Documentation ¶
Index ¶
- Constants
- func FormatPathForDb(path string) string
- func UnderscoreDecode(encoded string) string
- func UnderscoreEncode(decoded string) string
- type Action
- type AuthMapping
- type AuthMappingQuery
- type AuthRequest
- type AuthRequestJSON
- type AuthRequestJSON_Request
- type AuthRequestJSON_User
- type AuthResponse
- type CachedStmts
- type Client
- type ClientFromQuery
- type Constraints
- type ErrorResponse
- type ExpandedPolicy
- type Group
- type GroupFromQuery
- type HTTPError
- type JWTDecoder
- type Log
- type LogCache
- type LogHandler
- func (handler *LogHandler) Debug(format string, a ...interface{})
- func (handler *LogHandler) Error(format string, a ...interface{})
- func (handler *LogHandler) Info(format string, a ...interface{})
- func (handler *LogHandler) Print(format string, a ...interface{})
- func (handler *LogHandler) Warning(format string, a ...interface{})
- type LogLevel
- type Logger
- type Permission
- type PermissionFromQuery
- type Policy
- type PolicyBinding
- type PolicyFromQuery
- type RequestPolicy
- type ResourceFromQuery
- type ResourceIn
- type ResourceOut
- type Role
- type RoleFromQuery
- type Server
- type TokenInfo
- type User
- type UserFromQuery
- type UserPolicyInfoFromQuery
- type UserWithScalars
Constants ¶
const AnonymousGroup = "anonymous"
const LoggedInGroup = "logged-in"
Variables ¶
This section is empty.
Functions ¶
func FormatPathForDb ¶
FormatPathForDb takes a front-end version of a resource path and transforms it to its database version. Inverse of `formatDbPath`.
FormatPathForDb("/a/b/c") == "a.b.c"
func UnderscoreDecode ¶
func UnderscoreEncode ¶
Types ¶
type AuthMapping ¶
type AuthMappingQuery ¶
type AuthRequest ¶
type AuthRequestJSON ¶
type AuthRequestJSON struct { User AuthRequestJSON_User `json:"user"` Request *AuthRequestJSON_Request `json:"request"` Requests []AuthRequestJSON_Request `json:"requests"` }
type AuthRequestJSON_Request ¶
type AuthRequestJSON_Request struct { Resource string `json:"resource"` Action Action `json:"action"` Constraints Constraints `json:"constraints,omitempty"` }
func (*AuthRequestJSON_Request) UnmarshalJSON ¶
func (requestJSON *AuthRequestJSON_Request) UnmarshalJSON(data []byte) error
UnmarshalJSON defines the deserialization from JSON into an AuthRequestJSON struct, which includes validating that required fields are present. (Required fields are anything not in the `optionalFields` variable.)
type AuthRequestJSON_User ¶
type AuthRequestJSON_User struct { Token string `json:"token"` UserId string `json:"user_id"` // The Policies field is optional, and if the request provides a token // this gets filled in using the Token field. // Could use UserId if its provided instead of Token Policies []string `json:"policies,omitempty"` Scopes []string `json:"scope,omitempty"` }
func (*AuthRequestJSON_User) UnmarshalJSON ¶
func (requestJSON *AuthRequestJSON_User) UnmarshalJSON(data []byte) error
type AuthResponse ¶
type AuthResponse struct {
Auth bool `json:"auth"`
}
type CachedStmts ¶
type CachedStmts struct {
// contains filtered or unexported fields
}
func NewCachedStmts ¶
func NewCachedStmts(db *sqlx.DB) *CachedStmts
func (*CachedStmts) Query ¶
func (s *CachedStmts) Query(query string, args ...interface{}) (*sql.Rows, error)
func (*CachedStmts) Select ¶
func (s *CachedStmts) Select(query string, dest interface{}, args ...interface{}) error
type ClientFromQuery ¶
type ClientFromQuery struct { ClientID string `db:"external_client_id"` Policies pq.StringArray `db:"policies"` }
type Constraints ¶
type ErrorResponse ¶
type ErrorResponse struct { HTTPError HTTPError `json:"error"` // contains filtered or unexported fields }
type ExpandedPolicy ¶
type ExpandedPolicy struct { Name string `json:"id"` Description string `json:"description"` ResourcePaths []string `json:"resource_paths"` Roles []Role `json:"roles"` }
expanded policies need their own struct so that unused RoleIDs/Roles fields can be excluded from the JSON response
