authzed 0.0.1 → 0.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +20 -2
- data/lib/authzed/api/v0/client.rb +61 -0
- data/lib/authzed/api/v1alpha1/client.rb +25 -0
- data/lib/authzed.rb +4 -0
- data/lib/grpcutil/bearer_token.rb +75 -0
- metadata +5 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: e1495a99e8306e5ccba16daa977fa824fced295ee98913e36c73617c18def744
|
4
|
+
data.tar.gz: 74763f19757bce03b40e4362f89c0499f1a55661324701ad387b1a61453d0f96
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 859a8f38ab1ce0cf71c06f827333facf4701520341e2d3fe50a174b7639a9c7843d93f46cfacd623eb086d28f3ec66e9cbf96a3bf977bdb914fb73d136ae4a46
|
7
|
+
data.tar.gz: 7147f721b18f217dcb3dbf00f6d3ba96e87d1f21ccd4c6f5b9880f23c032bc08d89aef319800fd289b74f694872c597eaa1b94b20a547eb4f49aa675ca766016
|
data/README.md
CHANGED
@@ -58,11 +58,29 @@ In order to successfully connect, you will have to provide a [Bearer Token] with
|
|
58
58
|
[Authzed Dashboard]: https://app.authzed.com
|
59
59
|
|
60
60
|
```rb
|
61
|
-
|
61
|
+
require 'authzed'
|
62
|
+
|
63
|
+
|
64
|
+
client = Authzed::Api::V0::Client.new(
|
65
|
+
target: 'grpc.authzed.com:443',
|
66
|
+
interceptors: [Authzed::GrpcUtil::BearerToken.new(token: 't_your_token_here_1234567deadbeef')],
|
67
|
+
)
|
62
68
|
```
|
63
69
|
|
64
70
|
### Performing an API call
|
65
71
|
|
66
72
|
```rb
|
67
|
-
|
73
|
+
require 'authzed'
|
74
|
+
|
75
|
+
emilia = Authzed::Api::V0::User.new(namespace: 'blog/user', object_id: 'emilia')
|
76
|
+
read_first_post = Authzed::Api::V0::ObjectAndRelation.new(
|
77
|
+
namespace: 'blog/post',
|
78
|
+
object_id: '1',
|
79
|
+
relation: 'read'
|
80
|
+
)
|
81
|
+
|
82
|
+
# Is Emilia in the set of users that can read post #1?
|
83
|
+
resp = client.acl_service.check(
|
84
|
+
Authzed::Api::V0::CheckRequest.new(test_userset: read_first_post, user: emilia)
|
85
|
+
)
|
68
86
|
```
|
@@ -0,0 +1,61 @@
|
|
1
|
+
require 'grpc'
|
2
|
+
|
3
|
+
module Authzed
|
4
|
+
module Api
|
5
|
+
module V0
|
6
|
+
class Client
|
7
|
+
attr_reader :acl_service, :developer_service, :namespace_service, :watch_service
|
8
|
+
|
9
|
+
def initialize(target:, credentials: nil, interceptors: [], options: {}, timeout: nil)
|
10
|
+
creds = credentials || GRPC::Core::ChannelCredentials.new
|
11
|
+
|
12
|
+
@acl_service = ACLService::Stub.new(
|
13
|
+
target,
|
14
|
+
creds,
|
15
|
+
timeout: timeout,
|
16
|
+
interceptors: interceptors,
|
17
|
+
channel_args: options,
|
18
|
+
)
|
19
|
+
@developer_service = DeveloperService::Stub.new(
|
20
|
+
target,
|
21
|
+
creds,
|
22
|
+
timeout: timeout,
|
23
|
+
interceptors: interceptors,
|
24
|
+
channel_args: options,
|
25
|
+
)
|
26
|
+
@namespace_service = NamespaceService::Stub.new(
|
27
|
+
target,
|
