Giters

skyrocketOoO / AuthNet

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Authnet

Authnet is a graph based auth service, focus on restricted features mode to provide more performance.

We support the following modes(use --mode flag):

  1. postgres
  2. mongo
  3. redis with api.sbj-who-has-auth(use bidirectional dag)
  4. redis with slow api.sbj-who-has-auth

Comparison

Aspect Tranditional(SQL) Graph
Data Model Relational tables (e.g., users, roles, permissions) Graph nodes and edges (e.g., users, roles, permissions as nodes, relationships as edges)
Query Complexity Joins and complex queries for relational data Traversal queries for graph relationships
Relationship Handling Foreign keys and JOINs Relationships defined by edges in the graph
Scalability May face scalability challenges with complex joins and large datasets Can scale more easily for complex relationships and queries
Control Depends on schema(e.g., RBAC, PBA) Fine grained
Aspect vertex based edge based
Data Model Store both vertex and edge Only store edge
Usage Can store extra information on vertex Only care about auth
Storage V + E E
Aspect Directional Bidirectional
Data Model Directional edge Two graphs to store distinct direction
Usage Hard to execute reverse query(e.g., who has auth to object) Can do reverse query
Storage E 2E

Features

  • Get all edges
  • Create edge
  • Delete edge
  • Delete edges by conditions
  • Batch create or delete operations
  • Get all namespaces
  • Check relation
  • Get shortest path
  • Get all paths
  • Get all object relations
  • Get all subject relations
  • Get tree

Relation

The Relation struct represents a relationship like edge in DAG between objects and subjects. It is defined as follows:

// This means: Subject has a relation on Object
type Relation struct {
    ObjectNamespace  string
    ObjectName       string 
    ObjectRelation         string 
    SubjectNamespace string 
    SubjectName      string 
    SubjectRelation  string 
}

How to use

  1. Run postgres on docker(without docker, see ./docker-compose.yaml to get config)

    docker compose up -d postgres

  2. Run the main server

    go run .

Example

HRBAC

Reserved words

%

Development benchmark

Link

Abbreviation

  • Namespace -> Ns
  • Relation -> Rel
  • Object -> Obj
  • Subject -> Sbj
  • Condition -> Cond
  • Authority -> Auth

Something...

Why only store edges?

Store only edges can reduce the storage space usage, our app only concern about who has access to the other instead of the vertex's infomation. So we can focus on access management to reduce the other requirement

About

License:MIT License

Languages

Language:Go 75.8%Language:JavaScript 22.8%Language:Makefile 1.1%Language:Dockerfile 0.3%