config

package
v0.0.0-...-7a56003 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 21, 2024 License: MIT Imports: 22 Imported by: 0

Documentation

Overview

Package config maintains information about permissions.

The format and API's in this package will probably change over time.

Index

Constants

View Source 
const AuthTimeout = 1 * time.Hour
View Source 
const DefaultPageSize = 50
View Source 
const DefaultPort = "4114"
View Source 
const GoogleTimeout = 5 * time.Second

Variables

View Source 
var DefaultMaxResourceAge = time.Since(twilio.Epoch)

DefaultMaxResourceAge allows all resources to be fetched. The company was founded in 2008, so there should definitely be no resources created in the 1980's.

View Source 
var DefaultTimezones = []string{
	"America/Los_Angeles",
	"America/Denver",
	"America/Chicago",
	"America/New_York",
}

DefaultTimezones are a user's options if no timezones are configured. These correspond to the 4 timezones in the USA, west to east.

View Source 
var DefaultUser = NewUser(AllUserSettings())
View Source 
var ErrTooOld = errors.New("Cannot access this resource because its age exceeds the viewable limit")

ErrTooOld is returned for a resource that's more than MaxResourceAge old.

View Source 
var MustLogin = errors.New("Need to login")
View Source 
var PermissionDenied = errors.New("You do not have permission to access that information")

Functions

func SetUser 

func SetUser(r *http.Request, u *User) *http.Request

SetUser sets the User in the Request's context.

Types

type Authenticator 

type Authenticator interface {
	SetPolicy(*Policy)
	// Authenticate ensures the request is authenticated. If it is not
	// authenticated, or authentication returns an error, Authenticate will
	// write a response and return a non-nil error.
	Authenticate(http.ResponseWriter, *http.Request) (*User, error)
	Logout(http.ResponseWriter, *http.Request)
}

type BasicAuthAuthenticator 

type BasicAuthAuthenticator struct {
	Realm string
	// Passwords holds a map of usernames/passwords for basic auth. The keys
	// should match the keys in the Users map.
	Passwords map[string]string
	Policy    *Policy
	// contains filtered or unexported fields
}

BasicAuthAuthenticator can authenticate users via Basic Auth. Call AddUserPassword to set a Basic Auth user/password combo, and SetPolicy to set the Policy for authenticated users. If no Policy has been set, DefaultUser will be returned for all authenticated users.

func NewBasicAuthAuthenticator 

func NewBasicAuthAuthenticator(realm string) *BasicAuthAuthenticator

func (*BasicAuthAuthenticator) AddUserPassword 

func (b *BasicAuthAuthenticator) AddUserPassword(key string, password string)

AddUserPassword sets a user and password for Basic Auth. AddUserPassword overrides any previous passwords that have been set for key. Call AddUserPassword with an empty password to remove a user.

func (*BasicAuthAuthenticator) Authenticate 

func (b *BasicAuthAuthenticator) Authenticate(w http.ResponseWriter, r *http.Request) (*User, error)

Authenticate checks whether the request was made with a valid user/password via Basic Auth. When authenticating, if the Basic Auth user is in the policy, that user's permissions are used. If no user is available, but a policy is defined and it contains a "default" group, those permissions are used. If no policy is present, config.DefaultUser is returned for authenticated users.

func (*BasicAuthAuthenticator) Logout 

func (b *BasicAuthAuthenticator) Logout(w http.ResponseWriter, r *http.Request)

func (*BasicAuthAuthenticator) SetPolicy 

func (b *BasicAuthAuthenticator) SetPolicy(p *Policy)

SetPolicy sets the policy. Call AddUserPassword to set a Basic Auth user / password.

type FileConfig 

type FileConfig struct {
	Port       string `yaml:"port"`
	AccountSid string `yaml:"twilio_account_sid"`
	AuthToken  string `yaml:"twilio_auth_token"`

	Realm services.Rlm `yaml:"realm"`
	// Default timezone for dates/times in the UI
	Timezone string `yaml:"default_timezone"`
	// List of timezones a user can choose in the UI
	Timezones  []string `yaml:"timezones"`
	PublicHost string   `yaml:"public_host"`

