authelia/internal/configuration/schema/access_control.go
James Elliott 3c1bb3ec19
feat(authorization): domain regex match with named groups (#2789)
This adds an option to match domains by regex including two special named matching groups. User matches the username of the user, and Group matches the groups a user is a member of. These are both case-insensitive and you can see examples in the docs.
2022-04-01 22:38:49 +11:00

58 lines
1.5 KiB
Go

package schema
import (
"regexp"
)
// AccessControlConfiguration represents the configuration related to ACLs.
type AccessControlConfiguration struct {
DefaultPolicy string `koanf:"default_policy"`
Networks []ACLNetwork `koanf:"networks"`
Rules []ACLRule `koanf:"rules"`
}
// ACLNetwork represents one ACL network group entry.
type ACLNetwork struct {
Name string `koanf:"name"`
Networks []string `koanf:"networks"`
}
// ACLRule represents one ACL rule entry.
type ACLRule struct {
Domains []string `koanf:"domain"`
DomainsRegex []regexp.Regexp `koanf:"domain_regex"`
Policy string `koanf:"policy"`
Subjects [][]string `koanf:"subject"`
Networks []string `koanf:"networks"`
Resources []regexp.Regexp `koanf:"resources"`
Methods []string `koanf:"methods"`
}
// DefaultACLNetwork represents the default configuration related to access control network group configuration.
var DefaultACLNetwork = []ACLNetwork{
{
Name: "localhost",
Networks: []string{"127.0.0.1"},
},
{
Name: "internal",
Networks: []string{"10.0.0.0/8"},
},
}
// DefaultACLRule represents the default configuration related to access control rule configuration.
var DefaultACLRule = []ACLRule{
{
Domains: []string{"public.example.com"},
Policy: "bypass",
},
{
Domains: []string{"singlefactor.example.com"},
Policy: "one_factor",
},
{
Domains: []string{"secure.example.com"},
Policy: "two_factor",
},
}