Categorygithub.com/qor/authauthority
package
0.0.0-20241212055905-7fad07f41e2a
Repository: https://github.com/qor/auth.git
Documentation: pkg.go.dev
Versions
1
Dependencies
8
Dependents
2
Files
153 SLOC

# README

Authority

Authority is an authorization package for Golang.

When building web applications, we usually have requirements like verify current user has access to something or not, Authority could help you by providing HTTP middleware and helper method.

It is based on Roles, means to define an ability, you need to register a role with Roles, refer Roles for how to do that.

Usage

Initialize Authority

Authority could use with Auth to get current user, handle sessions, you could use it, or implement your own AuthInterface

import (
  "github.com/qor/auth"
  "github.com/qor/auth/authority"
  "github.com/qor/roles"
)

func main() {
  Auth := auth.New(&auth.Config{})

  Authority := authority.New(&authority.Config{
    Auth: Auth,
    Role: roles.Global, // default configuration
    AccessDeniedHandler: func(w http.ResponseWriter, req *http.Request) { // redirect to home page by default
      http.Redirect(w, req, "/", http.StatusSeeOther)
    },
  })
}

Defining Abilities

Refer Roles for how to use roles to register roles, here is a sample:

roles.Register("admin", func(req *http.Request, currentUser interface{}) bool {
  return req.RemoteAddr == "127.0.0.1" || (currentUser.(*User) != nil && currentUser.(*User).Role == "admin")
})

You might have some requirements like time based authorization, for example:

  • I get distracted, come back to the site in 2 hours, then no access to my account details page, but still be able to visit shopping cart
  • When place an order, I have to been authorized less than 60 minutes

Authority provides some Rules to make you define them easily, used like:

Authority.Register("access_account_pages", authority.Rule{
  TimeoutSinceLastActive: 2 * time.Hour,
})

Authority.Register("place_an_order", authority.Rule{
  TimeoutSinceLastAuth: time.Hour,
})

Authorization Middleware

func main() {
  mux := http.NewServeMux()

  // Require current user has `access_account_pages` ability to acccess `AccountProfileHandler`
  mux.Handle("/account/profile", Authority.Authorize("access_account_pages")(AccountProfileHandler))

  // Any logged user could acccess `AccountProfileHandler` if no roles specfied
  mux.Handle("/account/profile", Authority.Authorize()(AccountProfileHandler))

  http.ListenAndServe(":9000", mux)
}

func AccountProfileHandler(w http.ResponseWriter, req *http.Request) {
  // ...
}

Authorization Helper Method

func updateCreditCard(w http.ResponseWriter, req *http.Request) {
  if Authority.Allow("place_an_order", req) {
    // do something
  } else {
    // do something
  }
}

# Functions

New initialize Authority.
NewAccessDeniedHandler new access denied handler.

# Variables

AccessDeniedFlashMessage access denied message.
ClaimsContextKey authority claims key.

# Structs

Authority authority struct.
Config authority config.
Rule authority rule's definition.

# Interfaces

AuthInterface auth interface.