mirror of
https://github.com/datarhei/core.git
synced 2025-10-06 08:27:08 +08:00
109 lines
2.2 KiB
Go
109 lines
2.2 KiB
Go
package iam
|
|
|
|
import (
|
|
"github.com/datarhei/core/v16/io/fs"
|
|
"github.com/datarhei/core/v16/log"
|
|
)
|
|
|
|
type IAM interface {
|
|
Enforce(user, domain, resource, action string) (bool, string)
|
|
IsDomain(domain string) bool
|
|
|
|
AddPolicy(username, domain, resource, actions string) bool
|
|
RemovePolicy(username, domain, resource, actions string) bool
|
|
|
|
Validators() []string
|
|
|
|
GetIdentity(name string) (IdentityVerifier, error)
|
|
GetIdentityByAuth0(name string) (IdentityVerifier, error)
|
|
GetDefaultIdentity() (IdentityVerifier, error)
|
|
|
|
CreateJWT(name string) (string, string, error)
|
|
|
|
Close()
|
|
}
|
|
|
|
type iam struct {
|
|
im IdentityManager
|
|
am AccessManager
|
|
}
|
|
|
|
type Config struct {
|
|
FS fs.Filesystem
|
|
Superuser User
|
|
JWTRealm string
|
|
JWTSecret string
|
|
Logger log.Logger
|
|
}
|
|
|
|
func NewIAM(config Config) (IAM, error) {
|
|
im, err := NewIdentityManager(IdentityConfig{
|
|
FS: config.FS,
|
|
Superuser: config.Superuser,
|
|
JWTRealm: config.JWTRealm,
|
|
JWTSecret: config.JWTSecret,
|
|
Logger: config.Logger,
|
|
})
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
am, err := NewAccessManager(AccessConfig{
|
|
FS: config.FS,
|
|
Logger: config.Logger,
|
|
})
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
return &iam{
|
|
im: im,
|
|
am: am,
|
|
}, nil
|
|
}
|
|
|
|
func (i *iam) Close() {
|
|
i.im.Close()
|
|
i.im = nil
|
|
|
|
i.am = nil
|
|
|
|
return
|
|
}
|
|
|
|
func (i *iam) Enforce(user, domain, resource, action string) (bool, string) {
|
|
return i.am.Enforce(user, domain, resource, action)
|
|
}
|
|
|
|
func (i *iam) GetIdentity(name string) (IdentityVerifier, error) {
|
|
return i.im.GetVerifier(name)
|
|
}
|
|
|
|
func (i *iam) GetIdentityByAuth0(name string) (IdentityVerifier, error) {
|
|
return i.im.GetVerifierByAuth0(name)
|
|
}
|
|
|
|
func (i *iam) GetDefaultIdentity() (IdentityVerifier, error) {
|
|
return i.im.GetDefaultVerifier()
|
|
}
|
|
|
|
func (i *iam) CreateJWT(name string) (string, string, error) {
|
|
return i.im.CreateJWT(name)
|
|
}
|
|
|
|
func (i *iam) IsDomain(domain string) bool {
|
|
return i.am.HasGroup(domain)
|
|
}
|
|
|
|
func (i *iam) Validators() []string {
|
|
return i.im.Validators()
|
|
}
|
|
|
|
func (i *iam) AddPolicy(username, domain, resource, actions string) bool {
|
|
return i.am.AddPolicy(username, domain, resource, actions)
|
|
}
|
|
|
|
func (i *iam) RemovePolicy(username, domain, resource, actions string) bool {
|
|
return i.am.RemovePolicy(username, domain, resource, actions)
|
|
}
|