authzed 0.0.1 → 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +20 -2
- data/lib/authzed/api/v0/client.rb +61 -0
- data/lib/authzed/api/v1alpha1/client.rb +25 -0
- data/lib/authzed.rb +4 -0
- data/lib/grpcutil/bearer_token.rb +75 -0
- metadata +5 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: e1495a99e8306e5ccba16daa977fa824fced295ee98913e36c73617c18def744
|
|
4
|
+
data.tar.gz: 74763f19757bce03b40e4362f89c0499f1a55661324701ad387b1a61453d0f96
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 859a8f38ab1ce0cf71c06f827333facf4701520341e2d3fe50a174b7639a9c7843d93f46cfacd623eb086d28f3ec66e9cbf96a3bf977bdb914fb73d136ae4a46
|
|
7
|
+
data.tar.gz: 7147f721b18f217dcb3dbf00f6d3ba96e87d1f21ccd4c6f5b9880f23c032bc08d89aef319800fd289b74f694872c597eaa1b94b20a547eb4f49aa675ca766016
|
data/README.md
CHANGED
|
@@ -58,11 +58,29 @@ In order to successfully connect, you will have to provide a [Bearer Token] with
|
|
|
58
58
|
[Authzed Dashboard]: https://app.authzed.com
|
|
59
59
|
|
|
60
60
|
```rb
|
|
61
|
-
|
|
61
|
+
require 'authzed'
|
|
62
|
+
|
|
63
|
+
|
|
64
|
+
client = Authzed::Api::V0::Client.new(
|
|
65
|
+
target: 'grpc.authzed.com:443',
|
|
66
|
+
interceptors: [Authzed::GrpcUtil::BearerToken.new(token: 't_your_token_here_1234567deadbeef')],
|
|
67
|
+
)
|
|
62
68
|
```
|
|
63
69
|
|
|
64
70
|
### Performing an API call
|
|
65
71
|
|
|
66
72
|
```rb
|
|
67
|
-
|
|
73
|
+
require 'authzed'
|
|
74
|
+
|
|
75
|
+
emilia = Authzed::Api::V0::User.new(namespace: 'blog/user', object_id: 'emilia')
|
|
76
|
+
read_first_post = Authzed::Api::V0::ObjectAndRelation.new(
|
|
77
|
+
namespace: 'blog/post',
|
|
78
|
+
object_id: '1',
|
|
79
|
+
relation: 'read'
|
|
80
|
+
)
|
|
81
|
+
|
|
82
|
+
# Is Emilia in the set of users that can read post #1?
|
|
83
|
+
resp = client.acl_service.check(
|
|
84
|
+
Authzed::Api::V0::CheckRequest.new(test_userset: read_first_post, user: emilia)
|
|
85
|
+
)
|
|
68
86
|
```
|
|
@@ -0,0 +1,61 @@
|
|
|
1
|
+
require 'grpc'
|
|
2
|
+
|
|
3
|
+
module Authzed
|
|
4
|
+
module Api
|
|
5
|
+
module V0
|
|
6
|
+
class Client
|
|
7
|
+
attr_reader :acl_service, :developer_service, :namespace_service, :watch_service
|
|
8
|
+
|
|
9
|
+
def initialize(target:, credentials: nil, interceptors: [], options: {}, timeout: nil)
|
|
10
|
+
creds = credentials || GRPC::Core::ChannelCredentials.new
|
|
11
|
+
|
|
12
|
+
@acl_service = ACLService::Stub.new(
|
|
13
|
+
target,
|
|
14
|
+
creds,
|
|
15
|
+
timeout: timeout,
|
|
16
|
+
interceptors: interceptors,
|
|
17
|
+
channel_args: options,
|
|
18
|
+
)
|
|
19
|
+
@developer_service = DeveloperService::Stub.new(
|
|
20
|
+
target,
|
|
21
|
+
creds,
|
|
22
|
+
timeout: timeout,
|
|
23
|
+
interceptors: interceptors,
|
|
24
|
+
channel_args: options,
|
|
25
|
+
)
|
|
26
|
+
@namespace_service = NamespaceService::Stub.new(
|
|
27
|
+
target,
|
|
28
|
+
creds,
|
|
29
|
+
