Permission / authorization subsystem. More...
#include "csilk/drivers/perm.h"#include <stdio.h>#include <stdlib.h>#include <string.h>#include "csilk/csilk.h"
Functions | |
| void | csilk_perm_init (void) |
| Initialize the permission subsystem. | |
| int | csilk_perm_register_driver (const char *name, csilk_perm_driver_t *driver) |
| Register a permission driver in the global registry. | |
| csilk_perm_driver_t * | csilk_perm_get_driver (const char *name) |
| Look up a registered permission driver by name. | |
| int | csilk_perm_set_default (const char *name) |
| Set the default permission driver by name. | |
| int | csilk_perm_check (csilk_ctx_t *c, const char *permission, const char *resource) |
| Check a permission against the default driver. | |
| void | csilk_perm_require (csilk_ctx_t *c, const char *permission, const char *resource) |
| Require a permission and abort the request if denied. | |
| void | csilk_perm_auto_middleware (csilk_ctx_t *c) |
| Global middleware that auto-checks route-level permissions. | |
Variables | |
| static csilk_perm_driver_t * | drivers [16] |
| Global driver registry (fixed-size array, max 16). | |
| static int | driver_count = 0 |
| static csilk_perm_driver_t * | default_driver = NULL |
| Currently active default driver for authorization checks. | |
| static int | perm_initialized = 0 |
Detailed Description
Permission / authorization subsystem.
Architecture: Facade over pluggable permission driver backends. A global registry holds up to 16 drivers, with a single default driver selected for authorization checks. The built-in "simple" driver is installed on first call to csilk_perm_init().
The auto middleware (csilk_perm_auto_middleware) is designed to be registered as a global middleware — it reads the route's permission metadata from the request context and invokes the driver's check() function, aborting the request with 403 on failure.
- Copyright
- MIT License
Function Documentation
◆ csilk_perm_auto_middleware()
| void csilk_perm_auto_middleware | ( | csilk_ctx_t * | c | ) |
Global middleware that auto-checks route-level permissions.
Automatic permission-check middleware. Looks up the permission and resource from the route's metadata (registered via csilk_router_add_perm) and checks them. Aborts with 403 if the check fails. Safe to call even if the route has no permission metadata (passes through).
Reads perm_required and perm_resource from the current handler metadata (set via csilk_app_add_route_extended_perm or the *_perm variants). If the route has a permission requirement, enforces it via csilk_perm_require().
- Parameters
-
c The request context.
- Note
- This middleware is designed to be registered with csilk_app_use() or csilk_server_use(). It is a no-op for routes without permission metadata.
◆ csilk_perm_check()
| int csilk_perm_check | ( | csilk_ctx_t * | c, |
| const char * | permission, | ||
| const char * | resource | ||
| ) |
Check a permission against the default driver.
Check the current request against the default permission driver.
Delegates to the default driver's check() callback.
- Parameters
-
c The request context. permission Permission identifier (e.g., "read", "write"). resource Resource pattern (e.g., "users:*").
- Returns
- 0 if allowed, non-zero if denied or no driver is set.
◆ csilk_perm_get_driver()
| csilk_perm_driver_t * csilk_perm_get_driver | ( | const char * | name | ) |
Look up a registered permission driver by name.
Look up a registered driver by name.
Linear search of the driver registry.
- Parameters
-
name Driver name to find (case-sensitive).
- Returns
- Driver pointer, or NULL if not found.
◆ csilk_perm_init()
| void csilk_perm_init | ( | void | ) |
Initialize the permission subsystem.
Initialise the permission subsystem. Safe to call multiple times. Must be called before any driver operations.
Installs the built-in "simple" permission driver on first call. Idempotent via atomic CAS — subsequent calls are no-ops.
- Note
- Must be called before any authorization checks.
◆ csilk_perm_register_driver()
| int csilk_perm_register_driver | ( | const char * | name, |
| csilk_perm_driver_t * | driver | ||
| ) |
Register a permission driver in the global registry.
Register a permission driver implementation.
The first registered driver automatically becomes the default.
- Parameters
-
name Driver name (e.g., "simple", "rbac"). driver Driver vtable with check() callback.
- Returns
- 0 on success, -1 if name is NULL, driver is NULL, or the registry is full.
◆ csilk_perm_require()
| void csilk_perm_require | ( | csilk_ctx_t * | c, |
| const char * | permission, | ||
| const char * | resource | ||
| ) |
Require a permission and abort the request if denied.
Abort the handler chain with 403 Forbidden if the check fails. Convenience wrapper: calls csilk_perm_check and csilk_abort on denial.
Calls csilk_perm_check() and sends a 403 Forbidden JSON response followed by csilk_abort() if the check fails.
- Parameters
-
c The request context. permission Permission to require. resource Resource to check against.
◆ csilk_perm_set_default()
| int csilk_perm_set_default | ( | const char * | name | ) |
Set the default permission driver by name.
Set the default permission driver used by csilk_perm_check.
- Parameters
-
name Driver name (must be already registered).
- Returns
- 0 on success, -1 if the driver is not found.
Variable Documentation
◆ default_driver
|
static |
Currently active default driver for authorization checks.
◆ driver_count
|
static |
◆ drivers
|
static |
Global driver registry (fixed-size array, max 16).
◆ perm_initialized
|
static |
