-
Notifications
You must be signed in to change notification settings - Fork 7
/
policy.go
71 lines (55 loc) · 1.74 KB
/
policy.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
package auth
import (
"context"
"github.com/wetware/pkg/api/anchor"
api "github.com/wetware/pkg/api/cluster"
"github.com/wetware/pkg/api/pubsub"
"github.com/wetware/pkg/cap/host"
"go.uber.org/multierr"
)
// AllowAll is a policy that grants unrestricted access to h.
// Callers SHOULD NOT use AllowAll if they can avoid it.
func AllowAll(h api.Host_Server) api.AuthProvider {
return Policy(just{h})
}
// DenyAll is a policy that does not grant access to h. It is
// RECOMMENDED to use DenyAll by default.
func DenyAll(api.Host_Server) api.AuthProvider {
return Policy(nothing{}) // null client
}
// // SharedSecret requires that both parties share knowledge of
// // a secret. Secrets should be produced by a strong CSPRNG.
// // The secret is not transmitted.
// func SharedSecret(h api.Host_Server, secret []byte) capnp.Client {
// return capnp.Client(api.AuthProvider_ServerToClient(server{secret}))
// }
func Policy(s api.AuthProvider_Server) api.AuthProvider {
return api.AuthProvider_ServerToClient(s)
}
// just{h} === Just(h)
type just struct {
api.Host_Server
}
func (j just) Provide(ctx context.Context, call api.AuthProvider_provide) error {
res, err := call.AllocResults()
if err != nil {
return err
}
client := api.Host_ServerToClient(j)
host := host.Host(client)
view, release := host.View(ctx)
defer release()
root, release := host.Root(ctx)
defer release()
router, release := host.PubSub(ctx)
defer release()
return multierr.Combine(
res.SetView(api.View(view.AddRef())),
res.SetRoot(anchor.Anchor(root.AddRef())),
res.SetPubSub(pubsub.Router(router.AddRef())))
}
// nothing{} === Nothing === Maybe(nil)
type nothing struct{}
func (n nothing) Provide(context.Context, api.AuthProvider_provide) error {
return nil
}