Authnet is a graph based auth service, focus on restricted features mode to provide more performance.
We support the following modes(use --mode flag):
- postgres
- mongo
- redis with api.sbj-who-has-auth(use bidirectional dag)
- redis with slow api.sbj-who-has-auth
Aspect | Tranditional(SQL) | Graph |
---|---|---|
Data Model | Relational tables (e.g., users, roles, permissions) | Graph nodes and edges (e.g., users, roles, permissions as nodes, relationships as edges) |
Query Complexity | Joins and complex queries for relational data | Traversal queries for graph relationships |
Relationship Handling | Foreign keys and JOINs | Relationships defined by edges in the graph |
Scalability | May face scalability challenges with complex joins and large datasets | Can scale more easily for complex relationships and queries |
Control | Depends on schema(e.g., RBAC, PBA) | Fine grained |
Aspect | vertex based | edge based |
---|---|---|
Data Model | Store both vertex and edge | Only store edge |
Usage | Can store extra information on vertex | Only care about auth |
Storage | V + E | E |
Aspect | Directional | Bidirectional |
---|---|---|
Data Model | Directional edge | Two graphs to store distinct direction |
Usage | Hard to execute reverse query(e.g., who has auth to object) | Can do reverse query |
Storage | E | 2E |
- Get all edges
- Create edge
- Delete edge
- Delete edges by conditions
- Batch create or delete operations
- Get all namespaces
- Check relation
- Get shortest path
- Get all paths
- Get all object relations
- Get all subject relations
- Get tree
The Relation
struct represents a relationship like edge in DAG between objects and subjects. It is defined as follows:
// This means: Subject has a relation on Object
type Relation struct {
ObjectNamespace string
ObjectName string
ObjectRelation string
SubjectNamespace string
SubjectName string
SubjectRelation string
}
-
Run postgres on docker(without docker, see ./docker-compose.yaml to get config)
docker compose up -d postgres
-
Run the main server
go run .
%
- Namespace -> Ns
- Relation -> Rel
- Object -> Obj
- Subject -> Sbj
- Condition -> Cond
- Authority -> Auth
Store only edges can reduce the storage space usage, our app only concern about who has access to the other instead of the vertex's infomation. So we can focus on access management to reduce the other requirement