← Back to index

tac.core.security v1.0.1

Handles tag matching, access control logic, and hierarchical permissions. Provides utilities for generating random tokens, parsing tags, and checking access permissions with support for hierarchical and wildcard tags.

Author: Twijn • License: MIT
View on GitHub →

Examples

-- In your extension:
function MyExtension.init(tac)
    local Security = require("tac.core.security")
    
    -- Check if a card has access to a door
    local hasAccess, reason = Security.checkAccess(
        {"tenant.1", "vip"},  -- Card tags
        {"tenant.1"}           -- Required tags
    )
    
    -- Parse tag strings
    local tags = Security.parseTags("tenant.1, vip, admin.*")
    -- Returns: {"tenant.1", "vip", "admin.*"}
    
    -- Check wildcard tags
    if Security.tagMatch("admin.view", {"admin.*"}) then
        print("Has admin access")
    end
end

Functions

MyExtension.init()

View source

In your extension:

SecurityCore.randomString(length)

View source

Generate a random string of given length Creates a cryptographically random string using alphanumeric characters. Useful for generating unique card IDs, tokens, or session identifiers.

Parameters:
Returns: string Random alphanumeric string

SecurityCore.truncateCardId(cardId)

View source

Truncate card ID for display Shortens a card ID to first 9 characters followed by "..." for readable logging.

Parameters:
Returns: string Truncated card ID (e.g., "abc123def...")

SecurityCore.parseTags(str)

View source

Parse tags from string Converts a comma or space-separated string of tags into an array. Useful for parsing user input from forms or configuration files.

Parameters:
Returns: table Array of individual tag strings

SecurityCore.expandTagHierarchy(tag)

View source

Expand a tag into its hierarchy Splits a hierarchical tag into all its parent levels. For example, "tenant.1.a" expands to {"tenant", "tenant.1", "tenant.1.a"}. This allows a specific tag to satisfy requirements for any parent level.

Parameters:
Returns: table Array of tags from most general to most specific

SecurityCore.expandCardTags(tags)

View source

Expand a list of tags to include all parent tags Processes an array of tags, expanding each hierarchical tag into its parent levels. Wildcard tags (ending with ".*") are preserved as-is without expansion. Removes duplicates in the resulting array.

Parameters:
Returns: table Array of expanded tags with all parent levels included

SecurityCore.tagMatches(cardTag, doorTag)

View source

Check if a card tag satisfies a door requirement Determines if a single card tag grants access for a door requirement. Supports exact matches, hierarchical matching (card "tenant.1.a" satisfies door "tenant"), and wildcard card tags (card "tenant.*" satisfies any door tag starting with "tenant").

Parameters:
Returns: boolean True if the card tag satisfies the door requirement

SecurityCore.checkAccess(cardTags, doorTags)

View source

Check access permissions for a card against a door Main access control function that determines if a card's tags grant access to a door. Automatically expands card tags to include parent hierarchies, then checks if any card tag satisfies any door requirement. Special case: door tag "*" grants access to any card with at least one tag.

Parameters:
Returns: string Match reason showing which card tag satisfied which door requirement