Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
service: remove leaking go-micro references (#1347)
* service/auth: add type aliases * service/broker: add type aliases * service/client: add type aliases * service/config: add type aliases * service/registry: add type aliases * service/runtime: add type aliases * service/store: add type aliases * service: fix naming conflicts * service/store: update interface to use micro options * update micro to use new syntax * Fix merge conflict * service/broker: remove options from public funcs * service/client: remove options from public funcs * service/registry: remove options from public funcs * service/server: remove options from public funcs * service/registry: add alias for node * wip: refactor auth package * internal/auth: fix circular dep * Update CI tests * Tidy go.mod * service/runtime: implement options * Fix tests * tidy go.mod * service/auth: rename AccessToken to AccountToken
- Loading branch information
1 parent
353bf80
commit 2fc8455
Showing
57 changed files
with
1,171 additions
and
418 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,71 @@ | ||
package namespace | ||
|
||
import ( | ||
"context" | ||
"errors" | ||
|
||
"github.com/micro/micro/v3/service/auth" | ||
) | ||
|
||
var ( | ||
// ErrUnauthorized is returned by Authorize when a context without a blank account tries to access | ||
// a restricted namespace | ||
ErrUnauthorized = errors.New("An account is required") | ||
// ErrForbidden is returned by Authorize when a context is trying to access a namespace it doesn't | ||
// have access to | ||
ErrForbidden = errors.New("Access denied to namespace") | ||
) | ||
|
||
const ( | ||
// DefaultNamespace used by the server | ||
DefaultNamespace = "micro" | ||
) | ||
|
||
// Authorize will return an error if the context cannot access the given namespace | ||
func Authorize(ctx context.Context, namespace string, opts ...AuthorizeOption) error { | ||
// parse the options | ||
var options AuthorizeOptions | ||
for _, o := range opts { | ||
o(&options) | ||
} | ||
|
||
// check to see if the namespace was made public | ||
if namespace == options.PublicNamespace { | ||
return nil | ||
} | ||
|
||
// accounts are always required so we can identify the caller. If auth is not configured, the noop | ||
// auth implementation will return a blank account with the default namespace set, allowing the caller | ||
// access to all resources | ||
acc, ok := auth.AccountFromContext(ctx) | ||
if !ok { | ||
return ErrUnauthorized | ||
} | ||
|
||
// the server can access all namespaces | ||
if acc.Issuer == DefaultNamespace { | ||
return nil | ||
} | ||
|
||
// ensure the account is requesing access to it's own namespace | ||
if acc.Issuer != namespace { | ||
return ErrForbidden | ||
} | ||
|
||
return nil | ||
} | ||
|
||
// AuthorizeOptions are used to configure the Authorize method | ||
type AuthorizeOptions struct { | ||
PublicNamespace string | ||
} | ||
|
||
// AuthorizeOption sets an attribute on AuthorizeOptions | ||
type AuthorizeOption func(o *AuthorizeOptions) | ||
|
||
// Public indicates a namespace is public and can be accessed by anyone | ||
func Public(ns string) AuthorizeOption { | ||
return func(o *AuthorizeOptions) { | ||
o.PublicNamespace = ns | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.