github.com/polarismesh/polaris@v1.17.8/common/model/acquire_context.go (about) 1 /** 2 * Tencent is pleased to support the open source community by making Polaris available. 3 * 4 * Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved. 5 * 6 * Licensed under the BSD 3-Clause License (the "License"); 7 * you may not use this file except in compliance with the License. 8 * You may obtain a copy of the License at 9 * 10 * https://opensource.org/licenses/BSD-3-Clause 11 * 12 * Unless required by applicable law or agreed to in writing, software distributed 13 * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 14 * CONDITIONS OF ANY KIND, either express or implied. See the License for the 15 * specific language governing permissions and limitations under the License. 16 */ 17 18 package model 19 20 import ( 21 "context" 22 23 apisecurity "github.com/polarismesh/specification/source/go/api/v1/security" 24 ) 25 26 // AcquireContext 每次鉴权请求上下文信息 27 type AcquireContext struct { 28 // RequestContext 请求上下文 29 requestContext context.Context 30 // Module 来自那个业务层(服务注册与服务治理、配置模块) 31 module BzModule 32 // Method 操作函数 33 method string 34 // Operation 本次操作涉及的动作 35 operation ResourceOperation 36 // Resources 本次 37 accessResources map[apisecurity.ResourceType][]ResourceEntry 38 // Attachment 携带信息,用于操作完权限检查和资源操作的后置处理逻辑,解决信息需要二次查询问题 39 attachment map[string]interface{} 40 // fromClient 是否来自客户端的请求 41 fromClient bool 42 } 43 44 type acquireContextOption func(authCtx *AcquireContext) 45 46 var ( 47 _defaultAuthContextOptions []acquireContextOption = []acquireContextOption{ 48 WithFromConsole(), 49 } 50 ) 51 52 // NewAcquireContext 创建一个请求响应 53 // 54 // @param options 55 // @return *AcquireContext 56 func NewAcquireContext(options ...acquireContextOption) *AcquireContext { 57 authCtx := &AcquireContext{ 58 attachment: make(map[string]interface{}), 59 accessResources: make(map[apisecurity.ResourceType][]ResourceEntry), 60 module: UnknowModule, 61 } 62 63 for index := range _defaultAuthContextOptions { 64 opt := _defaultAuthContextOptions[index] 65 opt(authCtx) 66 } 67 68 for index := range options { 69 opt := options[index] 70 opt(authCtx) 71 } 72 73 return authCtx 74 } 75 76 // WithRequestContext 设置请求上下文 77 // 78 // @param ctx 79 // @return acquireContextOption 80 func WithRequestContext(ctx context.Context) acquireContextOption { 81 return func(authCtx *AcquireContext) { 82 authCtx.requestContext = ctx 83 } 84 } 85 86 // WithModule 设置本次请求的模块 87 // 88 // @param module 89 // @return acquireContextOption 90 func WithModule(module BzModule) acquireContextOption { 91 return func(authCtx *AcquireContext) { 92 authCtx.module = module 93 } 94 } 95 96 // WithMethod 本次操作函数名称 97 func WithMethod(method string) acquireContextOption { 98 return func(authCtx *AcquireContext) { 99 authCtx.method = method 100 } 101 } 102 103 // WithOperation 设置本次的操作类型 104 // 105 // @param operation 106 // @return acquireContextOption 107 func WithOperation(operation ResourceOperation) acquireContextOption { 108 return func(authCtx *AcquireContext) { 109 authCtx.operation = operation 110 } 111 } 112 113 // WithAccessResources 设置本次访问的资源 114 // 115 // @param accessResources 116 // @return acquireContextOption 117 func WithAccessResources(accessResources map[apisecurity.ResourceType][]ResourceEntry) acquireContextOption { 118 return func(authCtx *AcquireContext) { 119 authCtx.accessResources = accessResources 120 } 121 } 122 123 // WithAttachment 设置本次请求的额外携带信息 124 // 125 // @param attachment 126 // @return acquireContextOption 127 func WithAttachment(attachment map[string]interface{}) acquireContextOption { 128 return func(authCtx *AcquireContext) { 129 for k, v := range attachment { 130 authCtx.attachment[k] = v 131 } 132 } 133 } 134 135 // WithFromConsole 设置本次请求来自控制台 136 func WithFromConsole() acquireContextOption { 137 return func(authCtx *AcquireContext) { 138 authCtx.fromClient = false 139 } 140 } 141 142 // WithFromClient 设置本次请求来自客户端 143 func WithFromClient() acquireContextOption { 144 return func(authCtx *AcquireContext) { 145 authCtx.fromClient = true 146 } 147 } 148 149 // GetRequestContext 获取 context.Context 150 // 151 // @receiver authCtx 152 // @return context.Context 153 func (authCtx *AcquireContext) GetRequestContext() context.Context { 154 return authCtx.requestContext 155 } 156 157 // SetRequestContext 重新设置 context.Context 158 // 159 // @receiver authCtx 160 // @param requestContext 161 func (authCtx *AcquireContext) SetRequestContext(requestContext context.Context) { 162 authCtx.requestContext = requestContext 163 } 164 165 // GetModule 获取请求的模块 166 // 167 // @receiver authCtx 168 // @return BzModule 169 func (authCtx *AcquireContext) GetModule() BzModule { 170 return authCtx.module 171 } 172 173 // GetOperation 获取本次操作的类型 174 // 175 // @receiver authCtx 176 // @return ResourceOperation 177 func (authCtx *AcquireContext) GetOperation() ResourceOperation { 178 return authCtx.operation 179 } 180 181 // GetAccessResources 获取本次请求的资源 182 // 183 // @receiver authCtx 184 // @return map 185 func (authCtx *AcquireContext) GetAccessResources() map[apisecurity.ResourceType][]ResourceEntry { 186 return authCtx.accessResources 187 } 188 189 // SetAccessResources 设置本次请求的资源 190 // 191 // @receiver authCtx 192 // @param accessRes 193 func (authCtx *AcquireContext) SetAccessResources(accessRes map[apisecurity.ResourceType][]ResourceEntry) { 194 authCtx.accessResources = accessRes 195 } 196 197 // GetAttachments 获取本次请求的额外携带信息 198 func (authCtx *AcquireContext) GetAttachments() map[string]interface{} { 199 return authCtx.attachment 200 } 201 202 // GetAttachment 按照 key 获取某一个附件信息 203 func (authCtx *AcquireContext) GetAttachment(key string) interface{} { 204 return authCtx.attachment[key] 205 } 206 207 // SetAttachment 设置附件 208 func (authCtx *AcquireContext) SetAttachment(key string, val interface{}) { 209 authCtx.attachment[key] = val 210 } 211 212 // GetMethod 获取本次请求涉及的操作函数 213 func (authCtx *AcquireContext) GetMethod() string { 214 return authCtx.method 215 } 216 217 // SetFromClient 本次请求来自客户端 218 func (authCtx *AcquireContext) SetFromClient() { 219 authCtx.fromClient = true 220 } 221 222 // SetFromConsole 本次请求来自OpenAPI 223 func (authCtx *AcquireContext) SetFromConsole() { 224 authCtx.fromClient = false 225 } 226 227 // IsFromClient 本次请求是否来自客户端 228 func (authCtx *AcquireContext) IsFromClient() bool { 229 return authCtx.fromClient 230 } 231 232 // IsFromConsole 本次请求是否来自OpenAPI 233 func (authCtx *AcquireContext) IsFromConsole() bool { 234 return !authCtx.IsFromClient() 235 } 236 237 // IsAccessResourceEmpty 判断当前待访问的资源,是否为空 238 func (authCtx *AcquireContext) IsAccessResourceEmpty() bool { 239 nsEmpty := len(authCtx.accessResources[apisecurity.ResourceType_Namespaces]) == 0 240 svcEmpty := len(authCtx.accessResources[apisecurity.ResourceType_Services]) == 0 241 cfgEmpty := len(authCtx.accessResources[apisecurity.ResourceType_ConfigGroups]) == 0 242 243 return nsEmpty && svcEmpty && cfgEmpty 244 }