Add auth scope constants
This commit is contained in:
parent
fbb91c6cb7
commit
9c072a372c
10
auth/auth.go
10
auth/auth.go
@ -7,8 +7,14 @@ import (
|
||||
"time"
|
||||
)
|
||||
|
||||
// BearerScheme used for Authorization header
|
||||
const BearerScheme = "Bearer "
|
||||
const (
|
||||
// BearerScheme used for Authorization header
|
||||
BearerScheme = "Bearer "
|
||||
// ScopePublic is the scope applied to a rule to allow access to the public
|
||||
ScopePublic = ""
|
||||
// ScopeAccount is the scope applied to a rule to limit to users with any valid account
|
||||
ScopeAccount = "*"
|
||||
)
|
||||
|
||||
var (
|
||||
// ErrInvalidToken is when the token provided is not valid
|
||||
|
@ -51,9 +51,9 @@ func Verify(rules []*auth.Rule, acc *auth.Account, res *auth.Resource) error {
|
||||
// loop through the rules and check for a rule which applies to this account
|
||||
for _, rule := range filteredRules {
|
||||
// a blank scope indicates the rule applies to everyone, even nil accounts
|
||||
if rule.Scope == "" && rule.Access == auth.AccessDenied {
|
||||
if rule.Scope == auth.ScopePublic && rule.Access == auth.AccessDenied {
|
||||
return auth.ErrForbidden
|
||||
} else if rule.Scope == "" && rule.Access == auth.AccessGranted {
|
||||
} else if rule.Scope == auth.ScopePublic && rule.Access == auth.AccessGranted {
|
||||
return nil
|
||||
}
|
||||
|
||||
@ -63,9 +63,9 @@ func Verify(rules []*auth.Rule, acc *auth.Account, res *auth.Resource) error {
|
||||
}
|
||||
|
||||
// this rule applies to any account
|
||||
if rule.Scope == "*" && rule.Access == auth.AccessDenied {
|
||||
if rule.Scope == auth.ScopeAccount && rule.Access == auth.AccessDenied {
|
||||
return auth.ErrForbidden
|
||||
} else if rule.Scope == "*" && rule.Access == auth.AccessGranted {
|
||||
} else if rule.Scope == auth.ScopeAccount && rule.Access == auth.AccessGranted {
|
||||
return nil
|
||||
}
|
||||
|
||||
|
Loading…
x
Reference in New Issue
Block a user