMetadata ¶
func (ai *GatewayAuthorizer) GetAuthenticatedMetadata(ctx context.Context, tk, targetID string) (*AuthenticatedMetadata, error)
GetAuthenticatedMetadata returns all metadata to authorize users
type IsPrivateService ¶
type IsPrivateService interface { // IsPrivate should return true for public services IsPrivate(method string) bool }
IsPrivateService should be implemented for public services(default: private)
type RoleBindings ¶
func GetRolesContext ¶
func GetRolesContext(ctx context.Context) RoleBindings
func (*RoleBindings) Marshal ¶
func (r *RoleBindings) Marshal() string
Click to show internal directories.
Click to hide internal directories.