54 lines
1.1 KiB
Go
54 lines
1.1 KiB
Go
package policy
|
|
|
|
import (
|
|
"net/http"
|
|
|
|
"git.maze.io/maze/styx/proxy/match"
|
|
)
|
|
|
|
// Policy contains rules that make up the policy.
|
|
//
|
|
// Some policy rules contain nested policies.
|
|
type Policy struct {
|
|
Rules []*rawRule `hcl:"on,block" json:"rules"`
|
|
Permit *bool `hcl:"permit" json:"permit"`
|
|
Matchers match.Matchers `json:"matchers"` // Matchers for the policy
|
|
|
|
}
|
|
|
|
func (p *Policy) Configure(matchers match.Matchers) (err error) {
|
|
for _, r := range p.Rules {
|
|
if err = r.Configure(matchers); err != nil {
|
|
return
|
|
}
|
|
}
|
|
p.Matchers = matchers
|
|
return
|
|
}
|
|
|
|
func (p *Policy) PermitIntercept(r *http.Request) *bool {
|
|
if p != nil {
|
|
for _, rule := range p.Rules {
|
|
if rule, ok := rule.Rule.(InterceptRule); ok {
|
|
if permit := rule.PermitIntercept(r); permit != nil {
|
|
return permit
|
|
}
|
|
}
|
|
}
|
|
}
|
|
return p.Permit
|
|
}
|
|
|
|
func (p *Policy) PermitRequest(r *http.Request) *bool {
|
|
if p != nil {
|
|
for _, rule := range p.Rules {
|
|
if rule, ok := rule.Rule.(RequestRule); ok {
|
|
if permit := rule.PermitRequest(r); permit != nil {
|
|
return permit
|
|
}
|
|
}
|
|
}
|
|
}
|
|
return p.Permit
|
|
}
|