Struct biscuit_auth::Biscuit

source · [−]

pub struct Biscuit { /* private fields */ }

Expand description

This structure represents a valid Biscuit token

It contains multiple Block elements, the associated symbol table, and a serialized version of this data

extern crate biscuit_auth as biscuit;

use biscuit::{KeyPair, Biscuit, builder::*};

fn main() {
  let root = KeyPair::new();

  // first we define the authority block for global data,
  // like access rights
  // data from the authority block cannot be created in any other block
  let mut builder = Biscuit::builder(&root);
  builder.add_authority_fact(fact("right", &[string("/a/file1.txt"), s("read")]));

  // facts and rules can also be parsed from a string
  builder.add_authority_fact("right(\"/a/file1.txt\", \"read\")").expect("parse error");

  let token1 = builder.build().unwrap();

  // we can create a new block builder from that token
  let mut builder2 = token1.create_block();
  builder2.check_operation("read");

  let token2 = token1.append(builder2).unwrap();
}

Implementations

impl Biscuit

pub fn builder(root: &KeyPair) -> BiscuitBuilder<'_>

create the first block’s builder

call builder::BiscuitBuilder::build to create the token

pub fn from<T, F>(slice: T, f: F) -> Result<Self, Token> where
F: Fn(Option<u32>) -> PublicKey,
T: AsRef<[u8 ]>,

deserializes a token and validates the signature using the root public key

pub fn from_base64<T, F>(slice: T, f: F) -> Result<Self, Token> where
F: Fn(Option<u32>) -> PublicKey,
T: AsRef<[u8 ]>,

deserializes a token and validates the signature using the root public key

pub fn to_vec(&self) -> Result<Vec<u8>, Token>

serializes the token

pub fn to_base64(&self) -> Result<String, Token>

serializes the token and encode it to a (URL safe) base64 string

pub fn serialized_size(&self) -> Result<usize, Token>

serializes the token

pub fn seal(&self) -> Result<Biscuit, Token>

creates a sealed version of the token

sealed tokens cannot be attenuated

pub fn authorizer(&self) -> Result<Authorizer<'_>, Token>

creates a authorizer from this token

pub fn create_block(&self) -> BlockBuilder

creates a new block builder

pub fn append(&self, block_builder: BlockBuilder) -> Result<Self, Token>

adds a new block to the token

since the public key is integrated into the token, the keypair can be discarded right after calling this function

pub fn context(&self) -> Vec<Option<String>>ⓘNotable traits for Vec<u8, A>`impl<A> Write for Vec<u8, A> where A: Allocator,`

returns the list of context elements of each block

the context is a free form text field in which application specific data can be stored

pub fn revocation_identifiers(&self) -> Vec<Vec<u8>>ⓘNotable traits for Vec<u8, A>`impl<A> Write for Vec<u8, A> where A: Allocator,`

returns a list of revocation identifiers for each block, in order

if a token is generated with the same keys and the same content, those identifiers will stay the same

pub fn print(&self) -> String

pretty printer for this token

pub fn print_block_source(&self, index: usize) -> Option<String>

prints the content of a block as Datalog source code

pub fn container(&self) -> Option<&SerializedBiscuit>

returns the internal representation of the token

pub fn append_with_keypair(
    &self,
    keypair: &KeyPair,
    block_builder: BlockBuilder
) -> Result<Self, Token>

adds a new block to the token, using the provided CSPRNG

since the public key is integrated into the token, the keypair can be discarded right after calling this function

pub fn block_symbols(&self, index: usize) -> Option<Vec<String>>

gets the list of symbols from a block

pub fn block_count(&self) -> usize

returns the number of blocks (at least 1)

Trait Implementations

impl Clone for Biscuit

fn clone(&self) -> Biscuit

Returns a copy of the value. Read more

1.0.0 · source

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more

impl Debug for Biscuit

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more

Auto Trait Implementations

impl RefUnwindSafe for Biscuit

impl Send for Biscuit

impl Sync for Biscuit

impl Unpin for Biscuit

impl UnwindSafe for Biscuit

Blanket Implementations

impl<T> Any for T where
T: 'static + ?Sized,

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more

impl<T> Borrow<T> for T where
T: ?Sized,

const: unstable · source

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more

impl<T> BorrowMut<T> for T where
T: ?Sized,

const: unstable · source

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more

impl<T> From<T> for T

const: unstable · source

fn from(t: T) -> T

Returns the argument unchanged.

impl<T, U> Into<U> for T where
U: From<T>,

const: unstable · source

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

impl<T> Same<T> for T

type Output = T

Should always be Self

impl<T> ToOwned for T where
T: Clone,

type Owned = T

The resulting type after obtaining ownership.

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more

fn clone_into(&self, target: &mut T)

🔬 This is a nightly-only experimental API. (toowned_clone_into)

Uses borrowed data to replace owned data, usually by cloning. Read more

impl<T, U> TryFrom<U> for T where
U: Into<T>,

type Error = Infallible

The type returned in the event of a conversion error.

const: unstable · source

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.

impl<T, U> TryInto<U> for T where
U: TryFrom<T>,

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.

const: unstable · source

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.

impl<V, T> VZip<V> for T where
V: MultiLane<T>,

fn vzip(self) -> V