Module biscuit_auth::macros

source ·
Expand description

Procedural macros to construct Datalog policies Procedural macros to create tokens and authorizers

use biscuit_auth::KeyPair;
use biscuit_auth::macros::{authorizer, biscuit, block};
use std::time::{Duration, SystemTime};

let root = KeyPair::new();

let user_id = "1234";
let biscuit = biscuit!(
  r#"
  // you can directly reference in-scope variables
  user({user_id});
  right({user_id}, "file1", {operation});
  "#,
  // you can also declare bindings manually
  operation = "read",
).build(&root).expect("Failed to create biscuit");

let new_biscuit = biscuit.append(block!(
  r#"
    check if time($time), $time < {expiration};
  "#,
  expiration = SystemTime::now() + Duration::from_secs(86_400),
)).expect("Failed to append block");

new_biscuit.authorize(&authorizer!(
  r#"
     time({now});
     operation({operation});
     resource({resource});

     is_allowed($user_id) <- right($user_id, $resource, $operation),
                             resource($resource),
                             operation($operation);

     allow if is_allowed({user_id});
  "#,
  now = SystemTime::now(),
  operation = "read",
  resource = "file1",
  user_id = "1234",
)).expect("Failed to authorize biscuit");

Macros§

  • authorizer
    Create an Authorizer from a datalog string and optional parameters. The datalog string is parsed at compile time and replaced by manual block building.
  • authorizer_merge
    Merge facts, rules, checks, and policies into an Authorizer from a datalog string and optional parameters. The datalog string is parsed at compile time and replaced by manual block building.
  • biscuit
    Create an BiscuitBuilder from a datalog string and optional parameters. The datalog string is parsed at compile time and replaced by manual block building.
  • biscuit_merge
    Merge facts, rules, and checks into a BiscuitBuilder from a datalog string and optional parameters. The datalog string is parsed at compile time and replaced by manual block building.
  • block
    Create a BlockBuilder from a datalog string and optional parameters. The datalog string is parsed at compile time and replaced by manual block building.
  • block_merge
    Merge facts, rules, and checks into a BlockBuilder from a datalog string and optional parameters. The datalog string is parsed at compile time and replaced by manual block building.
  • check
    Create a Check from a datalog string and optional parameters. The datalog string is parsed at compile time and replaced by manual builder calls.
  • fact
    Create a Fact from a datalog string and optional parameters. The datalog string is parsed at compile time and replaced by manual builder calls.
  • policy
    Create a Policy from a datalog string and optional parameters. The datalog string is parsed at compile time and replaced by manual builder calls.
  • rule
    Create a Rule from a datalog string and optional parameters. The datalog string is parsed at compile time and replaced by manual builder calls.