Documentation
¶
Overview ¶
Package warden decides if access requests should be allowed or denied. In a scientific taxonomy, the warden is classified as a Policy Decision Point. THe warden's primary goal is to implement `github.com/ory-am/hydra/firewall.Firewall`. To read up on the warden, go to:
- https://ory-am.gitbooks.io/hydra/content/policy.html
- http://docs.hdyra.apiary.io/#reference/warden:-access-control-for-resource-providers
Contains source files:
- handler.go: A HTTP handler capable of validating access tokens.
- warden_http.go: A Go API using HTTP to validate access tokens.
- warden_local.go: A Go API using storage managers to validate access tokens.
- warden_test.go: Functional tests all of the above.
Index ¶
- Constants
- func TokenFromRequest(r *http.Request) string
- type HTTPWarden
- func (w *HTTPWarden) IsAllowed(ctx context.Context, a *firewall.AccessRequest) error
- func (w *HTTPWarden) SetClient(c *clientcredentials.Config)
- func (w *HTTPWarden) TokenAllowed(ctx context.Context, token string, a *firewall.TokenAccessRequest, ...) (*firewall.Context, error)
- func (w *HTTPWarden) TokenFromRequest(r *http.Request) string
- type LocalWarden
- type WardenHandler
Constants ¶
const ( // TokenAllowedHandlerPath points to the token access request validation endpoint. TokenAllowedHandlerPath = "/warden/token/allowed" // AllowedHandlerPath points to the access request validation endpoint. AllowedHandlerPath = "/warden/allowed" )
Variables ¶
This section is empty.
Functions ¶
func TokenFromRequest ¶
Types ¶
type HTTPWarden ¶
func (*HTTPWarden) IsAllowed ¶
func (w *HTTPWarden) IsAllowed(ctx context.Context, a *firewall.AccessRequest) error
IsAllowed checks if an arbitrary subject is allowed to perform an action on a resource.
The HTTP API is documented at http://docs.hdyra.apiary.io/#reference/warden:-access-control-for-resource-providers/check-if-a-subject-is-allowed-to-do-something
func (*HTTPWarden) SetClient ¶
func (w *HTTPWarden) SetClient(c *clientcredentials.Config)
func (*HTTPWarden) TokenAllowed ¶
func (w *HTTPWarden) TokenAllowed(ctx context.Context, token string, a *firewall.TokenAccessRequest, scopes ...string) (*firewall.Context, error)
TokenAllowed checks if a token is valid and if the token owner is allowed to perform an action on a resource. This endpoint requires a token, a scope, a resource name, an action name and a context.
The HTTP API is documented at http://docs.hdyra.apiary.io/#reference/warden:-access-control-for-resource-providers/check-if-an-access-tokens-subject-is-allowed-to-do-something
func (*HTTPWarden) TokenFromRequest ¶
func (w *HTTPWarden) TokenFromRequest(r *http.Request) string
type LocalWarden ¶
type LocalWarden struct {
Warden ladon.Warden
OAuth2 fosite.OAuth2Provider
Groups group.Manager
AccessTokenLifespan time.Duration
Issuer string
}
func (*LocalWarden) IsAllowed ¶
func (w *LocalWarden) IsAllowed(ctx context.Context, a *firewall.AccessRequest) error
func (*LocalWarden) TokenAllowed ¶
func (w *LocalWarden) TokenAllowed(ctx context.Context, token string, a *firewall.TokenAccessRequest, scopes ...string) (*firewall.Context, error)
func (*LocalWarden) TokenFromRequest ¶
func (w *LocalWarden) TokenFromRequest(r *http.Request) string
type WardenHandler ¶
WardenHandler is capable of handling HTTP request and validating access tokens and access requests.
func NewHandler ¶
func NewHandler(c *config.Config, router *httprouter.Router) *WardenHandler
func (*WardenHandler) Allowed ¶
func (h *WardenHandler) Allowed(w http.ResponseWriter, r *http.Request, _ httprouter.Params)
func (*WardenHandler) SetRoutes ¶
func (h *WardenHandler) SetRoutes(r *httprouter.Router)
func (*WardenHandler) TokenAllowed ¶
func (h *WardenHandler) TokenAllowed(w http.ResponseWriter, r *http.Request, _ httprouter.Params)
Source Files
Directories