type Group ¶
type Group struct { Name string `json:"name"` Users []string `json:"users"` Policies []string `json:"policies"` }
func (*Group) UnmarshalJSON ¶
type GroupFromQuery ¶
type GroupFromQuery struct { Name string `db:"name"` Users pq.StringArray `db:"users"` Policies pq.StringArray `db:"policies"` }
type JWTDecoder ¶
type LogHandler ¶
type LogHandler struct {
// contains filtered or unexported fields
}
func (*LogHandler) Debug ¶
func (handler *LogHandler) Debug(format string, a ...interface{})
func (*LogHandler) Error ¶
func (handler *LogHandler) Error(format string, a ...interface{})
func (*LogHandler) Info ¶
func (handler *LogHandler) Info(format string, a ...interface{})
func (*LogHandler) Print ¶
func (handler *LogHandler) Print(format string, a ...interface{})
func (*LogHandler) Warning ¶
func (handler *LogHandler) Warning(format string, a ...interface{})
type Permission ¶
type Permission struct { Name string `json:"id"` Description string `json:"description"` Action Action `json:"action"` Constraints map[string]string `json:"constraints"` }
func (*Permission) UnmarshalJSON ¶
func (permission *Permission) UnmarshalJSON(data []byte) error
type PermissionFromQuery ¶
type Policy ¶
type Policy struct { Name string `json:"id"` Description string `json:"description"` ResourcePaths []string `json:"resource_paths"` RoleIDs []string `json:"role_ids"` }
func (*Policy) UnmarshalJSON ¶
UnmarshalJSON defines the way that a `Policy` gets read when unmarshalling:
json.Unmarshal(bytes, &policy)
We implement this method to add some additional processing and error checking, for example to reject inputs which are missing required fields.
type PolicyBinding ¶
type PolicyFromQuery ¶
type PolicyFromQuery struct { ID int64 `db:"id" json:"-"` Name string `db:"name" json:"id"` Description *string `db:"description" json:"description,omitempty"` ResourcePaths pq.StringArray `db:"resource_paths" json:"resource_paths"` RoleIDs pq.StringArray `db:"role_ids" json:"role_ids"` }
PolicyFromQuery defines the correct fields for loading policies from the database. Use this struct when querying from the `policy` table.
type RequestPolicy ¶
type ResourceFromQuery ¶
type ResourceFromQuery struct { ID int64 `db:"id"` Name string `db:"name"` Tag string `db:"tag"` Description *string `db:"description"` Path string `db:"path"` Subresources pq.StringArray `db:"subresources"` }
ResourceFromQuery is used for reading resources out of the database.
The `description` field uses `*string` to represent nullability.
type ResourceIn ¶
type ResourceIn struct { Name string `json:"name"` Path string `json:"path"` Description *string `json:"description"` Subresources []ResourceIn `json:"subresources"` }
func (*ResourceIn) UnmarshalJSON ¶
func (resource *ResourceIn) UnmarshalJSON(data []byte) error
NOTE: the resource unmarshalling, because the resources can be specified with either the name + endpoint path, or the full path in the JSON input, is not able to validate all cases precisely. The unmarshalling will pass as long as either the name or the path is provided, which may require additional validation where this is called.
type ResourceOut ¶
type Role ¶
type Role struct { Name string `json:"id"` Description string `json:"description"` Permissions []Permission `json:"permissions"` }
func (*Role) UnmarshalJSON ¶
type RoleFromQuery ¶
type RoleFromQuery struct { ID int64 `db:"id"` Name string `db:"name"` Description *string `db:"description"` Permissions pq.StringArray `db:"permissions"` }
The `description` field uses `*string` to represent nullability.
type Server ¶
type Server struct {
// contains filtered or unexported fields
}
func (*Server) WithJWTApp ¶
func (server *Server) WithJWTApp(jwtApp JWTDecoder) *Server
type User ¶
type User struct { Name string `json:"name"` Email string `json:"email,omitempty"` Groups []string `json:"groups"` Policies []PolicyBinding `json:"policies"` }