From 402932602dfb6f70968f7938edf2368581535cc4 Mon Sep 17 00:00:00 2001 From: mstar Date: Fri, 21 Feb 2025 15:52:21 +0100 Subject: [PATCH] WIP New auth management system Wait, what's this? A new commit to Linstrom? And I thought I was done for good with this project now that I've left Fedi. Well, I got bored at work and inspired by a random bit I've seen in Elixir Phoenix's docs. So here is the start of a new subsystem: Authentication Intended to bundle all authentication related checks and updates in one place. Http handlers should not be the ones to perform the logic, too much duplication. Technically, they probably shouldn't even contain any business logic at all, only calling it and transforming it into visible output Also may be considering switching to Vue or at least changing how the ember frontend interacts with the backend --- auth/auth.go | 11 +++++++++++ auth/checks.go | 26 ++++++++++++++++++++++++++ 2 files changed, 37 insertions(+) create mode 100644 auth/auth.go create mode 100644 auth/checks.go diff --git a/auth/auth.go b/auth/auth.go new file mode 100644 index 0000000..1787336 --- /dev/null +++ b/auth/auth.go @@ -0,0 +1,11 @@ +package auth + +import "gorm.io/gorm" + +type Authentication struct { + db *gorm.DB +} + +func NewAuth(db *gorm.DB) *Authentication { + return &Authentication{db} +} diff --git a/auth/checks.go b/auth/checks.go new file mode 100644 index 0000000..9d927a9 --- /dev/null +++ b/auth/checks.go @@ -0,0 +1,26 @@ +package auth + +import "git.mstar.dev/mstar/linstrom/storage" + +// Can actorId access the account with targetId? +func (a *Authentication) CanAccessAccount(actorId *string, targetId string) bool { return true } + +// Can actorId edit the account with targetId? +func (a *Authentication) CanEditAccount(actorId *string, targetIt *string) bool { return true } + +// Can actorId delete the account with targetId? +func (a *Authentication) CanDeleteAccount(actorId *string, targetIt *string) bool { return true } + +// Can actorId create a new post at all? +// Specific restrictions regarding the content are not checked +func (a *Authentication) CanCreatePost(actorId string) bool { return true } + +// Ensures that a given post conforms with all roles attached to the author account. +// Returns the conforming note (or nil of it can't be changed to conform) +// and whether the note was changed +func (a *Authentication) EnsureNoteConformsWithRoles(note *storage.Note) (*storage.Note, bool) { + return note, false +} + +// Does the given note conform with the roles attached to the author account? +func (a *Authentication) DoesNoteConform(note *storage.Note) bool { return true }