Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

authorizer builder #250

Merged
merged 29 commits into from
Nov 29, 2024
Merged

authorizer builder #250

merged 29 commits into from
Nov 29, 2024

Conversation

Geal
Copy link
Contributor

@Geal Geal commented Nov 27, 2024

Fix #194, #193, #192

This adds an AuthorizerBuilder struct that is used to create an Authorizer. All of the mutable behaviour, like adding facts or executing Datalog rules is moved into the builder, while the authorizer is limited to read-only queries (still requiring self mutability to track execution time). The AuthorizerBuilder is compatible with snapshots, to store and reuse checks and policies. It has a build method taking a token as argument, and a build_unauthenticated for authorization without token.

The builder APIs are alo changing. Before, we had the following:

 let mut builder = Biscuit::builder();	
builder.add_fact(r"right("file1", "read")"#)?;
builder.add_fact(r"right("file2", "read")"#)?;
let token = builder.build()?;

Builders are now constructed like this:

let token = Biscuit::builder()
    .fact(r"right("file1", "read")"#)?
    .fact(r"right("file2", "read")"#)?
    .build()?;

@Geal Geal changed the base branch from main to v5 November 27, 2024 10:02
@Geal Geal force-pushed the geal/authorizer-builder branch from ccec5d5 to 2f11d04 Compare November 27, 2024 10:23
Copy link

codspeed-hq bot commented Nov 27, 2024

CodSpeed Performance Report

Merging #250 will degrade performances by 10.44%

Comparing geal/authorizer-builder (aaaa9fd) with v5 (6d55705)

Summary

❌ 1 (👁 1) regressions
✅ 11 untouched benchmarks

Benchmarks breakdown

Benchmark v5 geal/authorizer-builder Change
👁 checks_block_create_verifier2 59.5 µs 66.4 µs -10.44%

@Geal
Copy link
Contributor Author

Geal commented Nov 29, 2024

the performance regression is due to AuthorizerBuilder::build executing Datalog rules before returning the authorizer, while the original benchmark was only testing the creation of an authorizer from a token, so it translates the block but does not execute rules

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant