biscuit_auth

Struct Authorizer

Source 
pub struct Authorizer { /* private fields */ }
Expand description

used to check authorization policies on a token

can be created from AuthorizerBuilder::build, AuthorizerBuilder::build_unauthenticated or Biscuit::authorizer

Implementations§

Source§

impl Authorizer

Source

pub fn from_snapshot(input: AuthorizerSnapshot) -> Result<Self, Token>

Source

pub fn from_raw_snapshot(input: &[u8]) -> Result<Self, Token>

Source

pub fn from_base64_snapshot(input: &str) -> Result<Self, Token>

Source

pub fn snapshot(&self) -> Result<AuthorizerSnapshot, Format>

Source

pub fn to_raw_snapshot(&self) -> Result<Vec<u8>, Format>

Source

pub fn to_base64_snapshot(&self) -> Result<String, Format>

Source§

impl Authorizer

Source

pub fn run(&mut self) -> Result<Duration, Token>

Source

pub fn from(data: &[u8]) -> Result<Self, Token>

creates an Authorizer from a serialized crate::format::schema::AuthorizerPolicies

Source

pub fn save(&self) -> Result<AuthorizerPolicies, Token>

serializes a authorizer’s content

you can use this to save a set of policies and load them quickly before verification. This will not store data obtained or generated from a token.

Source

pub fn limits(&self) -> &AuthorizerLimits

Returns the runtime limits of the authorizer

Those limits cover all the executions under the authorize, query and query_all methods

Source

pub fn external_funcs(&self) -> &HashMap<String, ExternFunc>

Returns the currently registered external functions

Source

pub fn query<R: TryInto<Rule>, T: TryFrom<Fact, Error = E>, E: Into<Token>>( &mut self, rule: R, ) -> Result<Vec<T>, Token>
where Token: From<<R as TryInto<Rule>>::Error>,

run a query over the authorizer’s Datalog engine to gather data

let keypair = KeyPair::new();
let biscuit = Biscuit::builder()
    .fact("user(\"John Doe\", 42)")
    .expect("parse error")
    .build(&keypair)
    .unwrap();

let mut authorizer = biscuit.authorizer().unwrap();
let res: Vec<(String, i64)> = authorizer.query("data($name, $id) <- user($name, $id)").unwrap();
Source

pub fn query_exactly_one<R: TryInto<Rule>, T: TryFrom<Fact, Error = E>, E: Into<Token>>( &mut self, rule: R, ) -> Result<T, Token>
where Token: From<<R as TryInto<Rule>>::Error>,

Run a query over the authorizer’s Datalog engine to gather data. If there is more than one result, this function will throw an error.

let keypair = KeyPair::new();
let builder = Biscuit::builder().fact("user(\"John Doe\", 42)").unwrap();

let biscuit = builder.build(&keypair).unwrap();

let mut authorizer = biscuit.authorizer().unwrap();
let res: (String, i64) = authorizer.query_exactly_one("data($name, $id) <- user($name, $id)").unwrap();
assert_eq!(res.0, "John Doe");
assert_eq!(res.1, 42);
Source

pub fn query_with_limits<R: TryInto<Rule>, T: TryFrom<Fact, Error = E>, E: Into<Token>>( &mut self, rule: R, limits: AuthorizerLimits, ) -> Result<Vec<T>, Token>
where Token: From<<R as TryInto<Rule>>::Error>,

run a query over the authorizer’s Datalog engine to gather data

this only sees facts from the authorizer and the authority block

this method overrides the authorizer’s runtime limits, just for this calls

Source

pub fn query_all<R: TryInto<Rule>, T: TryFrom<Fact, Error = E>, E: Into<Token>>( &mut self, rule: R, ) -> Result<Vec<T>, Token>
where Token: From<<R as TryInto<Rule>>::Error>,

run a query over the authorizer’s Datalog engine to gather data

this has access to the facts generated when evaluating all the blocks

let keypair = KeyPair::new();
let biscuit = Biscuit::builder()
    .fact("user(\"John Doe\", 42)")
    .expect("parse error")
    .build(&keypair)
    .unwrap();

let mut authorizer = biscuit.authorizer().unwrap();
let res: Vec<(String, i64)> = authorizer.query_all("data($name, $id) <- user($name, $id)").unwrap();
Source

pub fn query_all_with_limits<R: TryInto<Rule>, T: TryFrom<Fact, Error = E>, E: Into<Token>>( &mut self, rule: R, limits: AuthorizerLimits, ) -> Result<Vec<T>, Token>
where Token: From<<R as TryInto<Rule>>::Error>,

run a query over the authorizer’s Datalog engine to gather data

this has access to the facts generated when evaluating all the blocks

this method overrides the authorizer’s runtime limits, just for this calls

Source

pub fn execution_time(&self) -> Option<Duration>

returns the elapsed execution time

Source

pub fn iterations(&self) -> u64

returns the number of fact generation iterations

Source

pub fn fact_count(&self) -> usize

returns the number of facts

Source

pub fn authorize(&mut self) -> Result<usize, Token>

verifies the checks and policies

on error, this can return a list of all the failed checks or deny policy on success, it returns the index of the policy that matched

Source

pub fn authorize_with_limits( &mut self, limits: AuthorizerLimits, ) -> Result<usize, Token>

verifies the checks and policies

on error, this can return a list of all the failed checks or deny policy

this method overrides the authorizer’s runtime limits, just for this calls

Source

pub fn print_world(&self) -> String

prints the content of the authorizer

Source

pub fn dump(&self) -> (Vec<Fact>, Vec<Rule>, Vec<Check>, Vec<Policy>)

returns all of the data loaded in the authorizer

Source

pub fn dump_code(&self) -> String

Trait Implementations§

Source§

impl Clone for Authorizer

Source§

fn clone(&self) -> Authorizer

Returns a duplicate of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Debug for Authorizer

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl Display for Authorizer

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T> ToString for T
where T: Display + ?Sized,

Source§

fn to_string(&self) -> String

Converts the given value to a String. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

Source§

fn vzip(self) -> V