28
|
+
creds,
|
29
|
+
timeout: timeout,
|
30
|
+
interceptors: interceptors,
|
31
|
+
channel_args: options,
|
32
|
+
)
|
33
|
+
@watch_service = WatchService::Stub.new(
|
34
|
+
target,
|
35
|
+
creds,
|
36
|
+
timeout: timeout,
|
37
|
+
interceptors: interceptors,
|
38
|
+
channel_args: options,
|
39
|
+
)
|
40
|
+
end
|
41
|
+
end
|
42
|
+
|
43
|
+
# Utility method for creating usersets
|
44
|
+
module UserPatch
|
45
|
+
def self.included(base)
|
46
|
+
def base.for(namespace:, object_id:)
|
47
|
+
Authzed::Api::V0::User.new(
|
48
|
+
userset: Authzed::Api::V0::ObjectAndRelation.new(
|
49
|
+
namespace: namespace,
|
50
|
+
object_id: object_id,
|
51
|
+
relation: '...',
|
52
|
+
)
|
53
|
+
)
|
54
|
+
end
|
55
|
+
end
|
56
|
+
end
|
57
|
+
|
58
|
+
User.include(UserPatch)
|
59
|
+
end
|
60
|
+
end
|
61
|
+
end
|
@@ -0,0 +1,25 @@
|
|
1
|
+
require 'grpc'
|
2
|
+
|
3
|
+
module Authzed
|
4
|
+
module Api
|
5
|
+
module V1alpha1
|
6
|
+
class Client
|
7
|
+
|
8
|
+
attr_reader :schema_service
|
9
|
+
|
10
|
+
def initialize(target:, credentials: nil, interceptors: [], options: {}, timeout: nil)
|
11
|
+
creds = credentials || GRPC::Core::ChannelCredentials.new
|
12
|
+
|
13
|
+
@schema_service = Authzed::Api::V1alpha1::SchemaService::Stub.new(
|
14
|
+
target,
|
15
|
+
creds,
|
16
|
+
timeout: timeout,
|
17
|
+
interceptors: interceptors,
|
18
|
+
channel_args: options,
|
19
|
+
)
|
20
|
+
end
|
21
|
+
end
|
22
|
+
end
|
23
|
+
end
|
24
|
+
end
|
25
|
+
|
data/lib/authzed.rb
CHANGED
@@ -8,7 +8,11 @@ require 'authzed/api/v0/namespace_service_pb'
|
|
8
8
|
require 'authzed/api/v0/namespace_service_services_pb'
|
9
9
|
require 'authzed/api/v0/watch_service_pb'
|
10
10
|
require 'authzed/api/v0/watch_service_services_pb'
|
11
|
+
require 'authzed/api/v0/client'
|
11
12
|
require 'authzed/api/v1alpha1/schema_pb'
|
13
|
+
require 'authzed/api/v1alpha1/schema_services_pb'
|
14
|
+
require 'authzed/api/v1alpha1/client'
|
15
|
+
require 'grpcutil/bearer_token'
|
12
16
|
|
13
17
|
module Authzed
|
14
18
|
end
|
@@ -0,0 +1,75 @@
|
|
1
|
+
require 'grpc'
|
2
|
+
|
3
|
+
module Authzed
|
4
|
+
module GrpcUtil
|
5
|
+
class BearerToken < GRPC::ClientInterceptor
|
6
|
+
|
7
|
+
AUTHORIZATION_HEADER = 'authorization'
|
8
|
+
SCHEMA = 'Bearer'
|
9
|
+
|
10
|
+
attr_reader :token
|
11
|
+
|
12
|
+
def initialize(token:)
|
13
|
+
@token = token
|
14
|
+
end
|
15
|
+
|
16
|
+
##
|
17
|
+
# Intercept a unary request response call
|
18
|
+
#
|
19
|
+
# @param [Object] request
|
20
|
+
# @param [GRPC::ActiveCall] call
|
21
|
+
# @param [String] method
|
22
|
+
# @param [Hash] metadata
|
23
|
+
#
|
24
|
+
def request_response(request: nil, call: nil, method: nil, metadata: nil)
|
25
|
+
metadata[AUTHORIZATION_HEADER] = bearer_token_header
