25 lines
1.7 KiB
Markdown
25 lines
1.7 KiB
Markdown
# End-to-End Authorization Demo
|
|
|
|
This example demonstrates an end-to-end scenario involving a custom Rhai engine, `rhailib_worker`, and `rhai_client` to showcase how authorization based on `CALLER_PUBLIC_KEY` can be implemented.
|
|
|
|
## Overview
|
|
|
|
1. **Custom Rhai Engine**: A Rhai engine is created, and a custom function `check_permission(caller_pk: String)` is registered. This function returns different messages based on the `caller_pk` provided.
|
|
2. **Rhai Worker (`rhailib_worker`)**: A worker is spawned with this custom engine. The worker is configured with its own `CIRCLE_PUBLIC_KEY` (e.g., "auth_worker_circle").
|
|
3. **Rhai Client (`rhai_client`)**: The client is used to submit a script (`auth_script.rhai`) to the worker.
|
|
4. **Authorization Script (`auth_script.rhai`)**: This script calls the `check_permission` function, passing the `CALLER_PUBLIC_KEY` (which is automatically injected into the script's scope by the worker based on the client's submission).
|
|
5. **Demonstration**: The `main.rs` program submits the script twice, using two different `CALLER_PUBLIC_KEY`s ("admin_pk" and "user_pk"), and shows that the script produces different results based on the authorization logic in `check_permission`.
|
|
|
|
This example illustrates how the `rhailib` components can work together to build systems where script execution is controlled and authorized based on the identity of the calling client.
|
|
|
|
## Running the Example
|
|
|
|
Assuming you have Redis running and accessible at `redis://127.0.0.1/`:
|
|
|
|
Run the example from the `rhailib` root directory:
|
|
```bash
|
|
cargo run --example end_to_end_auth_demo
|
|
```
|
|
|
|
You should see output indicating the results of the script execution for both the "admin_pk" and "user_pk" callers.
|