iam

package module
v0.2.22 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 8, 2023 License: MIT Imports: 27 Imported by: 2

README

heyiam

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var AuditLogIndexNames = []string{"schema", "api_name"}
View Source 
var AuditLogUserIndexNames = []string{"schema", "user_id", "user_name", "api_name"}

Functions

func CreateAccessToken 

func CreateAccessToken(secret string, accessKey string, expires time.Duration) (string, error)

func CreateLoginToken 

func CreateLoginToken(secret string, username string, expires time.Duration) (string, error)

func CreateTokenWithClaims 

func CreateTokenWithClaims(secret string, claims jwt.Claims) (string, error)

func EncryptPassword 

func EncryptPassword(password string) string

func GeneratePassword 

func GeneratePassword() string

func GetTokenFromEchoContext 

func GetTokenFromEchoContext(c echo.Context) (*jwt.Token, error)

func NewEnforcer 

func NewEnforcer(driverName string, dataSourceName string) (*casbin.Enforcer, error)

func ParseSchemaAndName 

func ParseSchemaAndName(data string) (string, string)

Types

type ApiRule 

type ApiRule struct {
	Path   string `json:"Path"`
	Method string `json:"Method"`
}

type AuditLog 

type AuditLog struct {
	Time    jsontype.JSONTime `json:"Time" gorm:"autoCreateTime;uniqueIndex:idx_user_audit_log_unique;not null"`
	Schema  string            `json:"Schema" gorm:"uniqueIndex:idx_user_audit_log_unique;not null"`
	UserID  uint              `json:"UserId" gorm:"uniqueIndex:idx_user_audit_log_unique;not null"`
	User    *User             `json:"User" gorm:"constraint:OnUpdate:CASCADE,OnDelete:CASCADE;"`
	Updated jsontype.JSONTime `json:"Updated" gorm:"autoUpdateTime"`

	UserName  string `json:"UserName"`
	UserAlias string `json:"UserAlias"`

	ApiName     string                            `json:"ApiName" gorm:"uniqueIndex:idx_user_audit_log_unique;not null"`
	Method      string                            `json:"Method"`
	Path        string                            `json:"Path"`
	Status      int                               `json:"Status"`
	MetaDataRaw jsontype.JSONType[*jsontype.Tags] `json:"-" gorm:"column:meta_data"`
	MetaData    *jsontype.Tags                    `json:"MetaData" gorm:"-"`
}

func (*AuditLog) AfterFind 

func (m *AuditLog) AfterFind(tx *gorm.DB) (err error)

func (*AuditLog) BeforeSave 

func (m *AuditLog) BeforeSave(tx *gorm.DB) (err error)

func (*AuditLog) LoadData 

func (m *AuditLog) LoadData()

func (*AuditLog) SaveData 

func (m *AuditLog) SaveData()

type GroupRule 

type GroupRule struct {
	GroupId uint   `json:"GroupId"`
	Method  string `json:"Method"`
}

type IAMServer 

type IAMServer struct {
	// contains filtered or unexported fields
}

func NewIAMServer 

func NewIAMServer(db *gorm.DB, dataRetentionPeriod time.Duration,
	enforcerDriverName string, enforcerDataSourceName string,
	secret string, rules map[string]ApiRule) *IAMServer

func (*IAMServer) AddApiRuleForRole 

func (s *IAMServer) AddApiRuleForRole(domain string, role string, rule ApiRule) (bool, error)

func (*IAMServer) AddGroupPolicyForRole 

func (s *IAMServer) AddGroupPolicyForRole(domain string, role string, rule GroupRule) (bool, error)

func (*IAMServer) AddRoleForUser 

func (s *IAMServer) AddRoleForUser(domain string, user string, role string) (bool, error)

func (*IAMServer) AddRolesForUser 

func (s *IAMServer) AddRolesForUser(domain string, user string, roles []string) (bool, error)

func (*IAMServer) CreateDefaultRole 

func (s *IAMServer) CreateDefaultRole(schema string, name string, alias string, patterns []string) (*Role, error)

func (*IAMServer) CreateDefaultUser 

func (s *IAMServer) CreateDefaultUser(schema, name string, alias string, password string) (*User, error)

func (*IAMServer) CreateRole 

func (s *IAMServer) CreateRole(schema string, name string, alias string, patterns []string) (*Role, error)

func (*IAMServer) CreateUser 

func (s *IAMServer) CreateUser(schema, name string, alias string, password string) (*User, error)

