auth

package

v4.2.2 Latest Latest Go to latest Published: Apr 25, 2024 License: Apache-2.0 Imports: 17 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/go-kivik/kivik

Links

Open Source Insights

Documentation ¶

Overview ¶

Package auth provides authentication and authorization for the server.

Index ¶

Constants
func CreateAuthToken(name, salt, secret string, time int64) string
func DecodeCookie(cookie string) (name string, created int64, err error)
type AuthenticateFunc
type Handler
- func BasicAuth() Handler
- func CookieAuth(secret string, sessionTimeout time.Duration) Handler
type MemoryUserStore
- func NewMemoryUserStore() *MemoryUserStore
type Server
type UserContext
- func (c *UserContext) HasRole(role string) bool
type UserStore

Constants ¶

View Source

const (
	RoleAdmin      = "_admin"
	RoleReader     = "_reader"
	RoleWriter     = "_writer"
	RoleReplicator = "_replicator"
	RoleDBUpdates  = "_db_updates"
	RoleDesign     = "_design"
)

CouchDB system roles.

Variables ¶

This section is empty.

Functions ¶

func CreateAuthToken ¶

func CreateAuthToken(name, salt, secret string, time int64) string

CreateAuthToken hashes a username, salt, timestamp, and the server secret into an authentication token.

func DecodeCookie ¶

func DecodeCookie(cookie string) (name string, created int64, err error)

DecodeCookie decodes a Base64-encoded cookie, and returns its component parts.

Types ¶

type AuthenticateFunc ¶

type AuthenticateFunc func(http.ResponseWriter, *http.Request) (*UserContext, error)

AuthenticateFunc authenticates the HTTP request. On success, a user context must be returned. Any error will immediately terminate the authentication process, returning an error to the client. In particular, this means that an "unauthorized" error must not be returned if fallthrough is intended. If a response is sent, execution does not continue. This allows handlers to expose their own API endpoints (for example, the default cookie auth handler adds POST /_session and DELETE /_session handlers).

type Handler ¶

type Handler interface {
	// Init should return the name of the authenticatoin method, and an
	// authentication function. It is only called once on server startup.
	Init(Server) (string, AuthenticateFunc)
}

Handler is an auth handler.

func BasicAuth ¶

func BasicAuth() Handler

BasicAuth returns a basic auth handler.

func CookieAuth ¶

func CookieAuth(secret string, sessionTimeout time.Duration) Handler

CookieAuth returns a cookie auth handler.

type MemoryUserStore ¶

type MemoryUserStore struct {
	// contains filtered or unexported fields
}

MemoryUserStore is a simple in-memory user store.

func NewMemoryUserStore ¶

func NewMemoryUserStore() *MemoryUserStore

NewMemoryUserStore returns a new MemoryUserStore.

func (*MemoryUserStore) AddUser ¶

func (s *MemoryUserStore) AddUser(username, password string, roles []string) error

AddUser adds a user to the store. It returns an error if the user already exists.

func (*MemoryUserStore) DeleteUser ¶

func (s *MemoryUserStore) DeleteUser(username string)

DeleteUser deletes a user from the store.

func (*MemoryUserStore) UserCtx ¶

func (s *MemoryUserStore) UserCtx(_ context.Context, username string) (*UserContext, error)

UserCtx returns a user context object if the user exists.

func (*MemoryUserStore) Validate ¶

func (s *MemoryUserStore) Validate(_ context.Context, username, password string) (*UserContext, error)

Validate returns a user context object if the credentials are valid.

type Server ¶

type Server interface {
	UserStore() UserStore
	Bind(*http.Request, interface{}) error
}

Server is the interface for the server which exposes capabilities needed by auth handlers.

type UserContext ¶

type UserContext struct {
	Database string   `json:"db,omitempty"`
	Name     string   `json:"name"`
	Roles    []string `json:"roles"`
	// Salt is needed to calculate cookie tokens.
	Salt string `json:"-"`
}

UserContext represents a CouchDB UserContext object.

func (*UserContext) HasRole ¶

func (c *UserContext) HasRole(role string) bool

HasRole returns true if the user has the specified role.

type UserStore ¶

type UserStore interface {
	// Validate returns a user context object if the credentials are valid. An
	// error must be returned otherwise. A Not-Found error will continue to the
	// next user store, while any other error will terminate the auth process.
	Validate(ctx context.Context, username, password string) (user *UserContext, err error)
	// UserCtx returns a user context object if the user exists. It is used by
	// AuthHandlers that don't validate the password (e.g. Cookie auth). If the
	// user does not exist, a Not-Found error will be returned.
	UserCtx(ctx context.Context, username string) (user *UserContext, err error)
}

A UserStore provides an AuthHandler with access to a user store for.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL