README
¶
Users service
Users service provides an HTTP API for managing users. Through this API clients are able to do the following actions:
- register new accounts
- obtain access tokens
- verify access tokens
For in-depth explanation of the aforementioned scenarios, as well as thorough understanding of Mainflux, please check out the official documentation.
Configuration
The service is configured using the environment variables presented in the following table. Note that any unset variables will be replaced with their default values.
| Variable | Description | Default |
|---|---|---|
| MF_USERS_LOG_LEVEL | Log level for Users (debug, info, warn, error) | error |
| MF_USERS_DB_HOST | Database host address | localhost |
| MF_USERS_DB_PORT | Database host port | 5432 |
| MF_USERS_DB_USER | Database user | mainflux |
| MF_USERS_DB_PASSWORD | Database password | mainflux |
| MF_USERS_DB | Name of the database used by the service | users |
| MF_USERS_DB_SSL_MODE | Database connection SSL mode (disable, require, verify-ca, verify-full) | disable |
| MF_USERS_DB_SSL_CERT | Path to the PEM encoded certificate file | |
| MF_USERS_DB_SSL_KEY | Path to the PEM encoded key file | |
| MF_USERS_DB_SSL_ROOT_CERT | Path to the PEM encoded root certificate file | |
| MF_USERS_HTTP_PORT | Users service HTTP port | 8180 |
| MF_USERS_SERVER_CERT | Path to server certificate in pem format | |
| MF_USERS_SERVER_KEY | Path to server key in pem format | |
| MF_USERS_ADMIN_EMAIL | Default user, created on startup | |
| MF_USERS_ADMIN_PASSWORD | Default user password, created on startup | |
| MF_JAEGER_URL | Jaeger server URL | localhost:6831 |
| MF_EMAIL_HOST | Mail server host | localhost |
| MF_EMAIL_PORT | Mail server port | 25 |
| MF_EMAIL_USERNAME | Mail server username | |
| MF_EMAIL_PASSWORD | Mail server password | |
| MF_EMAIL_FROM_ADDRESS | Email "from" address | |
| MF_EMAIL_FROM_NAME | Email "from" name | |
| MF_EMAIL_TEMPLATE | Email template for sending emails with password reset link | email.tmpl |
| MF_TOKEN_RESET_ENDPOINT | Password request reset endpoint, for constructing link | /reset-request |
Deployment
The service itself is distributed as Docker container. Check the users service section in
docker-compose to see how service is deployed.
To start the service outside of the container, execute the following shell script:
# download the latest version of the service
git clone https://github.com/mainflux/mainflux
cd mainflux
# compile the service
make users
# copy binary to bin
make install
# set the environment variables and run the service
MF_USERS_LOG_LEVEL=[Users log level] \
MF_USERS_DB_HOST=[Database host address] \
MF_USERS_DB_PORT=[Database host port] \
MF_USERS_DB_USER=[Database user] \
MF_USERS_DB_PASS=[Database password] \
MF_USERS_DB=[Name of the database used by the service] \
MF_USERS_DB_SSL_MODE=[SSL mode to connect to the database with] \
MF_USERS_DB_SSL_CERT=[Path to the PEM encoded certificate file] \
MF_USERS_DB_SSL_KEY=[Path to the PEM encoded key file] \
MF_USERS_DB_SSL_ROOT_CERT=[Path to the PEM encoded root certificate file] \
MF_USERS_HTTP_PORT=[Service HTTP port] \
MF_USERS_SERVER_CERT=[Path to server certificate] \
MF_USERS_SERVER_KEY=[Path to server key] \
MF_JAEGER_URL=[Jaeger server URL] \
MF_EMAIL_HOST=[Mail server host] \
MF_EMAIL_PORT=[Mail server port] \
MF_EMAIL_USERNAME=[Mail server username] \
MF_EMAIL_PASSWORD=[Mail server password] \
MF_EMAIL_FROM_ADDRESS=[Email from address] \
MF_EMAIL_FROM_NAME=[Email from name] \
MF_EMAIL_TEMPLATE=[Email template file] \
MF_TOKEN_RESET_ENDPOINT=[Password reset token endpoint] \
$GOBIN/mainflux-users
If MF_EMAIL_TEMPLATE doesn't point to any file service will function but password reset functionality will not work.
Usage
For more information about service capabilities and its usage, please check out the API documentation.
Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
View Source
var ( // ErrMissingResetToken indicates malformed or missing reset token // for reseting password. ErrMissingResetToken = errors.New("missing reset token") // ErrRecoveryToken indicates error in generating password recovery token. ErrRecoveryToken = errors.New("failed to generate password recovery token") // ErrGetToken indicates error in getting signed token. ErrGetToken = errors.New("failed to fetch signed token") // ErrPasswordFormat indicates weak password. ErrPasswordFormat = errors.New("password does not meet the requirements") )
Functions ¶
This section is empty.