timeout: timeout,
|
|
30
|
+
interceptors: interceptors,
|
|
31
|
+
channel_args: options,
|
|
32
|
+
)
|
|
33
|
+
@watch_service = WatchService::Stub.new(
|
|
34
|
+
target,
|
|
35
|
+
creds,
|
|
36
|
+
timeout: timeout,
|
|
37
|
+
interceptors: interceptors,
|
|
38
|
+
channel_args: options,
|
|
39
|
+
)
|
|
40
|
+
end
|
|
41
|
+
end
|
|
42
|
+
|
|
43
|
+
# Utility method for creating usersets
|
|
44
|
+
module UserPatch
|
|
45
|
+
def self.included(base)
|
|
46
|
+
def base.for(namespace:, object_id:)
|
|
47
|
+
Authzed::Api::V0::User.new(
|
|
48
|
+
userset: Authzed::Api::V0::ObjectAndRelation.new(
|
|
49
|
+
namespace: namespace,
|
|
50
|
+
object_id: object_id,
|
|
51
|
+
relation: '...',
|
|
52
|
+
)
|
|
53
|
+
)
|
|
54
|
+
end
|
|
55
|
+
end
|
|
56
|
+
end
|
|
57
|
+
|
|
58
|
+
User.include(UserPatch)
|
|
59
|
+
end
|
|
60
|
+
end
|
|
61
|
+
end
|
|
@@ -0,0 +1,25 @@
|
|
|
1
|
+
require 'grpc'
|
|
2
|
+
|
|
3
|
+
module Authzed
|
|
4
|
+
module Api
|
|
5
|
+
module V1alpha1
|
|
6
|
+
class Client
|
|
7
|
+
|
|
8
|
+
attr_reader :schema_service
|
|
9
|
+
|
|
10
|
+
def initialize(target:, credentials: nil, interceptors: [], options: {}, timeout: nil)
|
|
11
|
+
creds = credentials || GRPC::Core::ChannelCredentials.new
|
|
12
|
+
|
|
13
|
+
@schema_service = Authzed::Api::V1alpha1::SchemaService::Stub.new(
|
|
14
|
+
target,
|
|
15
|
+
creds,
|
|
16
|
+
timeout: timeout,
|
|
17
|
+
interceptors: interceptors,
|
|
18
|
+
channel_args: options,
|
|
19
|
+
)
|
|
20
|
+
end
|
|
21
|
+
end
|
|
22
|
+
end
|
|
23
|
+
end
|
|
24
|
+
end
|
|
25
|
+
|
data/lib/authzed.rb
CHANGED
|
@@ -8,7 +8,11 @@ require 'authzed/api/v0/namespace_service_pb'
|
|
|
8
8
|
require 'authzed/api/v0/namespace_service_services_pb'
|
|
9
9
|
require 'authzed/api/v0/watch_service_pb'
|
|
10
10
|
require 'authzed/api/v0/watch_service_services_pb'
|
|
11
|
+
require 'authzed/api/v0/client'
|
|
11
12
|
require 'authzed/api/v1alpha1/schema_pb'
|
|
13
|
+
require 'authzed/api/v1alpha1/schema_services_pb'
|
|
14
|
+
require 'authzed/api/v1alpha1/client'
|
|
15
|
+
require 'grpcutil/bearer_token'
|
|
12
16
|
|
|
13
17
|
module Authzed
|
|
14
18
|
end
|
|
@@ -0,0 +1,75 @@
|
|
|
1
|
+
require 'grpc'
|
|
2
|
+
|
|
3
|
+
module Authzed
|
|
4
|
+
module GrpcUtil
|
|
5
|
+
class BearerToken < GRPC::ClientInterceptor
|
|
6
|
+
|
|
7
|
+
AUTHORIZATION_HEADER = 'authorization'
|
|
8
|
+
SCHEMA = 'Bearer'
|
|
9
|
+
|
|
10
|
+
attr_reader :token
|
|
11
|
+
|
|
12
|
+
def initialize(token:)
|
|
13
|
+
@token = token
|
|
14
|
+
end
|
|
15
|
+
|
|
16
|
+
##
|
|
17
|
+
# Intercept a unary request response call
|
|
18
|
+
#
|
|
19
|
+
# @param [Object] request
|
|
20
|
+
# @param [GRPC::ActiveCall] call
|
|
21
|
+
# @param [String] method
|
|
22
|
+
# @param [Hash] metadata
|
|
23
|
+
#
|
|
24
|
+
def request_response(request: nil, call: nil, method: nil, metadata: nil)
|
|
25
|
+
