aarondb/auth

Types

Rich Hickey 🧙🏾‍♂️: Identity is who you are. Authority is what you can do. Capability-based security completely decomplects Identity from Authority. This module implements an attenuable token verification layer.

pub type Action {
  Read
  Write
  Admin
}

Constructors

  • Read
  • Write
  • Admin
pub type Capability {
  Capability(action: Action, resource: Resource)
}

Constructors

pub type Resource {
  All
  Shard(Int)
  Database(String)
}

Constructors

  • All
  • Shard(Int)
  • Database(String)
pub type Token {
  Token(
    id: String,
    capabilities: List(Capability),
    issuer: String,
  )
}

Constructors

  • Token(id: String, capabilities: List(Capability), issuer: String)

Values

pub fn authorize(
  token: Token,
  required: List(Capability),
) -> Result(Nil, String)

Verifies if a given Token satisfies a list of required capabilities. Time Complexity: O(R * P) where R is required caps, P is provided caps. Space Complexity: O(1) auxiliary space.

pub fn decode_token(
  payload: String,
) -> Result(Token, json.DecodeError)

Example simple parser from a JSON-like token format. In a real UCAN, you’d verify proper base64 + EdDSA signatures here.

Search Document