diff --git a/biscuit-auth/examples/third_party.rs b/biscuit-auth/examples/third_party.rs index f7fe6b72..dcd2bd68 100644 --- a/biscuit-auth/examples/third_party.rs +++ b/biscuit-auth/examples/third_party.rs @@ -1,7 +1,9 @@ +use std::time::Duration; + use biscuit_auth::{ builder::{Algorithm, AuthorizerBuilder, BlockBuilder}, builder_ext::AuthorizerExt, - datalog::SymbolTable, + datalog::{RunLimits, SymbolTable}, Biscuit, KeyPair, }; use rand::{prelude::StdRng, SeedableRng}; @@ -36,6 +38,10 @@ fn main() { let mut authorizer = AuthorizerBuilder::new() .allow_all() + .limits(RunLimits { + max_time: Duration::from_secs(10), + ..Default::default() + }) .build(&biscuit1) .unwrap(); @@ -44,6 +50,10 @@ fn main() { let mut authorizer = AuthorizerBuilder::new() .allow_all() + .limits(RunLimits { + max_time: Duration::from_secs(10), + ..Default::default() + }) .build(&biscuit2) .unwrap(); diff --git a/biscuit-auth/src/token/authorizer.rs b/biscuit-auth/src/token/authorizer.rs index 077cfafd..8c96d305 100644 --- a/biscuit-auth/src/token/authorizer.rs +++ b/biscuit-auth/src/token/authorizer.rs @@ -1093,7 +1093,7 @@ mod tests { ) .unwrap() .limits(AuthorizerLimits { - max_time: Duration::from_millis(10), //Set 10 milliseconds as the maximum time allowed for the authorization due to "cheap" worker on GitHub Actions + max_time: Duration::from_secs(10), //Set 10 seconds as the maximum time allowed for the authorization due to "cheap" worker on GitHub Actions ..Default::default() }) .build(&biscuit2) diff --git a/biscuit-auth/src/token/mod.rs b/biscuit-auth/src/token/mod.rs index 6a963200..85800076 100644 --- a/biscuit-auth/src/token/mod.rs +++ b/biscuit-auth/src/token/mod.rs @@ -1384,6 +1384,10 @@ mod tests { .check("check if bytes($0), { hex:00000000, hex:0102AB }.contains($0)") .unwrap() .allow_all() + .limits(AuthorizerLimits { + max_time: Duration::from_secs(10), + ..Default::default() + }) .build(&biscuit2) .unwrap(); diff --git a/biscuit-auth/tests/macros.rs b/biscuit-auth/tests/macros.rs index 1696724f..9b0079e3 100644 --- a/biscuit-auth/tests/macros.rs +++ b/biscuit-auth/tests/macros.rs @@ -75,7 +75,13 @@ fn authorizer_macro() { "# ); - let authorizer = b.build_unauthenticated().unwrap(); + let authorizer = b + .limits(RunLimits { + max_time: Duration::from_secs(10), + ..Default::default() + }) + .build_unauthenticated() + .unwrap(); assert_eq!( authorizer.dump_code(), r#"appended(true); @@ -95,6 +101,10 @@ allow if true; #[test] fn authorizer_macro_trailing_comma() { let a = authorizer!(r#"fact("test", {my_key});"#, my_key = "my_value",) + .limits(RunLimits { + max_time: Duration::from_secs(10), + ..Default::default() + }) .build_unauthenticated() .unwrap(); assert_eq!( @@ -261,6 +271,10 @@ fn json() { $value.get("id") == $id, $value.get("roles").contains("admin");"# ) + .limits(RunLimits { + max_time: Duration::from_secs(10), + ..Default::default() + }) .build(&biscuit) .unwrap(); assert_eq!(