biscuit-auth 6.0.0

an authorization token with decentralized verification and offline attenuation
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66

/*
 * Copyright (c) 2019 Geoffroy Couprie <contact@geoffroycouprie.com> and Contributors to the Eclipse Foundation.
 * SPDX-License-Identifier: Apache-2.0
 */
use std::time::Duration;

use biscuit_auth::{
    builder::{Algorithm, AuthorizerBuilder, BlockBuilder},
    builder_ext::AuthorizerExt,
    datalog::{RunLimits, SymbolTable},
    Biscuit, KeyPair,
};
use rand::{prelude::StdRng, SeedableRng};

fn main() {
    let mut rng: StdRng = SeedableRng::seed_from_u64(0);
    let root = KeyPair::new_with_rng(Algorithm::Ed25519, &mut rng);
    let external = KeyPair::new_with_rng(Algorithm::Ed25519, &mut rng);
    let external_pub = hex::encode(external.public().to_bytes());

    let biscuit1 = Biscuit::builder()
        .check(
            format!("check if external_fact(\"hello\") trusting ed25519/{external_pub}").as_str(),
        )
        .unwrap()
        .build_with_rng(&root, SymbolTable::default(), &mut rng)
        .unwrap();

    println!("biscuit1: {}", biscuit1);

    let serialized_req = biscuit1.third_party_request().unwrap().serialize().unwrap();

    let req = biscuit_auth::ThirdPartyRequest::deserialize(&serialized_req).unwrap();
    let builder = BlockBuilder::new()
        .fact("external_fact(\"hello\")")
        .unwrap();
    let res = req.create_block(&external.private(), builder).unwrap();

    let biscuit2 = biscuit1.append_third_party(external.public(), res).unwrap();

    println!("biscuit2: {}", biscuit2);

    let mut authorizer = AuthorizerBuilder::new()
        .allow_all()
        .set_limits(RunLimits {
            max_time: Duration::from_secs(10),
            ..Default::default()
        })
        .build(&biscuit1)
        .unwrap();

    println!("authorize biscuit1:\n{:?}", authorizer.authorize());
    println!("world:\n{}", authorizer.print_world());

    let mut authorizer = AuthorizerBuilder::new()
        .allow_all()
        .set_limits(RunLimits {
            max_time: Duration::from_secs(10),
            ..Default::default()
        })
        .build(&biscuit2)
        .unwrap();

    println!("authorize biscuit2:\n{:?}", authorizer.authorize());
    println!("world:\n{}", authorizer.print_world());
}