|
26
|
+
yield
|
27
|
+
end
|
28
|
+
|
29
|
+
##
|
30
|
+
# Intercept a client streaming call
|
31
|
+
#
|
32
|
+
# @param [Enumerable] requests
|
33
|
+
# @param [GRPC::ActiveCall] call
|
34
|
+
# @param [String] method
|
35
|
+
# @param [Hash] metadata
|
36
|
+
#
|
37
|
+
def client_streamer(requests: nil, call: nil, method: nil, metadata: nil)
|
38
|
+
metadata[AUTHORIZATION_HEADER] = bearer_token_header
|
39
|
+
yield
|
40
|
+
end
|
41
|
+
|
42
|
+
##
|
43
|
+
# Intercept a server streaming call
|
44
|
+
#
|
45
|
+
# @param [Object] request
|
46
|
+
# @param [GRPC::ActiveCall] call
|
47
|
+
# @param [String] method
|
48
|
+
# @param [Hash] metadata
|
49
|
+
#
|
50
|
+
def server_streamer(request: nil, call: nil, method: nil, metadata: nil)
|
51
|
+
metadata[AUTHORIZATION_HEADER] = bearer_token_header
|
52
|
+
yield
|
53
|
+
end
|
54
|
+
|
55
|
+
##
|
56
|
+
# Intercept a BiDi streaming call
|
57
|
+
#
|
58
|
+
# @param [Enumerable] requests
|
59
|
+
# @param [GRPC::ActiveCall] call
|
60
|
+
# @param [String] method
|
61
|
+
# @param [Hash] metadata
|
62
|
+
#
|
63
|
+
def bidi_streamer(requests: nil, call: nil, method: nil, metadata: nil)
|
64
|
+
metadata[AUTHORIZATION_HEADER] = bearer_token_header
|
65
|
+
yield
|
66
|
+
end
|
67
|
+
|
68
|
+
private
|
69
|
+
|
70
|
+
def bearer_token_header
|
71
|
+
"#{SCHEMA} #{token}"
|
72
|
+
end
|
73
|
+
end
|
74
|
+
end
|
75
|
+
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: authzed
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0
|
4
|
+
version: 0.1.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Authzed
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2021-08-
|
11
|
+
date: 2021-08-25 00:00:00.000000000 Z
|
12
12
|
dependencies: []
|
13
13
|
description: Authzed is the best way to build robust and scalable permissions systems.
|
14
14
|
See https://authzed.com for more details.
|
@@ -22,6 +22,7 @@ files:
|
|
22
22
|
- lib/authzed.rb
|
23
23
|
- lib/authzed/api/v0/acl_service_pb.rb
|
24
24
|
- lib/authzed/api/v0/acl_service_services_pb.rb
|
25
|
+
- lib/authzed/api/v0/client.rb
|
25
26
|
- lib/authzed/api/v0/core_pb.rb
|
26
27
|
- lib/authzed/api/v0/developer_pb.rb
|
27
28
|
- lib/authzed/api/v0/developer_services_pb.rb
|
@@ -30,8 +31,10 @@ files:
|
|
30
31
|
- lib/authzed/api/v0/namespace_service_services_pb.rb
|
31
32
|
- lib/authzed/api/v0/watch_service_pb.rb
|
32
33
|
- lib/authzed/api/v0/watch_service_services_pb.rb
|
34
|
+
- lib/authzed/api/v1alpha1/client.rb
|
33
35
|
- lib/authzed/api/v1alpha1/schema_pb.rb
|
34
36
|
- lib/authzed/api/v1alpha1/schema_services_pb.rb
|
37
|
+
- lib/grpcutil/bearer_token.rb
|
35
38
|
homepage: https://authzed.com
|
36
39
|
licenses:
|
37
40
|
- Apache-2.0
|