luarls

package

v0.2.19 Latest Latest Go to latest Published: Jul 9, 2025 License: Apache-2.0 Imports: 4 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/centralmind/gateway

Links

Open Source Insights

README ¶

title: Lua RLS Plugin

Row-Level Security implementation using Lua scripts.

Type

Interceptor

Description

Allows defining custom row-level security logic using Lua scripts, which are executed for each row in the result set.

Configuration

lua_rls:
  script: |
    function filter_rows(row, context)
      if context.user_role == "admin" then
        return true
      end
      return row.tenant_id == context.tenant_id
    end
  variables:           # Global variables available to Lua script
    max_rows: 1000
    debug: true
  cache_size: 100     # Size of the Lua VM cache

Context Object Properties

The context parameter of the filter_rows function contains the following properties:

Authentication Claims: All JWT claims from the authenticated user are available directly as properties (e.g., context.user_role, context.tenant_id, context.email, etc.).
Request Headers: All HTTP request headers are available as properties (with the same case as they appear in the request).
Custom Variables: Any custom variables defined in the variables configuration section are available as global variables.

Example Context Properties

-- Authentication claims from JWT or OAuth providers
context.user_id       -- User's unique identifier
context.user_role     -- User's role (e.g., "admin", "user")
context.tenant_id     -- Tenant/organization identifier
context.email         -- User's email address
context.groups        -- User's groups or permissions
context.org_id        -- Organization identifier

-- Request headers (same case as in HTTP request)
context.Authorization -- Authorization header
context.X-Tenant-ID   -- Custom tenant header
context.User-Agent    -- User agent header

Documentation ¶

Index ¶

func New(config Config) (plugins.Interceptor, error)
type Config
- func (c Config) Doc() string
- func (c Config) Tag() string
type Plugin
- func (p Plugin) Doc() string
- func (p Plugin) Process(row map[string]any, headers map[string][]string) (processed map[string]any, skipped bool)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func New ¶

func New(config Config) (plugins.Interceptor, error)

Types ¶

type Config ¶

type Config struct {
	// Script is the Lua script content for RLS logic
	Script string `yaml:"script"`

	// ScriptFile is the path to Lua script file (alternative to Script)
	ScriptFile string `yaml:"script_file"`

	// Variables defines global variables available to Lua script
	Variables map[string]interface{} `yaml:"variables"`

	// CacheSize is the size of the Lua VM cache
	CacheSize int `yaml:"cache_size"`
}

Config represents Lua Row-Level Security configuration

func (Config) Doc ¶

func (c Config) Doc() string

func (Config) Tag ¶

func (c Config) Tag() string

type Plugin ¶

type Plugin struct {
	// contains filtered or unexported fields
}

func (Plugin) Doc ¶

func (p Plugin) Doc() string

func (Plugin) Process ¶

func (p Plugin) Process(row map[string]any, headers map[string][]string) (processed map[string]any, skipped bool)

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL