Csilk 0.2.1
A lightweight, high-performance C HTTP web framework
Loading...
Searching...
No Matches
Macros | Functions | Variables
perm_simple.c File Reference

Simple rule-based permission driver for csilk. More...

#include <cJSON.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include "csilk/csilk.h"
#include "csilk/drivers/perm.h"
Include dependency graph for perm_simple.c:

Macros

#define MAX_RULES   128
 Maximum number of rules that can be registered.
 

Functions

static int match_pattern (const char *pattern, const char *value)
 Match a pattern string against a value.
 
static const char * get_role_from_ctx (csilk_ctx_t *c)
 Resolve the current user's role from the request context.
 
static int simple_check (csilk_ctx_t *c, const char *permission, const char *resource)
 Check whether the current request has a given permission on a resource.
 
void csilk_perm_simple_init (void)
 Initialise and register the simple permission driver. Clears any existing rules and makes "simple" available to the permission subsystem.
 
int csilk_perm_simple_allow (const char *role, const char *permission, const char *resource)
 Add an allow rule to the permission table.
 
void csilk_perm_simple_clear (void)
 Remove all permission rules. Resets the table so that all subsequent checks will be denied.
 

Variables

static csilk_perm_rule_t rules [MAX_RULES]
 Global rule table. Populated at startup by csilk_perm_simple_allow().
 
static int rule_count = 0
 Current number of rules loaded.
 
csilk_perm_driver_t csilk_perm_simple_driver
 Driver vtable for the simple rule-based permission backend.
 

Detailed Description

Simple rule-based permission driver for csilk.

Implements the csilk_perm_driver_t vtable using an in-memory rule table. Each rule is a (role, permission, resource) triple. A check succeeds if a rule matches all three fields (wildcards supported).

Key design points:

  • Rules are stored in a fixed-size array (MAX_RULES = 128).
  • Pattern matching supports exact match, global wildcard "*", and prefix wildcard "prefix:*".
  • The role is resolved from the request context (either a "role" key or the "jwt_payload" JSON object's "role" field).
Copyright
MIT License

Macro Definition Documentation

◆ MAX_RULES

#define MAX_RULES   128

Maximum number of rules that can be registered.

Function Documentation

◆ csilk_perm_simple_allow()

int csilk_perm_simple_allow ( const char *  role,
const char *  permission,
const char *  resource 
)

Add an allow rule to the permission table.

Grant a permission on a resource to a role.

Parameters
roleRole identifier (may contain wildcards).
permissionPermission name (may contain wildcards).
resourceResource pattern (may contain wildcards).
Returns
0 on success, -1 if the table is full or parameters are NULL.

◆ csilk_perm_simple_clear()

void csilk_perm_simple_clear ( void  )

Remove all permission rules. Resets the table so that all subsequent checks will be denied.

Remove all rules from the simple driver. After calling this, all checks will deny until new rules are added.

◆ csilk_perm_simple_init()

void csilk_perm_simple_init ( void  )

Initialise and register the simple permission driver. Clears any existing rules and makes "simple" available to the permission subsystem.

Initialise the built-in in-memory RBAC driver. Registers as "simple". Must be called before any simple_* functions.

◆ get_role_from_ctx()

static const char * get_role_from_ctx ( csilk_ctx_t *  c)
static

Resolve the current user's role from the request context.

Checks two sources in order:

  1. The "role" key directly on the context.
  2. The "role" field inside the "jwt_payload" JSON object.
Parameters
cThe current request context.
Returns
A pointer to the role string (borrowed from context), or NULL if no role can be determined.

◆ match_pattern()

static int match_pattern ( const char *  pattern,
const char *  value 
)
static

Match a pattern string against a value.

Supports three matching modes:

  1. Global wildcard: pattern "*" matches anything.
  2. Prefix wildcard: pattern "prefix:*" matches any value starting with "prefix:".
  3. Exact match: otherwise requires strcmp equality.
Parameters
patternPattern string (may include wildcards).
valueConcrete value to test.
Returns
1 if the value matches the pattern, 0 otherwise.

◆ simple_check()

static int simple_check ( csilk_ctx_t *  c,
const char *  permission,
const char *  resource 
)
static

Check whether the current request has a given permission on a resource.

Resolves the role from the context, then linearly scans the rule table. A match requires all three fields (role, permission, resource) to match according to match_pattern() semantics.

Parameters
cRequest context.
permissionThe permission to check (e.g., "read", "write").
resourceThe resource identifier (e.g., "document:42").
Returns
0 if permitted, -1 if denied or role cannot be determined.

Variable Documentation

◆ csilk_perm_simple_driver

csilk_perm_driver_t csilk_perm_simple_driver
Initial value:
= {
.name = "simple",
.check = simple_check,
}
simple_check
static int simple_check(csilk_ctx_t *c, const char *permission, const char *resource)
Check whether the current request has a given permission on a resource.
Definition perm_simple.c:113

Driver vtable for the simple rule-based permission backend.

◆ rule_count

int rule_count = 0
static

Current number of rules loaded.

◆ rules

csilk_perm_rule_t rules[MAX_RULES]
static

Global rule table. Populated at startup by csilk_perm_simple_allow().