func (*IAMServer) DeleteAllApiRulesForRole 

func (s *IAMServer) DeleteAllApiRulesForRole(domain string, role string) (bool, error)

func (*IAMServer) DeleteAllGroupRulesForRole 

func (s *IAMServer) DeleteAllGroupRulesForRole(domain string, role string) (bool, error)

func (*IAMServer) DeleteAllRolesForUser 

func (s *IAMServer) DeleteAllRolesForUser(domain string, user string) (bool, error)

func (*IAMServer) Enforce 

func (s *IAMServer) Enforce(dom string, sub string, obj string, act string) bool

func (*IAMServer) EnforceApi 

func (s *IAMServer) EnforceApi(domain string, user string, path string, method string) bool

func (*IAMServer) GetApiRuleIdByRule 

func (s *IAMServer) GetApiRuleIdByRule(rule ApiRule) string

func (*IAMServer) GetApiRuleIds 

func (s *IAMServer) GetApiRuleIds(patterns ...string) []string

func (*IAMServer) GetApiRuleIdsByRule 

func (s *IAMServer) GetApiRuleIdsByRule(rules []ApiRule) []string

func (*IAMServer) GetApiRules 

func (s *IAMServer) GetApiRules(patterns ...string) []ApiRule

func (*IAMServer) GetApiRulesForRole 

func (s *IAMServer) GetApiRulesForRole(domain string, role string) []ApiRule

func (*IAMServer) GetApiRulesForUser 

func (s *IAMServer) GetApiRulesForUser(domain string, user string) []ApiRule

func (*IAMServer) GetDB 

func (s *IAMServer) GetDB() *gorm.DB

func (*IAMServer) GetGroupRulesForRole 

func (s *IAMServer) GetGroupRulesForRole(domain string, role string) []GroupRule

func (*IAMServer) GetRolesForUser 

func (s *IAMServer) GetRolesForUser(domain string, user string) ([]string, error)

func (*IAMServer) HandleAddUserRoles 

func (s *IAMServer) HandleAddUserRoles(c echo.Context) error

HandleAddUserRoles godoc @Summary Add roles for user @Tags Users @ID add-user-roles @Security Bearer @Param id path int true "User ID" @Param body body addUserRolesBody true "Roles to add" @Success 200 {object} User @Failure 400 {object} echo.HTTPError "Bad Request" @Failure 401 {object} echo.HTTPError "Unauthorized" @Failure 500 {object} echo.HTTPError "Internal Server Error" @Router /iam/users/{id}/roles [post]

func (*IAMServer) HandleAuthenticate 

func (s *IAMServer) HandleAuthenticate(c echo.Context) error

@Summary Authenticate a user @Tags Auth @Accept json @Produce json @Param body body authBody true "Authenticate request" @Success 200 {object} authResponseBody "Returns a login token" @Failure 400 {object} echo.HTTPError "Bad request" @Failure 401 {object} echo.HTTPError "Unauthorized" @Failure 500 {object} echo.HTTPError "Internal server error" @Router /auth [POST]

func (*IAMServer) HandleChangePassword 

func (s *IAMServer) HandleChangePassword(c echo.Context) error

@Summary Change current user password @Tags Current @ID change-current-password @Accept json @Produce json @Param body body changePasswordBody true "Change password request" @Security Bearer @Success 200 "Password changed successfully" @Failure 400 {object} echo.HTTPError "Bad request" @Failure 401 {object} echo.HTTPError "Unauthorized" @Failure 500 {object} echo.HTTPError "Internal server error" @Router /iam/current/change-password [PUT]

func (*IAMServer) HandleChangeUserPassword 

func (s *IAMServer) HandleChangeUserPassword(c echo.Context) error

HandleChangeUserPassword changes a user's password. @Summary Change user password @ID change-user-password @Tags Users @Produce json @Security Bearer @Param id path int true "User ID" @Param body body changePasswordBody true "Change password request" @Success 200 {object} User @Failure 400 {object} echo.HTTPError "Invalid input parameter" @Failure 401 {object} echo.HTTPError "Unauthorized" @Failure 404 {object} echo.HTTPError "User not found" @Failure 500 {object} echo.HTTPError "Internal server error" @Router /iam/users/{id}/change-password [put]

func (*IAMServer) HandleCreateRole 

func (s *IAMServer) HandleCreateRole(c echo.Context) error

HandleCreateRole godoc @Summary Create a role @Tags Roles @ID create-role @Security Bearer @Param body body createRoleBody true "Create Role Body" @Success 200 {object} Role @Failure 400 {object} echo.HTTPError "Bad Request" @Failure 401 {object} echo.HTTPError "Unauthorized" @Failure 500 {object} echo.HTTPError "Internal server error" @Router /iam/roles [post]

func (*IAMServer) HandleCreateUser 

func (s *IAMServer) HandleCreateUser(c echo.Context) error

HandleCreateUser creates a new user. @Summary Create user @ID create-user @Tags Users @Produce json @Security Bearer @Param body body createUserBody true "User" @Success 200 {object} User @Failure 400 {object} echo.HTTPError "Bad Request: invalid input parameter" @Failure 401 {object} echo.HTTPError "Unauthorized" @Failure 500 {object} echo.HTTPError "Internal server error" @Router /iam/users [post]

func (*IAMServer) HandleDeleteRole 

func (s *IAMServer) HandleDeleteRole(c echo.Context) error

HandleDeleteRole godoc @Summary Delete role @Tags Roles @ID delete-role @Security Bearer @Param id path int true "Role ID" @Success 204 "No Content" @Failure 401 {object} echo.HTTPError "Unauthorized" @Failure 500 {object} echo.HTTPError "Internal server error" @Router /iam/roles/{id} [delete]

func (*IAMServer) HandleDeleteUser 

func (s *IAMServer) HandleDeleteUser(c echo.Context) error

HandleDeleteUser deletes a user. @Summary Delete user @ID delete-user @Tags Users @Produce json @Security Bearer @Param id path int true "User ID" @Success 204 @Failure 401 {object} echo.HTTPError "Unauthorized" @Failure 403 {object} echo.HTTPError "Forbidden" @Failure 404 {object} echo.HTTPError "User not found" @Failure 500 {object} echo.HTTPError "Internal server error" @Router /iam/users/{id} [delete]

func (*IAMServer) HandleGetAuditLog 

func (s *IAMServer) HandleGetAuditLog(c echo.Context) error

HandleGetAuditLog retrieves a single audit log. @Summary Get audit log @ID get-audit-log @Produce json @Security Bearer @Param ts path int true "Timestamp" @Success 200 {object} AuditLog @Failure 401 {object} echo.HTTPError "Unauthorized" @Failure 500 {object} echo.HTTPError "Internal Server error" @Router /iam/audit-logs/{ts} [get] @Tags AuditLogs

func (*IAMServer) HandleGetRole 

func (s *IAMServer) HandleGetRole(c echo.Context) error

HandleGetRole godoc @Summary Get role @Tags Roles @ID get-role @Security Bearer @Param id path int true "Role ID" @Success 200 {object} Role @Failure 401 {object} echo.HTTPError "Unauthorized" @Failure 500 {object} echo.HTTPError "Internal server error" @Router /iam/roles/{id} [get]

func (*IAMServer) HandleGetUser 

func (s *IAMServer) HandleGetUser(c echo.Context) error

HandleGetUser retrieves a single user from the database. @Summary Get user @ID get-user @Tags Users @Produce json @Security Bearer @Param id path int true "User ID" @Success 200 {object} User @Failure 401 {object} echo.HTTPError "Unauthorized" @Failure 404 {object} echo.HTTPError "User not found" @Failure 500 {object} echo.HTTPError "Internal server error" @Router /iam/users/{id} [get]

func (*IAMServer) HandleGetUserRoles 

func (s *IAMServer) HandleGetUserRoles(c echo.Context) error

HandleGetUserRoles godoc @Summary Get roles for user @Tags Users @ID get-user-roles @Security Bearer @Param id path int true "User ID" @Success 200 {array} string @Failure 401 {object} echo.HTTPError "Unauthorized" @Failure 500 {object} echo.HTTPError "Internal Server Error" @Router /iam/users/{id}/roles [get]

func (*IAMServer) HandleListApiRules 

func (s *IAMServer) HandleListApiRules(c echo.Context) error

HandleListApiRules godoc @Summary List rules @ID list-rules @Tags Rules @Security Bearer @Success 200 {object} listRulesBody @Failure 500 {object} echo.HTTPError "Internal server error" @Router /iam/rules [get]

func (*IAMServer) HandleListAuditLogs 

func (s *IAMServer) HandleListAuditLogs(c echo.Context) error

HandleListAuditLogs lists all audit logs. @Summary List audit logs @ID list-audit-logs @Produce json @Security Bearer @Param page query int false "Page" default(1) @Param page_size query int false "Page size" default(20) @Param order_by query string false "Sort order" default() @Param q query string false "Query" default() @Success 200 {object} listAuditLogsData @Header 200 {int} X-Total "Total number" @Failure 401 {object} echo.HTTPError "Unauthorized" @Failure 500 {object} echo.HTTPError "Internal Server error" @Router /iam/audit-logs [get] @Tags AuditLogs

