Documentation ¶
Index ¶
- Constants
- func IsValidEmail(email string) bool
- func IsValidPrincipalName(name string) bool
- type Authenticator
- func (auth *Authenticator) AuthenticateCookie(rq *http.Request, response http.ResponseWriter) (User, error)
- func (auth *Authenticator) AuthenticateUser(username string, password string) User
- func (auth *Authenticator) CreateSession(username string, ttl time.Duration) (*LoginSession, error)
- func (auth *Authenticator) Delete(p Principal) error
- func (auth Authenticator) DeleteSession(sessionid string) error
- func (auth Authenticator) DeleteSessionForCookie(rq *http.Request) *http.Cookie
- func (auth *Authenticator) GetPrincipal(name string, isUser bool) (Principal, error)
- func (auth *Authenticator) GetRole(name string) (Role, error)
- func (auth *Authenticator) GetSession(sessionid string) (*LoginSession, error)
- func (auth *Authenticator) GetUser(name string) (User, error)
- func (auth *Authenticator) GetUserByEmail(email string) (User, error)
- func (auth *Authenticator) InvalidateChannels(p Principal) error
- func (auth *Authenticator) InvalidateRoles(user User) error
- func (auth *Authenticator) MakeSessionCookie(session *LoginSession) *http.Cookie
- func (auth *Authenticator) NewRole(name string, channels base.Set) (Role, error)
- func (auth *Authenticator) NewUser(username string, password string, channels base.Set) (User, error)
- func (auth *Authenticator) RegisterNewUser(username, email string) (User, error)
- func (auth *Authenticator) Save(p Principal) error
- func (auth *Authenticator) UnmarshalPrincipal(data []byte, defaultName string, defaultSeq uint64, isUser bool) (Principal, error)
- func (auth *Authenticator) UnmarshalRole(data []byte, defaultName string, defaultSeq uint64) (Role, error)
- func (auth *Authenticator) UnmarshalUser(data []byte, defaultName string, defaultSequence uint64) (User, error)
- func (auth *Authenticator) UpdateRoleVbucketSequences(docID string, sequence uint64) error
- func (auth *Authenticator) UpdateUserVbucketSequences(docID string, sequence uint64) error
- type ChannelComputer
- type LoginSession
- type Principal
- type Role
- type User
Constants ¶
const CookieName = "SyncGatewaySession"
const RoleKeyPrefix = "_sync:role:"
Key prefix reserved for role documents in the bucket
const SessionKeyPrefix = "_sync:session:"
const UserKeyPrefix = "_sync:user:"
Key prefix reserved for user documents in the bucket
Variables ¶
This section is empty.
Functions ¶
func IsValidEmail ¶
func IsValidPrincipalName ¶
Is this string a valid name for a User/Role? (Valid chars are alphanumeric and any of "_-+.@")
Types ¶
type Authenticator ¶
type Authenticator struct {
// contains filtered or unexported fields
}
* Manages user authentication for a database.
func NewAuthenticator ¶
func NewAuthenticator(bucket base.Bucket, channelComputer ChannelComputer) *Authenticator
Creates a new Authenticator that stores user info in the given Bucket.
func (*Authenticator) AuthenticateCookie ¶
func (auth *Authenticator) AuthenticateCookie(rq *http.Request, response http.ResponseWriter) (User, error)
func (*Authenticator) AuthenticateUser ¶
func (auth *Authenticator) AuthenticateUser(username string, password string) User
Authenticates a user given the username and password. If the username and password are both "", it will return a default empty User object, not nil.
func (*Authenticator) CreateSession ¶
func (auth *Authenticator) CreateSession(username string, ttl time.Duration) (*LoginSession, error)
func (*Authenticator) Delete ¶
func (auth *Authenticator) Delete(p Principal) error
Deletes a user/role.
func (Authenticator) DeleteSession ¶
func (auth Authenticator) DeleteSession(sessionid string) error
func (Authenticator) DeleteSessionForCookie ¶
func (auth Authenticator) DeleteSessionForCookie(rq *http.Request) *http.Cookie
func (*Authenticator) GetPrincipal ¶
func (auth *Authenticator) GetPrincipal(name string, isUser bool) (Principal, error)
func (*Authenticator) GetRole ¶
func (auth *Authenticator) GetRole(name string) (Role, error)
Looks up the information for a role.
func (*Authenticator) GetSession ¶
func (auth *Authenticator) GetSession(sessionid string) (*LoginSession, error)
func (*Authenticator) GetUser ¶
func (auth *Authenticator) GetUser(name string) (User, error)
Looks up the information for a user. If the username is "" it will return the default (guest) User object, not nil. By default the guest User has access to everything, i.e. Admin Party! This can be changed by altering its list of channels and saving the changes via SetUser.
func (*Authenticator) GetUserByEmail ¶
func (auth *Authenticator) GetUserByEmail(email string) (User, error)
Looks up a User by email address.