metadata[AUTHORIZATION_HEADER] = bearer_token_header
|
|
26
|
+
yield
|
|
27
|
+
end
|
|
28
|
+
|
|
29
|
+
##
|
|
30
|
+
# Intercept a client streaming call
|
|
31
|
+
#
|
|
32
|
+
# @param [Enumerable] requests
|
|
33
|
+
# @param [GRPC::ActiveCall] call
|
|
34
|
+
# @param [String] method
|
|
35
|
+
# @param [Hash] metadata
|
|
36
|
+
#
|
|
37
|
+
def client_streamer(requests: nil, call: nil, method: nil, metadata: nil)
|
|
38
|
+
metadata[AUTHORIZATION_HEADER] = bearer_token_header
|
|
39
|
+
yield
|
|
40
|
+
end
|
|
41
|
+
|
|
42
|
+
##
|
|
43
|
+
# Intercept a server streaming call
|
|
44
|
+
#
|
|
45
|
+
# @param [Object] request
|
|
46
|
+
# @param [GRPC::ActiveCall] call
|
|
47
|
+
# @param [String] method
|
|
48
|
+
# @param [Hash] metadata
|
|
49
|
+
#
|
|
50
|
+
def server_streamer(request: nil, call: nil, method: nil, metadata: nil)
|
|
51
|
+
metadata[AUTHORIZATION_HEADER] = bearer_token_header
|
|
52
|
+
yield
|
|
53
|
+
end
|
|
54
|
+
|
|
55
|
+
##
|
|
56
|
+
# Intercept a BiDi streaming call
|
|
57
|
+
#
|
|
58
|
+
# @param [Enumerable] requests
|
|
59
|
+
# @param [GRPC::ActiveCall] call
|
|
60
|
+
# @param [String] method
|
|
61
|
+
# @param [Hash] metadata
|
|
62
|
+
#
|
|
63
|
+
def bidi_streamer(requests: nil, call: nil, method: nil, metadata: nil)
|
|
64
|
+
metadata[AUTHORIZATION_HEADER] = bearer_token_header
|
|
65
|
+
yield
|
|
66
|
+
end
|
|
67
|
+
|
|
68
|
+
private
|
|
69
|
+
|
|
70
|
+
def bearer_token_header
|
|
71
|
+
"#{SCHEMA} #{token}"
|
|
72
|
+
end
|
|
73
|
+
end
|
|
74
|
+
end
|
|
75
|
+
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: authzed
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.0
|
|
4
|
+
version: 0.1.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Authzed
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2021-08-
|
|
11
|
+
date: 2021-08-25 00:00:00.000000000 Z
|
|
12
12
|
dependencies: []
|
|
13
13
|
description: Authzed is the best way to build robust and scalable permissions systems.
|
|
14
14
|
See https://authzed.com for more details.
|
|
@@ -22,6 +22,7 @@ files:
|
|
|
22
22
|
- lib/authzed.rb
|
|
23
23
|
- lib/authzed/api/v0/acl_service_pb.rb
|
|
24
24
|
- lib/authzed/api/v0/acl_service_services_pb.rb
|
|
25
|
+
- lib/authzed/api/v0/client.rb
|
|
25
26
|
- lib/authzed/api/v0/core_pb.rb
|
|
26
27
|
- lib/authzed/api/v0/developer_pb.rb
|
|
27
28
|
- lib/authzed/api/v0/developer_services_pb.rb
|
|
@@ -30,8 +31,10 @@ files:
|
|
|
30
31
|
- lib/authzed/api/v0/namespace_service_services_pb.rb
|
|
31
32
|
- lib/authzed/api/v0/watch_service_pb.rb
|
|
32
33
|
- lib/authzed/api/v0/watch_service_services_pb.rb
|
|
34
|
+
- lib/authzed/api/v1alpha1/client.rb
|
|
33
35
|
- lib/authzed/api/v1alpha1/schema_pb.rb
|
|
34
36
|
- lib/authzed/api/v1alpha1/schema_services_pb.rb
|
|
37
|
+
- lib/grpcutil/bearer_token.rb
|
|
35
38
|
homepage: https://authzed.com
|
|
36
39
|
licenses:
|
|
37
40
|
- Apache-2.0
|