	// IP subnets that are allowed to visit the site. THIS IS NOT A SECURITY
	// FEATURE. IP ADDRESSES ARE EASILY SPOOFED, AND YOUR IP ADDRESS IS EASILY
	// DISCOVERABLE. To determine a user's ip address, we check the first value
	// in a X-Forwarded-For header, or the RemoteHost value of a http.Request.
	//
	// If you have an IPv4 address, the subnet for *only* that address is
	// "A.B.C.D/32". The recommended smallest subnet for IPv6 is /64.
	IPSubnets []string `yaml:"ip_subnets"`

	PageSize       uint          `yaml:"page_size"`
	SecretKey      string        `yaml:"secret_key"`
	MaxResourceAge time.Duration `yaml:"max_resource_age"`

	// Need a pointer to a boolean here since we want to be able to distinguish
	// "false" from "omitted"
	ShowMediaByDefault *bool `yaml:"show_media_by_default,omitempty"`

	EmailAddress string `yaml:"email_address"`

	ErrorReporter      string `yaml:"error_reporter,omitempty"`
	ErrorReporterToken string `yaml:"error_reporter_token,omitempty"`

	AuthScheme string `yaml:"auth_scheme"`
	User       string `yaml:"basic_auth_user"`
	Password   string `yaml:"basic_auth_password"`

	GoogleClientID       string   `yaml:"google_client_id"`
	GoogleClientSecret   string   `yaml:"google_client_secret"`
	GoogleAllowedDomains []string `yaml:"google_allowed_domains"`

	PolicyFile string `yaml:"policy_file"`
	Policy     *Policy

	Debug bool `yaml:"debug"`
}

FileConfig defines the settings you can load from a YAML configuration file. Load configuration from a YAML file into a FileConfig struct, then call NewSettingsFromConfig to get a Settings object.

All of the types and values here should be representable in a YAML file.

type GoogleAuthenticator 

type GoogleAuthenticator struct {
	log.Logger
	AllowUnencryptedTraffic bool
	Conf                    *oauth2.Config
	RenderLogin             func(http.ResponseWriter, *http.Request, string)
	RenderLogout            func(http.ResponseWriter, *http.Request)
	// contains filtered or unexported fields
}

func NewGoogleAuthenticator 

func NewGoogleAuthenticator(logger log.Logger, clientID string, clientSecret string, baseURL string, allowedDomains []string, secretKey *[32]byte) *GoogleAuthenticator

NewGoogleAuthenticator creates a new GoogleAuthenticator that can authenticate requests via Google login.

To get a clientID and clientSecret, see https://github.com/kevinburke/logrole/blob/master/docs/google.md

func (*GoogleAuthenticator) Authenticate 

func (g *GoogleAuthenticator) Authenticate(w http.ResponseWriter, r *http.Request) (*User, error)

func (*GoogleAuthenticator) Logout 

func (g *GoogleAuthenticator) Logout(w http.ResponseWriter, r *http.Request)

func (*GoogleAuthenticator) SetPolicy 

func (g *GoogleAuthenticator) SetPolicy(p *Policy)

func (*GoogleAuthenticator) URL 

func (g *GoogleAuthenticator) URL(w http.ResponseWriter, r *http.Request) string

type Group 

type Group struct {
	Permissions *UserSettings `yaml:"permissions"`
	Name        string        `yaml:"name"`
	Default     bool          `yaml:"default,omitempty"`
	Users       []string      `yaml:"users"`
}

type NoopAuthenticator 

type NoopAuthenticator struct {
	User *User
}

NoopAuthenticator returns the given User in response to all Authenticate requests.

func (*NoopAuthenticator) Authenticate 

func (n *NoopAuthenticator) Authenticate(w http.ResponseWriter, r *http.Request) (*User, error)

func (*NoopAuthenticator) Logout 

func (n *NoopAuthenticator) Logout(w http.ResponseWriter, r *http.Request)

func (*NoopAuthenticator) SetPolicy 

func (n *NoopAuthenticator) SetPolicy(p *Policy)

SetPolicy does nothing.

type OAuthAuthenticator 

type OAuthAuthenticator interface {
	URL(http.ResponseWriter, *http.Request) string
}

type Permission 

type Permission struct {
	// contains filtered or unexported fields
}

func NewPermission 

func NewPermission(maxResourceAge time.Duration) *Permission

func (*Permission) MaxResourceAge 

func (p *Permission) MaxResourceAge() time.Duration

type Policy 

type Policy []*Group

TODO naming here

func (*Policy) Lookup 

func (p *Policy) Lookup(id string) (*User, bool, error)

Lookup finds the User with the given id. If no user with that name is found, but a default group is defined, a user from that group is returned. The boolean is true if a user was found directly by id. Otherwise returns an error.

Lookup assumes the Policy is valid.

func (*Policy) UnmarshalYAML 

func (p *Policy) UnmarshalYAML(unmarshal func(interface{}) error) error

Unmarshal a YAML file into a Policy. Need a custom Unmarshaler so we can detect a nil UserSettings object and replace it with one where all permissions are set to true.

func (*Policy) Users 

func (p *Policy) Users() map[string]*User

Users returns a map of all Users defined in the policy. Users assumes the Policy is valid.

type PolicyPolicy 

type PolicyPolicy struct {
	Policy *Policy `yaml:"policy"`
}

type Settings 

type Settings struct {
	Logger log.Logger

	// The host the user visits to get to this site.
	PublicHost string

	// Whether to allow HTTP traffic.
	AllowUnencryptedTraffic bool
	Client                  *twilio.Client

	// LocationFinder determines the correct timezone to display for a given
	// request, based on the default and a user's TZ cookie (if present).
	LocationFinder services.LocationFinder

	// How many messages to display per page.
	PageSize uint

	// Used to encrypt next page URI's and sessions. See
	// https://github.com/kevinburke/logrole/blob/master/docs/settings.md#secret-key
	SecretKey *[32]byte

	// Don't show resources that are older than this age. Set to a very high
	// value to show all resources.
	MaxResourceAge time.Duration

	// Should a user have to click a button to view media attached to a MMS?
	ShowMediaByDefault bool

	// Email address for server errors / "contact me" on error pages.
	Mailto *mail.Address

	// Error reporter. This must not be nil; set to NoopErrorReporter to ignore
	// errors.
	Reporter services.ErrorReporter

	// The authentication scheme.
	Authenticator Authenticator

	// THIS IS NOT A SECURITY FEATURE AND SHOULD NOT BE RELIED ON FOR IP
	// WHITELISTING.
	IPSubnets []*net.IPNet
}

Settings are used to configure a Server and apply to all of the website's users.

func NewSettingsFromConfig 

func NewSettingsFromConfig(c *FileConfig, l log.Logger) (settings *Settings, err error)

NewSettingsFromConfig creates a new Settings object from the given FileConfig, or an error.

Pass a log.Logger to configure how messages are logged. If the Logger is nil, github.com/kevinburke/handlers.Logger will be used.

type User 

type User struct {
	// contains filtered or unexported fields
}

func GetUser 

func GetUser(r *http.Request) (*User, bool)

GetUser returns a User stored in the request's context, if one exists.

func NewUser 

func NewUser(us *UserSettings) *User

NewUser creates a new User with the given settings.

