Comments (8)
I guess the last roadblock here is defining which characters are accepted in strings. Since this a grammar for a programming language, not a serialization format, I guess w can accept any printable character, including UTF-8 chars?
from biscuit.
Here's a first draft:
<elements> ::= (<element> | <comment> )*
<element> ::= <sp>? ( <policy> | <check> | <fact> | <rule> ) <sp>? ";" <sp>?
<comment> ::= "//" ([a-z] | [A-Z] ) ([a-z] | [A-Z] | [0-9] | "_" | ":" | " " | "\t" | "(" | ")" | "$" | "[" | "]" )* "\n"
<fact> ::= <name> "(" <sp>? <fact_term> (<sp>? "," <sp>? <fact_term> )* <sp>? ")"
<rule> ::= <predicate> <sp>? "<-" <sp>? <rule_body>
<check> ::= "check" <sp> "if" <sp> <rule_body>
<policy> ::= ("allow" | "deny") <sp> "if" <sp> <rule_body>
<rule_body> ::= <rule_body_element> <sp>? ("," <sp>? <rule_body_element> <sp>?)*
<rule_body_element> ::= <predicate> | <expression>
<predicate> ::= <name> "(" <sp>? <term> (<sp>? "," <sp>? <term> )* <sp>? ")"
<name> ::= ([a-z] | [A-Z] ) ([a-z] | [A-Z] | [0-9] | "_" | ":" )*
<term> ::= <fact_term> | <variable>
<fact_term> ::= <boolean> | <string> | <number> | <bytes> | <date> | <set>
<string> ::= "\"" ([a-z] | [A-Z] | [0-9] | "\\" | "?" | "." | "*" | "_" | " " )* "\""
<number> ::= [0-9]+
<variable> ::= "$" ([a-z] | [A-Z] | [0-9] ) ([a-z] | [A-Z] | [0-9] | "_" )*
<bytes> ::= "hex:" ([a-z] | [0-9] )+
<boolean> ::= "true" | "false"
<date> ::= [0-9]* "-" [0-9] [0-9] "-" [0-9] [0-9] "T" [0-9] [0-9] ":" [0-9] [0-9] ":" [0-9] [0-9] ( "Z" | ( "+" [0-9] [0-9] ":" [0-9] [0-9] ))
<set> ::= "[" <sp>? ( <fact_term> ( <sp>? "," <sp>? <fact_term>)* <sp>? )? "]"
<expression> ::= <expression_element> (<sp>? <operator> <sp>? <expression_element>)*
<expression_element> ::= <expression_unary> | (<expression_term> <expression_method>? )
<expression_unary> ::= "!" <sp>? <expression>
<expression_method> ::= "." <method_name> "(" <sp>? (<term> ( <sp>? "," <sp>? <term>)* )? <sp>? ")"
<method_name> ::= ([a-z] | [A-Z] ) ([a-z] | [A-Z] | [0-9] | "_" )*
<expression_term> ::= <term> | ("(" <sp>? <expression> <sp>? ")")
<operator> ::= "<" | ">" | "<=" | ">=" | "==" | "&&" | "||" | "+" | "-" | "*" | "/"
<sp> ::= (" " | "\t" | "\n")+
It can be tested online with this test code:
right("file1", "read");
check if resource($0), operation("read"), right($0, "read");
right($0, "read") <- resource($0), user_id($1), owner($1, $0);
check if time(2018-12-20T00:00:00+00:00);
allow if true;
deny if false;
check if 1 <= 1;
check if 1 + 2 * 3 - 4 / 2 == 5;
check if "aaabde".matches("a*c?.e");
check if "hello world".starts_with("hello") && "hello world".ends_with("world");
from biscuit.
Looks good! That's an important part.
I have a couple questions:
- unicode letters are not allowed anymore in variables and fact names (compared to the current rust impl). Is that something we want, or a constraint from ebnf?
- would it make sense to authorize
:
in variable names as well?
from biscuit.
I think we can allow unicode letters in variables, except space characters and $.,()[]
. I guess we can authorize :
too
from biscuit.
i think we should have
<block> ::= (<block_element> | <comment> )*
<block_element> ::= <sp>? ( <check> | <fact> | <rule> ) <sp>? ";" <sp>?
<authorizer> ::= (<authorizer_element> | <comment> )*
<authorizer_element> ::= <sp>? ( <policy> | <check> | <fact> | <rule> ) <sp>? ";" <sp>?
as blocks and authorizers don't appear in the same context
from biscuit.
right, that makes sense
from biscuit.
current version is at cbc7aac, I think we'll need to add precisions in the future
from biscuit.
closing this because v2 has shipped
from biscuit.
Related Issues (20)
- DID / DPKI integration HOT 3
- Suggested clarification on "Biscuit is a bearer token" HOT 2
- fix authorizer serialization
- check all / check unless behaviour HOT 3
- Question regarding the language specification about Sets HOT 2
- separate v2 and v3 samples HOT 1
- specify operator precedence
- Date & time manipulation
- indicate clearly that URL safe base64 encoding is preferred HOT 1
- Laziness of boolean operators HOT 3
- Heterogeneous `==` HOT 1
- Dates: TAI64, TAI or UTC? HOT 2
- Purpose of the `Parens` op HOT 2
- `.type()` function
- Add array and map types HOT 1
- Biscuit web key sets HOT 7
- Forgotten symbol in samples.json? HOT 2
- Webauthn signatures
- Allow heterogeneous sets
- `reject if` HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from biscuit.