Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-04-21 13:37:30 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 91
fleet/server/contexts/authz/authz.go
Sharvil Shah 7d4e2e2b4b
Orbit remote management for flags (#7246) 
Co-authored-by: Roberto Dip <dip.jesusr@gmail.com>
2022-09-24 00:30:23 +05:30

80 lines
2.4 KiB
Go
Raw Blame History

// Package authz defines the "authorization context", used to check that a
// request has had an authorization check performed before returning results.
package authz
import (
"context"
"sync"
)
type key int
const authzKey key = 0
// NewContext creates a new context.Context with an AuthorizationContext.
func NewContext(ctx context.Context, authz *AuthorizationContext) context.Context {
return context.WithValue(ctx, authzKey, authz)
}
// FromContext returns a pointer to the AuthorizationContext.
func FromContext(ctx context.Context) (*AuthorizationContext, bool) {
v, ok := ctx.Value(authzKey).(*AuthorizationContext)
return v, ok
}
// AuthenticationMethod identifies the method used to authenticate.
type AuthenticationMethod int
// List of supported authentication methods.
const (
// AuthnUserToken is when authentication is done via a user's API token,
// obtained via user/password login (or fleetctl for API-only users).
// This authentication mode supports granular authorization.
AuthnUserToken AuthenticationMethod = iota
// AuthnHostToken is when authentication is done via the osquery host
// authentication token. This authentication mode does not support granular
// authorization.
AuthnHostToken
// AuthnDeviceToken is when authentication is done via the orbit identifier,
// which only allows limited access to the device's own host information.
// This authentication mode does not support granular authorization.
AuthnDeviceToken
// AuthnOrbitToken is when authentication is done via the orbit host
// authentication token. This authentication mode does not support granular
// authorization.
AuthnOrbitToken
)
// AuthorizationContext contains the context information used for the
// authorization check.
type AuthorizationContext struct {
l sync.Mutex
// checked indicates whether a call was made to check authorization for the request.
checked bool
// store the authentication method, as some methods cannot have granular authorizations.
authnMethod AuthenticationMethod
}
func (a *AuthorizationContext) Checked() bool {
a.l.Lock()
defer a.l.Unlock()
return a.checked
}
func (a *AuthorizationContext) SetChecked() {
a.l.Lock()
defer a.l.Unlock()
a.checked = true
}
func (a *AuthorizationContext) AuthnMethod() AuthenticationMethod {
a.l.Lock()
defer a.l.Unlock()
return a.authnMethod
}
func (a *AuthorizationContext) SetAuthnMethod(method AuthenticationMethod) {
a.l.Lock()
defer a.l.Unlock()
a.authnMethod = method
}
Reference in a new issue View git blame Copy permalink