func (*Authenticator) InvalidateChannels ¶
func (auth *Authenticator) InvalidateChannels(p Principal) error
Invalidates the channel list of a user/role by saving its Channels() property as nil.
func (*Authenticator) InvalidateRoles ¶
func (auth *Authenticator) InvalidateRoles(user User) error
Invalidates the role list of a user by saving its Roles() property as nil.
func (*Authenticator) MakeSessionCookie ¶
func (auth *Authenticator) MakeSessionCookie(session *LoginSession) *http.Cookie
func (*Authenticator) NewUser ¶
func (auth *Authenticator) NewUser(username string, password string, channels base.Set) (User, error)
Creates a new User object.
func (*Authenticator) RegisterNewUser ¶
func (auth *Authenticator) RegisterNewUser(username, email string) (User, error)
Registers a new user account based on the given verified email address. Username will be the same as the verified email address. Password will be random. The user will have access to no channels.
func (*Authenticator) Save ¶
func (auth *Authenticator) Save(p Principal) error
Saves the information for a user/role.
func (*Authenticator) UnmarshalPrincipal ¶
func (*Authenticator) UnmarshalRole ¶
func (*Authenticator) UnmarshalUser ¶
func (*Authenticator) UpdateRoleVbucketSequences ¶
func (auth *Authenticator) UpdateRoleVbucketSequences(docID string, sequence uint64) error
func (*Authenticator) UpdateUserVbucketSequences ¶
func (auth *Authenticator) UpdateUserVbucketSequences(docID string, sequence uint64) error
type ChannelComputer ¶
type ChannelComputer interface { ComputeChannelsForPrincipal(Principal) (ch.TimedSet, error) ComputeRolesForUser(User) (ch.TimedSet, error) UseGlobalSequence() bool }
Interface for deriving the set of channels and roles a User/Role has access to. The instantiator of an Authenticator must provide an implementation.
type LoginSession ¶
type LoginSession struct { ID string `json:"id"` Username string `json:"username"` Expiration time.Time `json:"expiration"` Ttl time.Duration `json:"ttl"` }
A user login session (used with cookie-based auth.)
type Principal ¶
type Principal interface { // The Principal's identifier. Name() string // The database sequence at which this Principal last changed Sequence() uint64 SetSequence(sequence uint64) // The set of channels the Principal belongs to, and what sequence access was granted. Channels() ch.TimedSet // The channels the Principal was explicitly granted access to thru the admin API. ExplicitChannels() ch.TimedSet // Sets the explicit channels the Principal has access to. SetExplicitChannels(ch.TimedSet) // The previous set of channels the Principal was granted. Used to maintain sequence history. PreviousChannels() ch.TimedSet // Sets the previous set of channels the Principal has access to. SetPreviousChannels(ch.TimedSet) // Returns true if the Principal has access to the given channel. CanSeeChannel(channel string) bool // If the Principal has access to the given channel, returns the sequence number at which // access was granted; else returns zero. CanSeeChannelSince(channel string) uint64 // Returns an error if the Principal does not have access to all the channels in the set. AuthorizeAllChannels(channels base.Set) error // Returns an error if the Principal does not have access to any of the channels in the set. AuthorizeAnyChannel(channels base.Set) error // Returns an appropriate HTTPError for unauthorized access -- a 401 if the receiver is // the guest user, else 403. UnauthError(message string) error DocID() string // contains filtered or unexported methods }
A Principal is an abstract object that can have access to channels.
type Role ¶
type Role interface { Principal }
Role is basically the same as Principal, just concrete. Users can inherit channels from Roles.
type User ¶
type User interface { Principal // The user's email address. Email() string // Sets the user's email address. SetEmail(string) error // If true, the user is unable to authenticate. Disabled() bool // Sets the disabled property SetDisabled(bool) // Authenticates the user's password. Authenticate(password string) bool // Changes the user's password. SetPassword(password string) // The set of Roles the user belongs to (including ones given to it by the sync function) RoleNames() ch.TimedSet // The roles the user was explicitly granted access to thru the admin API. ExplicitRoles() ch.TimedSet // Sets the explicit roles the user belongs to. SetExplicitRoles(ch.TimedSet) // Every channel the user has access to, including those inherited from Roles. InheritedChannels() ch.TimedSet // If the input set contains the wildcard "*" channel, returns the user's InheritedChannels; // else returns the input channel list unaltered. ExpandWildCardChannel(channels base.Set) base.Set // Returns a TimedSet containing only the channels from the input set that the user has access // to, annotated with the sequence number at which access was granted. FilterToAvailableChannels(channels base.Set) ch.TimedSet // Returns a Set containing channels that the user has access to, that aren't present in the // input set GetAddedChannels(channels ch.TimedSet) base.Set // contains filtered or unexported methods }
A User is a Principal that can log in and have multiple Roles.