authorizer builder

biscuit-auth/examples/testcases.rs

@@ -7,7 +7,6 @@ use biscuit::datalog::SymbolTable;
 use biscuit::error;
 use biscuit::format::convert::v2 as convert;
 use biscuit::macros::*;
-use biscuit::Authorizer;
 use biscuit::{builder::*, builder_ext::*, Biscuit};
 use biscuit::{KeyPair, PrivateKey, PublicKey};
 use biscuit_auth::builder;
@@ -344,12 +343,13 @@ fn validate_token_with_limits_and_external_functions(
         revocation_ids.push(hex::encode(&bytes));
     }
 
-    let mut authorizer = Authorizer::new();
-    authorizer.set_extern_funcs(extern_funcs);
-    authorizer.add_code(authorizer_code).unwrap();
-    let authorizer_code = authorizer.dump_code();
+    let builder = AuthorizerBuilder::new()
+        .set_extern_funcs(extern_funcs)
+        .add_code(authorizer_code)
+        .unwrap();
+    let authorizer_code = builder.dump_code();
 
-    match authorizer.add_token(&token) {
+    let mut authorizer = match builder.add_token(&token).build() {
         Ok(v) => v,
         Err(e) => {
             return Validation {
@@ -878,9 +878,9 @@ fn scoped_rules(target: &str, root: &KeyPair, test: bool) -> TestResult {
         )
         .unwrap();
 
-    let mut block3 = BlockBuilder::new();
-
-    block3.add_fact(r#"owner("alice", "file2")"#).unwrap();
+    let block3 = BlockBuilder::new()
+        .add_fact(r#"owner("alice", "file2")"#)
+        .unwrap();
 
     let keypair3 = KeyPair::new_with_rng(Algorithm::Ed25519, &mut rng);
     let biscuit3 = biscuit2.append_with_keypair(&keypair3, block3).unwrap();
@@ -973,14 +973,13 @@ fn expired_token(target: &str, root: &KeyPair, test: bool) -> TestResult {
         .build_with_rng(&root, SymbolTable::default(), &mut rng)
         .unwrap();
 
-    let mut block2 = block!(r#"check if resource("file1");"#);
-
-    // January 1 2019
-    block2.check_expiration_date(
-        UNIX_EPOCH
-            .checked_add(Duration::from_secs(49 * 365 * 24 * 3600))
-            .unwrap(),
-    );
+    let block2 = block!(r#"check if resource("file1");"#)
+        // January 1 2019
+        .check_expiration_date(
+            UNIX_EPOCH
+                .checked_add(Duration::from_secs(49 * 365 * 24 * 3600))
+                .unwrap(),
+        );
 
     let keypair2 = KeyPair::new_with_rng(Algorithm::Ed25519, &mut rng);
     let biscuit2 = biscuit1.append_with_keypair(&keypair2, block2).unwrap();
@@ -1410,10 +1409,8 @@ fn unbound_variables_in_rule(target: &str, root: &KeyPair, test: bool) -> TestRe
         .build_with_rng(&root, SymbolTable::default(), &mut rng)
         .unwrap();
 
-    let mut block2 = BlockBuilder::new();
-
-    // this one does not go through the parser because it checks for unused variables
-    block2
+    let block2 = BlockBuilder::new()
+        // this one does not go through the parser because it checks for unused variables
         .add_rule(rule(
             "operation",
             &[var("unbound"), string("read")],

biscuit-auth/examples/third_party.rs

@@ -1,24 +1,22 @@
 use biscuit_auth::{
-    builder::Algorithm, builder::BlockBuilder, datalog::SymbolTable, Biscuit, KeyPair,
+    builder::{Algorithm, AuthorizerBuilder, BlockBuilder},
+    builder_ext::AuthorizerExt,
+    datalog::SymbolTable,
+    Biscuit, KeyPair,
 };
 use rand::{prelude::StdRng, SeedableRng};
 
 fn main() {
     let mut rng: StdRng = SeedableRng::seed_from_u64(0);
     let root = KeyPair::new_with_rng(Algorithm::Ed25519, &mut rng);
     let external = KeyPair::new_with_rng(Algorithm::Ed25519, &mut rng);
-
-    let mut builder = Biscuit::builder();
-
     let external_pub = hex::encode(external.public().to_bytes());
 
-    builder
+    let biscuit1 = Biscuit::builder()
         .add_check(
             format!("check if external_fact(\"hello\") trusting ed25519/{external_pub}").as_str(),
         )
-        .unwrap();
-
-    let biscuit1 = builder
+        .unwrap()
         .build_with_rng(&root, SymbolTable::default(), &mut rng)
         .unwrap();
 
@@ -27,21 +25,30 @@ fn main() {
     let serialized_req = biscuit1.third_party_request().unwrap().serialize().unwrap();
 
     let req = biscuit_auth::ThirdPartyRequest::deserialize(&serialized_req).unwrap();
-    let mut builder = BlockBuilder::new();
-    builder.add_fact("external_fact(\"hello\")").unwrap();
+    let builder = BlockBuilder::new()
+        .add_fact("external_fact(\"hello\")")
+        .unwrap();
     let res = req.create_block(&external.private(), builder).unwrap();
 
     let biscuit2 = biscuit1.append_third_party(external.public(), res).unwrap();
 
     println!("biscuit2: {}", biscuit2);
 
-    let mut authorizer = biscuit1.authorizer().unwrap();
-    authorizer.allow().unwrap();
+    let mut authorizer = AuthorizerBuilder::new()
+        .add_token(&biscuit1)
+        .add_allow_all()
+        .build()
+        .unwrap();
+
     println!("authorize biscuit1:\n{:?}", authorizer.authorize());
     println!("world:\n{}", authorizer.print_world());
 
-    let mut authorizer = biscuit2.authorizer().unwrap();
-    authorizer.allow().unwrap();
+    let mut authorizer = AuthorizerBuilder::new()
+        .add_token(&biscuit2)
+        .add_allow_all()
+        .build()
+        .unwrap();
+
     println!("authorize biscuit2:\n{:?}", authorizer.authorize());
     println!("world:\n{}", authorizer.print_world());
 }

biscuit-auth/examples/verifying_printer.rs

@@ -1,4 +1,4 @@
-use biscuit_auth::PublicKey;
+use biscuit_auth::{builder::AuthorizerBuilder, builder_ext::AuthorizerExt, PublicKey};
 
 fn main() {
     let mut args = std::env::args();
@@ -25,8 +25,11 @@ fn main() {
     }
     println!("token:\n{}", token);
 
-    let mut authorizer = token.authorizer().unwrap();
-    authorizer.allow().unwrap();
+    let mut authorizer = AuthorizerBuilder::new()
+        .add_token(&token)
+        .add_allow_all()
+        .build()
+        .unwrap();
 
     println!("authorizer result: {:?}", authorizer.authorize());
     println!("authorizer world:\n{}", authorizer.print_world());