Types ¶
type GroupPage ¶
type GroupPage struct {
PageMetadata
Groups []auth.Group
}
GroupPage contains a page of groups.
type Hasher ¶
type Hasher interface {
// Hash generates the hashed string from plain-text.
Hash(string) (string, error)
// Compare compares plain-text version to the hashed one. An error should
// indicate failed comparison.
Compare(string, string) error
}
Hasher specifies an API for generating hashes of an arbitrary textual content.
type Metadata ¶
type Metadata map[string]interface{}
Metadata to be used for mainflux thing or channel for customized describing of particular thing or channel.
type PageMetadata ¶
PageMetadata contains page metadata that helps navigation.
type Service ¶
type Service interface {
// Register creates new user account. In case of the failed registration, a
// non-nil error value is returned. The user registration is only allowed
// for admin.
Register(ctx context.Context, token string, user User) (string, error)
// Login authenticates the user given its credentials. Successful
// authentication generates new access token. Failed invocations are
// identified by the non-nil error values in the response.
Login(ctx context.Context, user User) (string, error)
// ViewUser retrieves user info for a given user ID and an authorized token.
ViewUser(ctx context.Context, token, id string) (User, error)
// ViewProfile retrieves user info for a given token.
ViewProfile(ctx context.Context, token string) (User, error)
// ListUsers retrieves users list for a valid admin token.
ListUsers(ctx context.Context, token string, offset, limit uint64, email string, meta Metadata) (UserPage, error)
// UpdateUser updates the user metadata.
UpdateUser(ctx context.Context, token string, user User) error
// GenerateResetToken email where mail will be sent.
// host is used for generating reset link.
GenerateResetToken(ctx context.Context, email, host string) error
// ChangePassword change users password for authenticated user.
ChangePassword(ctx context.Context, authToken, password, oldPassword string) error
// ResetPassword change users password in reset flow.
// token can be authentication token or password reset token.
ResetPassword(ctx context.Context, resetToken, password string) error
// SendPasswordReset sends reset password link to email.
SendPasswordReset(ctx context.Context, host, email, token string) error
// ListMembers retrieves everything that is assigned to a group identified by groupID.
ListMembers(ctx context.Context, token, groupID string, offset, limit uint64, meta Metadata) (UserPage, error)
}
Service specifies an API that must be fullfiled by the domain service implementation, and all of its decorators (e.g. logging & metrics).
func New ¶
func New(users UserRepository, hasher Hasher, auth mainflux.AuthServiceClient, e Emailer, idp mainflux.IDProvider, passRegex *regexp.Regexp) Service
New instantiates the users service implementation
type User ¶
User represents a Mainflux user account. Each user is identified given its email and password.
type UserPage ¶
type UserPage struct {
PageMetadata
Users []User
}
UserPage contains a page of users.
type UserRepository ¶
type UserRepository interface {
// Save persists the user account. A non-nil error is returned to indicate
// operation failure.
Save(ctx context.Context, u User) (string, error)
// Update updates the user metadata.
UpdateUser(ctx context.Context, u User) error
// RetrieveByEmail retrieves user by its unique identifier (i.e. email).
RetrieveByEmail(ctx context.Context, email string) (User, error)
// RetrieveByID retrieves user by its unique identifier ID.
RetrieveByID(ctx context.Context, id string) (User, error)
// RetrieveAll retrieves all users for given array of userIDs.
RetrieveAll(ctx context.Context, offset, limit uint64, userIDs []string, email string, m Metadata) (UserPage, error)
// UpdatePassword updates password for user with given email
UpdatePassword(ctx context.Context, email, password string) error
}
UserRepository specifies an account persistence API.
Source Files
Directories
¶
| Path | Synopsis |
|---|---|
|
Package api contains API-related concerns: endpoint definitions, middlewares and all resource representations.
|
Package api contains API-related concerns: endpoint definitions, middlewares and all resource representations. |
|
Package bcrypt provides a hasher implementation utilizing bcrypt.
|
Package bcrypt provides a hasher implementation utilizing bcrypt. |
|
Package postgres contains repository implementations using PostgreSQL as the underlying database.
|
Package postgres contains repository implementations using PostgreSQL as the underlying database. |
|
Package tracing contains middlewares that will add spans to existing traces.
|
Package tracing contains middlewares that will add spans to existing traces. |
Click to show internal directories.
Click to hide internal directories.