engine

package

v1.0.0 Latest Latest Go to latest Published: Apr 13, 2026 License: MIT Imports: 5 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/52dev/kratos-authz

Links

Open Source Insights

Documentation ¶

Index ¶

Variables
func ContextWithAuthClaims(parent context.Context, claims *AuthClaims) context.Context
func Register(typ Type, f FactoryFunc) error
func Unregister(typ Type) bool
type Action
type Actions
- func MakeActions(actions ...Action) Actions
type AuthClaims
- func AuthClaimsFromContext(ctx context.Context) (*AuthClaims, bool)
type AuthErrorCode
type Authorizer
type Engine
- func NewEngine(ctx context.Context, typ Type, options ...any) (Engine, error)
type FactoryFunc
- func GetFactory(typ Type) (FactoryFunc, bool)
type Pair
- func MakePair(res, act string) Pair
type Pairs
- func MakePairs(pairs ...Pair) Pairs
type PolicyMap
type Project
type Projects
- func MakeProjects(projects ...Project) Projects
type Resource
type Resources
- func MakeResources(resources ...Resource) Resources
type RoleMap
type Subject
type Subjects
- func MakeSubjects(subs ...Subject) Subjects
type Type
- func ListFactories() []Type
type Writer

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	ErrMissingAuthClaims = status.Error(codes.Code(AuthErrorCodeMissingAuthClaims), "context missing authz claims")
	ErrInvalidClaims     = status.Error(codes.Code(AuthErrorCodeInvalidClaims), "invalid claims")
)

Functions ¶

func ContextWithAuthClaims ¶

func ContextWithAuthClaims(parent context.Context, claims *AuthClaims) context.Context

ContextWithAuthClaims injects the provided AuthClaims into the parent context.

func Register ¶

func Register(typ Type, f FactoryFunc) error

Register an authz engine factory function

func Unregister ¶

func Unregister(typ Type) bool

Unregister removes a registered factory by Type. It returns true if a factory was removed. Use with caution in concurrent environments (primarily intended for tests).

Types ¶

type Action ¶

type Action string

type Actions ¶

type Actions []Action

func MakeActions ¶

func MakeActions(actions ...Action) Actions

type AuthClaims ¶

type AuthClaims struct {
	Subjects *[]string
	Pairs    *Pairs
	Projects *[]string

	Subject  *Subject
	Action   *Action
	Resource *Resource
	Project  *Project
}

func AuthClaimsFromContext ¶

func AuthClaimsFromContext(ctx context.Context) (*AuthClaims, bool)

AuthClaimsFromContext extracts the AuthClaims from the provided ctx (if any).

type AuthErrorCode ¶

type AuthErrorCode int32

const (
	AuthErrorCodeMissingAuthClaims AuthErrorCode = 2001
	AuthErrorCodeInvalidClaims     AuthErrorCode = 2002
)

type Authorizer ¶

type Authorizer interface {
	Name() string

	ProjectsAuthorized(ctx context.Context, subjects Subjects, action Action, resource Resource, projects Projects) (Projects, error)

	FilterAuthorizedPairs(ctx context.Context, subjects Subjects, pairs Pairs) (Pairs, error)

	FilterAuthorizedProjects(ctx context.Context, subjects Subjects) (Projects, error)

	IsAuthorized(ctx context.Context, subjects Subject, action Action, resource Resource, project Project) (bool, error)
}

type Engine ¶

type Engine interface {
	Authorizer
	Writer
}

func NewEngine ¶

func NewEngine(ctx context.Context, typ Type, options ...any) (Engine, error)

NewEngine creates a new authz Engine based on the registered FactoryFunc for the given Type.

type FactoryFunc ¶

type FactoryFunc func(ctx context.Context, options ...any) (Engine, error)

func GetFactory ¶

func GetFactory(typ Type) (FactoryFunc, bool)

GetFactory returns a registered FactoryFunc for a given Type and whether it existed. Safe for concurrent use.

type Pair ¶

type Pair struct {
	Resource Resource `json:"resource"`
	Action   Action   `json:"action"`
}

func MakePair ¶

func MakePair(res, act string) Pair

type Pairs ¶

type Pairs []Pair

func MakePairs ¶

func MakePairs(pairs ...Pair) Pairs

type PolicyMap ¶

type PolicyMap map[string]interface{}

type Project ¶

type Project string

type Projects ¶

type Projects []Project

func MakeProjects ¶

func MakeProjects(projects ...Project) Projects

type Resource ¶

type Resource string

type Resources ¶

type Resources []Resource

func MakeResources ¶

func MakeResources(resources ...Resource) Resources

type RoleMap ¶

type RoleMap map[string]interface{}

type Subject ¶

type Subject string

type Subjects ¶

type Subjects []Subject

func MakeSubjects ¶

func MakeSubjects(subs ...Subject) Subjects

type Type ¶

type Type string

const (
	Noop     Type = "noop"
	Casbin   Type = "casbin"
	Opa      Type = "opa"
	Zanzibar Type = "zanzibar"
)

func ListFactories ¶

func ListFactories() []Type

ListFactories returns a slice of currently registered Types.

type Writer ¶

type Writer interface {
	SetPolicies(ctx context.Context, policies PolicyMap, roles RoleMap) error
}

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
noop

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL