auth

package

v0.0.0-...-e3a33ee Latest Latest Go to latest Published: Feb 25, 2016 License: Apache-2.0 Imports: 12 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/vladoatanasov/sync_gateway

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
func IsValidEmail(email string) bool
func IsValidPrincipalName(name string) bool
type Authenticator
- func NewAuthenticator(bucket base.Bucket, channelComputer ChannelComputer) *Authenticator
type ChannelComputer
type LoginSession
type Principal
type Role
type User

Constants ¶

View Source

const CookieName = "SyncGatewaySession"

View Source

const RoleKeyPrefix = "_sync:role:"

Key prefix reserved for role documents in the bucket

View Source

const SessionKeyPrefix = "_sync:session:"

View Source

const UserKeyPrefix = "_sync:user:"

Key prefix reserved for user documents in the bucket

Variables ¶

This section is empty.

Functions ¶

func IsValidEmail ¶

func IsValidEmail(email string) bool

func IsValidPrincipalName ¶

func IsValidPrincipalName(name string) bool

Is this string a valid name for a User/Role? (Valid chars are alphanumeric and any of "_-+.@")

Types ¶

type Authenticator ¶

type Authenticator struct {
	// contains filtered or unexported fields
}

* Manages user authentication for a database.

func NewAuthenticator ¶

func NewAuthenticator(bucket base.Bucket, channelComputer ChannelComputer) *Authenticator

Creates a new Authenticator that stores user info in the given Bucket.

func (*Authenticator) AuthenticateCookie ¶

func (auth *Authenticator) AuthenticateCookie(rq *http.Request, response http.ResponseWriter) (User, error)

func (*Authenticator) AuthenticateUser ¶

func (auth *Authenticator) AuthenticateUser(username string, password string) User

Authenticates a user given the username and password. If the username and password are both "", it will return a default empty User object, not nil.

func (*Authenticator) CreateSession ¶

func (auth *Authenticator) CreateSession(username string, ttl time.Duration) (*LoginSession, error)

func (*Authenticator) Delete ¶

func (auth *Authenticator) Delete(p Principal) error

Deletes a user/role.

func (Authenticator) DeleteSession ¶

func (auth Authenticator) DeleteSession(sessionid string) error

func (Authenticator) DeleteSessionForCookie ¶

func (auth Authenticator) DeleteSessionForCookie(rq *http.Request) *http.Cookie

func (*Authenticator) GetPrincipal ¶

func (auth *Authenticator) GetPrincipal(name string, isUser bool) (Principal, error)

func (*Authenticator) GetRole ¶

func (auth *Authenticator) GetRole(name string) (Role, error)

Looks up the information for a role.

func (*Authenticator) GetSession ¶

func (auth *Authenticator) GetSession(sessionid string) (*LoginSession, error)

func (*Authenticator) GetUser ¶

func (auth *Authenticator) GetUser(name string) (User, error)

Looks up the information for a user. If the username is "" it will return the default (guest) User object, not nil. By default the guest User has access to everything, i.e. Admin Party! This can be changed by altering its list of channels and saving the changes via SetUser.

func (*Authenticator) GetUserByEmail ¶

func (auth *Authenticator) GetUserByEmail(email string) (User, error)

Looks up a User by email address.

func (*Authenticator) InvalidateChannels ¶

func (auth *Authenticator) InvalidateChannels(p Principal) error

Invalidates the channel list of a user/role by saving its Channels() property as nil.

func (*Authenticator) InvalidateRoles ¶

func (auth *Authenticator) InvalidateRoles(user User) error

Invalidates the role list of a user by saving its Roles() property as nil.

func (*Authenticator) MakeSessionCookie ¶

func (auth *Authenticator) MakeSessionCookie(session *LoginSession) *http.Cookie

func (*Authenticator) NewRole ¶

func (auth *Authenticator) NewRole(name string, channels base.Set) (Role, error)

Creates a new Role object.

func (*Authenticator) NewUser ¶

func (auth *Authenticator) NewUser(username string, password string, channels base.Set) (User, error)

Creates a new User object.

func (*Authenticator) RegisterNewUser ¶

func (auth *Authenticator) RegisterNewUser(username, email string) (User, error)

Registers a new user account based on the given verified email address. Username will be the same as the verified email address. Password will be random. The user will have access to no channels.

func (*Authenticator) Save ¶

func (auth *Authenticator) Save(p Principal) error

Saves the information for a user/role.

func (*Authenticator) UnmarshalPrincipal ¶

func (auth *Authenticator) UnmarshalPrincipal(data []byte, defaultName string, defaultSeq uint64, isUser bool) (Principal, error)

func (*Authenticator) UnmarshalRole ¶

func (auth *Authenticator) UnmarshalRole(data []byte, defaultName string, defaultSeq uint64) (Role, error)

func (*Authenticator) UnmarshalUser ¶

func (auth *Authenticator) UnmarshalUser(data []byte, defaultName string, defaultSequence uint64) (User, error)

func (*Authenticator) UpdateRoleVbucketSequences ¶

func (auth *Authenticator) UpdateRoleVbucketSequences(docID string, sequence uint64) error

func (*Authenticator) UpdateUserVbucketSequences ¶

func (auth *Authenticator) UpdateUserVbucketSequences(docID string, sequence uint64) error

type ChannelComputer ¶

type ChannelComputer interface {
	ComputeChannelsForPrincipal(Principal) (ch.TimedSet, error)
	ComputeRolesForUser(User) (ch.TimedSet, error)
	UseGlobalSequence() bool
}

Interface for deriving the set of channels and roles a User/Role has access to. The instantiator of an Authenticator must provide an implementation.

type LoginSession ¶

type LoginSession struct {
	ID         string        `json:"id"`
	Username   string        `json:"username"`
	Expiration time.Time     `json:"expiration"`
	Ttl        time.Duration `json:"ttl"`
}

A user login session (used with cookie-based auth.)

type Principal ¶

type Principal interface {
	// The Principal's identifier.
	Name() string

	// The database sequence at which this Principal last changed
	Sequence() uint64
	SetSequence(sequence uint64)

	// The set of channels the Principal belongs to, and what sequence access was granted.
	Channels() ch.TimedSet

	// The channels the Principal was explicitly granted access to thru the admin API.
	ExplicitChannels() ch.TimedSet

	// Sets the explicit channels the Principal has access to.
	SetExplicitChannels(ch.TimedSet)

	// The previous set of channels the Principal was granted.  Used to maintain sequence history.
	PreviousChannels() ch.TimedSet

	// Sets the previous set of channels the Principal has access to.
	SetPreviousChannels(ch.TimedSet)

	// Returns true if the Principal has access to the given channel.
	CanSeeChannel(channel string) bool

	// If the Principal has access to the given channel, returns the sequence number at which
	// access was granted; else returns zero.
	CanSeeChannelSince(channel string) uint64

	// Returns an error if the Principal does not have access to all the channels in the set.
	AuthorizeAllChannels(channels base.Set) error

	// Returns an error if the Principal does not have access to any of the channels in the set.
	AuthorizeAnyChannel(channels base.Set) error

	// Returns an appropriate HTTPError for unauthorized access -- a 401 if the receiver is
	// the guest user, else 403.
	UnauthError(message string) error

	DocID() string
	// contains filtered or unexported methods
}

A Principal is an abstract object that can have access to channels.

type Role ¶

type Role interface {
	Principal
}

Role is basically the same as Principal, just concrete. Users can inherit channels from Roles.

type User ¶

type User interface {
	Principal

	// The user's email address.
	Email() string

	// Sets the user's email address.
	SetEmail(string) error

	// If true, the user is unable to authenticate.
	Disabled() bool

	// Sets the disabled property
	SetDisabled(bool)

	// Authenticates the user's password.
	Authenticate(password string) bool

	// Changes the user's password.
	SetPassword(password string)

	// The set of Roles the user belongs to (including ones given to it by the sync function)
	RoleNames() ch.TimedSet

	// The roles the user was explicitly granted access to thru the admin API.
	ExplicitRoles() ch.TimedSet

	// Sets the explicit roles the user belongs to.
	SetExplicitRoles(ch.TimedSet)

	// Every channel the user has access to, including those inherited from Roles.
	InheritedChannels() ch.TimedSet

	// If the input set contains the wildcard "*" channel, returns the user's InheritedChannels;
	// else returns the input channel list unaltered.
	ExpandWildCardChannel(channels base.Set) base.Set

	// Returns a TimedSet containing only the channels from the input set that the user has access
	// to, annotated with the sequence number at which access was granted.
	FilterToAvailableChannels(channels base.Set) ch.TimedSet

	// Returns a Set containing channels that the user has access to, that aren't present in the
	// input set
	GetAddedChannels(channels ch.TimedSet) base.Set
	// contains filtered or unexported methods
}

A User is a Principal that can log in and have multiple Roles.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL