| .. | ||
| alice.rhai | ||
| bob.rhai | ||
| charlie.rhai | ||
| main.rs | ||
| query.rhai | ||
| README.md | ||
End-to-End Authorization Demo
This example demonstrates an end-to-end scenario involving a custom Rhai engine, rhailib_worker, and rhai_client to showcase how authorization based on CALLER_PUBLIC_KEY can be implemented.
Overview
- Custom Rhai Engine: A Rhai engine is created, and a custom function
check_permission(caller_pk: String)is registered. This function returns different messages based on thecaller_pkprovided. - Rhai Worker (
rhailib_worker): A worker is spawned with this custom engine. The worker is configured with its ownCIRCLE_PUBLIC_KEY(e.g., "auth_worker_circle"). - Rhai Client (
rhai_client): The client is used to submit a script (auth_script.rhai) to the worker. - Authorization Script (
auth_script.rhai): This script calls thecheck_permissionfunction, passing theCALLER_PUBLIC_KEY(which is automatically injected into the script's scope by the worker based on the client's submission). - Demonstration: The
main.rsprogram submits the script twice, using two differentCALLER_PUBLIC_KEYs ("admin_pk" and "user_pk"), and shows that the script produces different results based on the authorization logic incheck_permission.
This example illustrates how the rhailib components can work together to build systems where script execution is controlled and authorized based on the identity of the calling client.
Running the Example
Assuming you have Redis running and accessible at redis://127.0.0.1/:
Run the example from the rhailib root directory:
cargo run --example end_to_end_auth_demo
You should see output indicating the results of the script execution for both the "admin_pk" and "user_pk" callers.