func (*User) CanPlayRecordings 

func (u *User) CanPlayRecordings() bool

func (*User) CanViewAlerts 

func (u *User) CanViewAlerts() bool

func (*User) CanViewCallFrom 

func (u *User) CanViewCallFrom() bool

func (*User) CanViewCallPrice 

func (u *User) CanViewCallPrice() bool

func (*User) CanViewCallTo 

func (u *User) CanViewCallTo() bool

func (*User) CanViewCallbackURLs 

func (u *User) CanViewCallbackURLs() bool

func (*User) CanViewCalls 

func (u *User) CanViewCalls() bool

func (*User) CanViewConferences 

func (u *User) CanViewConferences() bool

func (*User) CanViewMedia 

func (u *User) CanViewMedia() bool

func (*User) CanViewMessageBody 

func (u *User) CanViewMessageBody() bool

func (*User) CanViewMessageFrom 

func (u *User) CanViewMessageFrom() bool

func (*User) CanViewMessagePrice 

func (u *User) CanViewMessagePrice() bool

func (*User) CanViewMessageTo 

func (u *User) CanViewMessageTo() bool

func (*User) CanViewMessages 

func (u *User) CanViewMessages() bool

func (*User) CanViewNumMedia 

func (u *User) CanViewNumMedia() bool

func (*User) CanViewNumRecordings 

func (u *User) CanViewNumRecordings() bool

func (*User) CanViewRecordingPrice 

func (u *User) CanViewRecordingPrice() bool

func (*User) CanViewResource 

func (u *User) CanViewResource(resourceCreatedAt time.Time, globalMaxAge time.Duration) bool

CanViewResource returns true if the specified timestamp is within the user's maxResourceAge setting. If the user's maxResourceAge is nonzero, it overrides the globalMaxAge. Returns true if the globalMaxAge and the user's maxResourceAge are both zero.

type UserSettings 

type UserSettings struct {
	// Can the user see whether a message had MMS attached?
	CanViewNumMedia bool `yaml:"can_view_num_media"`
	// Can the user view anything about a SMS/MMS message?
	CanViewMessages bool `yaml:"can_view_messages"`
	// Can the user view the message sender?
	CanViewMessageFrom bool `yaml:"can_view_message_from"`
	// Can the user view the message recipient's phone number?
	CanViewMessageTo bool `yaml:"can_view_message_to"`
	// Can the user view a SMS message body?
	CanViewMessageBody bool `yaml:"can_view_message_body"`
	// Can the user view the photos in a MMS message?
	CanViewMedia bool `yaml:"can_view_media"`

	// Can the user see how much a message cost to send?
	CanViewMessagePrice bool `yaml:"can_view_message_price"`

	// Can the user see any information about a call?
	CanViewCalls bool `yaml:"can_view_calls"`
	// Can the user view the call originator?
	CanViewCallFrom bool `yaml:"can_view_call_from"`
	// Can the user view the call recipient?
	CanViewCallTo    bool `yaml:"can_view_call_to"`
	CanViewCallPrice bool `yaml:"can_view_call_price"`
	// Can the user see whether a call has recordings attached?
	CanViewNumRecordings bool `yaml:"can_view_num_recordings"`
	// Can the user listen to recordings?
	CanPlayRecordings     bool `yaml:"can_play_recordings"`
	CanViewRecordingPrice bool `yaml:"can_view_recording_price"`
	// Can the user view metadata about a conference (sid, date created,
	// region, etc)?
	CanViewConferences bool `yaml:"can_view_conferences"`
	// Can the user view information about errors that occurred while routing
	// a call? e.g. "HTTP retrieval failure" at the callback URL.
	CanViewAlerts bool `yaml:"can_view_alerts"`
	// Can the user view a StatusCallbackURL? Also protects
	// Voice/SMS/Fallback/Callback URL's for phone numbers.
	CanViewCallbackURLs bool `yaml:"can_view_callback_urls"`

	// The maximum viewable age of resources this user can view. If nonzero,
	// this overrides any global setting.
	//
	// Note phone numbers are *exempt* from this rule. All of your account's phone
	// numbers will be viewable even if the phone number was purchased before this
	// age.
	MaxResourceAge time.Duration `yaml:"max_resource_age"`
}

UserSettings are used to define which permissions a User has. When parsing from YAML, any omitted fields are set to "true".

func AllUserSettings 

func AllUserSettings() *UserSettings

AllUserSettings returns a UserSettings value with the widest possible set of permissions.

func (*UserSettings) UnmarshalYAML 

func (us *UserSettings) UnmarshalYAML(unmarshal func(interface{}) error) error

Unmarshal YAML into the UserSettings object. By default, unspecified values are set to true.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.