aarondb/auth
Types
Rich Hickey 🧙🏾♂️: Identity is who you are. Authority is what you can do. Capability-based security completely decomplects Identity from Authority. This module implements an attenuable token verification layer.
pub type Action {
Read
Write
Admin
}
Constructors
-
Read -
Write -
Admin
pub type Resource {
All
Shard(Int)
Database(String)
}
Constructors
-
All -
Shard(Int) -
Database(String)
pub type Token {
Token(
id: String,
capabilities: List(Capability),
issuer: String,
)
}
Constructors
-
Token(id: String, capabilities: List(Capability), issuer: String)
Values
pub fn authorize(
token: Token,
required: List(Capability),
) -> Result(Nil, String)
Verifies if a given Token satisfies a list of required capabilities. Time Complexity: O(R * P) where R is required caps, P is provided caps. Space Complexity: O(1) auxiliary space.
pub fn decode_token(
payload: String,
) -> Result(Token, json.DecodeError)
Example simple parser from a JSON-like token format. In a real UCAN, you’d verify proper base64 + EdDSA signatures here.