4 minutes read. Published: 2021-03-20
When using golang, everyone with access to an exported type can create an instance of it, bypassing the use of a constructor function.
Sometimes though you want to protect you struct data from accidental modifications and keep an always valid internal state.
Or maybe you need to prevent the forging of references (and objects) to follow the object-capability model
Let's see the problem in code
// file db.go
// Having a File struct means already having Read access
type File struct {
Path string
Write bool
Append bool
Delete bool
}
func GetFile(path string, userID int) (*File, error) {
// Check the user permissions...
userCanRead := false
if !userCanRead {
return nil, errors.New("Can't read file")
}
return &File{path, false, true, false}, nil
}
// file main.go
// Using a safe function
file, err := db.GetFile("/etc/passwd", 0)
fmt.Println("1", file, err)
// Unsafely creating the struct, violating the invariants
file := db.File{"/etc/passwd", false, true, false}
fmt.Println(file)
I shouldn't be able to create a struct File manually and neither should I be able to manipulate my permissions.
If a type is unexported, the user of the library can't create it manually The type will be named file
instead of File
// file db.go
// Having a file struct means already having Read access
type file struct {
Path string
Write bool
Append bool
Delete bool
}
func GetFile(path string, userID int) (*file, error) {
// Return private type *file
}
db.file
as argument because it's unexported. I can't even declare a variable of type db.file
, so I can't save it in any data structure.I may create an interface around the file
type
type FileIntf interface {
GetPath()
CanAppend()
CanWrite()
CanDelete()
}
This is not a valid solution though because now I can create a fake type FakeFile
and implement this interface, manipulating my permissions. Also, some functions may only accept the internal file
type, so I may have to convert between the two, checking every time if the conversion was valid.
// file db.go
type FileWrapper struct {
file *file
}
func (fileWrapper FileWrapper) func Get() {
return *fileWrapper.file
}
I can still create a db.FileWrapper
with default values (having the file
field set to nil
). That means using the type is impractical, because every time I use the struct I should check if the internal state was contructed correctly or not.
file := db.FileWrapper{}
// This will fail, because the internal `*file` pointer is nil
fmt.Println(file.Get())
By saving the data inside an anonymous function I can then pass data around safely, without doing any nil
check.
// file db.go
type FileFuncWrap func() file
func (f file) WrapFunc() FileFuncWrap {
return func() {return f}
}
// file main.go
file := db.GetFile("/etc/passwd", 0)
printFile := func(unwrapFile db.FileFuncWrap) {
fmt.Println(unwrapFile())
}
// Look! I can even pass it around!
printFile(file.WrapFunc())
The previous solution probably works ok, but creating many anonymous functions everytime you pass data around may be a bit costly. We saw that functions returning an internal type may be useful... Let's try doing something better.
//file db.go
type FileIdentity interface {
Identity() file
}
// obviously `file` implements the interface
func (f file) Identity() file {
return f
}
The interface returns the internal file
type, so another package can't implement the interface. (That's exactly what I want)
Now we should be able to store a file by saving it as a FileIdentity
//file main.go
file, _ := db.GetFile("/etc/passwd", 0)
arr := []db.FileIdentity{file} // Look how simple it's to store it! Without conversions!
printFile := func(fI db.FileIdentity) {
fmt.Println(fI.Identity())
}
printFile(arr[0]) // YAY!
A type returning himself should be way faster than creating a closure everytime.
You can see and run the last example here
https://www.telerealrd.com/advert/free-fight-tv-vergil-ortiz-vs-maurice-hooker-live-free-stream-full-fight-boxing-free/
https://coloradohorseforum.com/advert/fight-tv-vergil-ortiz-vs-maurice-hooker-live-stream-full-fight-boxing-free/
https://www.telerealrd.com/advert/fight-tv-pablo-cesar-cano-vs-jonathan-navarro-live-stream-full-fight-boxing-free/
https://coloradohorseforum.com/advert/free-tv-pablo-cesar-cano-vs-jonathan-navarro-live-stream-full-fight-boxing-free/
https://www.telerealrd.com/advert/freetv-anabel-ortiz-vs-seniesa-estrada-live-stream-full-fight-boxing-free/
https://coloradohorseforum.com/advert/boxing-tv-anabel-ortiz-vs-seniesa-estrada-live-stream-full-fight-boxing-free/
https://www.telerealrd.com/advert/fight-tv-adam-deines-vs-artur-beterbiev-live-stream-full-fight-boxing-free/
https://coloradohorseforum.com/advert/fight-hd-tv-adam-deines-vs-artur-beterbiev-live-stream-full-fight-boxing-free/
https://www.telerealrd.com/advert/fight-tv-anthony-fowler-vs-jorge-fortea-live-stream-full-fight-boxing-free/
https://coloradohorseforum.com/advert/fight-tv-anthony-fowler-vs-jorge-fortea-live-stream-full-fight-boxing-free/
https://vocus.cc/article/60563682fd89780001d58ad6
https://blog.goo.ne.jp/lifetvs/e/d2ee7e2867f44196e20721042885411a
https://paiza.io/projects/xrK1LZCVwd5hkPSdsNyBKg
https://caribbeanfever.com/photo/albums/jut
https://www.deviantart.com/hjfgfg/journal/What-if-you-could-cut-your-hosting-costs-by-over-5-873822569
While the last solution is "cool", I'm still a bit sad... Other languages like Rust and Java don't have the initial problem at all. The object-capability model seems a great way to improve security of my code, but using it in golang isn't so easy.
- The innovation business is apparently the quickest developing vocation decision in most creating countries.Home your own home.
- Allegations that the United States is spying on its European allies topped the agenda for European U
- Get latest and updated exam material from mockdumps with passing guarantee in first try. We provide 24/7 customer support to our honorable students
- Occupy London protesters who have been camped outside the landmark St. Pauls Cathedral for the past