func (*IAMServer) HandleListRoles 

func (s *IAMServer) HandleListRoles(c echo.Context) error

HandleListRoles godoc @Summary List roles @ID list-roles @Tags Roles @Security Bearer @Param page query int false "Page" default(1) @Param page_size query int false "Page size" default(20) @Param order_by query string false "Sort order" default() @Param q query string false "Query" default() @Success 200 {object} listRolesData @Failure 401 {object} echo.HTTPError "Unauthorized" @Failure 500 {object} echo.HTTPError "Internal server error" @Router /iam/roles [get]

func (*IAMServer) HandleListUsers 

func (s *IAMServer) HandleListUsers(c echo.Context) error

HandleListUsers lists users based on specified filters. @Summary List users @ID list-users @Tags Users @Produce json @Param page query int false "Page" default(1) @Param page_size query int false "Page size" default(20) @Param order_by query string false "Sort order" default() @Param q query string false "Query" default() @Security Bearer @Success 200 {object} listUsersData @Failure 401 {object} echo.HTTPError "Unauthorized" @Failure 500 {object} echo.HTTPError "Internal server error" @Router /iam/users [get]

func (*IAMServer) HandleResetUserPassword 

func (s *IAMServer) HandleResetUserPassword(c echo.Context) error

HandleResetUserPassword resets a user's password @Summary Reset user password @ID reset-user-password @Tags Users @Produce json @Security Bearer @Param id path int true "User ID" @Success 200 {object} echo.Map @Failure 401 {object} echo.HTTPError "Unauthorized" @Failure 404 {object} echo.HTTPError "User not found" @Failure 500 {object} echo.HTTPError "Internal server error" @Router /iam/users/{id}/reset-password [put]

func (*IAMServer) HandleSetRoleApiRules 

func (s *IAMServer) HandleSetRoleApiRules(c echo.Context) error

HandleSetRoleApiRules godoc @Summary Set rules for role @Tags Roles @ID set-role-rules @Security Bearer @Param id path int true "Role ID" @Param body body setRoleApiRulesBody true "rules to set" @Success 200 {object} User @Failure 400 {object} echo.HTTPError "Bad Request" @Failure 401 {object} echo.HTTPError "Unauthorized" @Failure 500 {object} echo.HTTPError "Internal Server Error" @Router /iam/roles/{id}/rules [put]

func (*IAMServer) HandleSetRoleDisable 

func (s *IAMServer) HandleSetRoleDisable(c echo.Context) error

HandleSetRoleDisable godoc @Summary Set role disable @Tags Roles @ID set-role-disable @Security Bearer @Param id path int true "Role ID" @Success 200 {object} Role @Failure 401 {object} echo.HTTPError "Unauthorized" @Failure 403 {object} echo.HTTPError "Forbidden" @Failure 500 {object} echo.HTTPError "Internal server error" @Router /iam/roles/{id}/disable [put]

func (*IAMServer) HandleSetRoleEnable 

func (s *IAMServer) HandleSetRoleEnable(c echo.Context) error

HandleSetRoleEnable godoc @Summary Set role enable @Tags Roles @ID set-role-enable @Security Bearer @Param id path int true "Role ID" @Success 200 {object} Role @Failure 401 {object} echo.HTTPError "Unauthorized" @Failure 403 {object} echo.HTTPError "Forbidden" @Failure 500 {object} echo.HTTPError "Internal server error" @Router /iam/roles/{id}/enable [put]

func (*IAMServer) HandleSetUserDisable 

func (s *IAMServer) HandleSetUserDisable(c echo.Context) error

HandleSetUserDisable godoc @Summary Set user disable @Tags Users @ID set-user-disable @Security Bearer @Param id path int true "User ID" @Success 200 {object} User @Failure 401 {object} echo.HTTPError "Unauthorized" @Failure 403 {object} echo.HTTPError "Forbidden" @Failure 500 {object} echo.HTTPError "Internal server error" @Router /iam/users/{id}/disable [put]

func (*IAMServer) HandleSetUserEnable 

func (s *IAMServer) HandleSetUserEnable(c echo.Context) error

HandleSetUserEnable godoc @Summary Set user enable @Tags Users @ID set-user-enable @Security Bearer @Param id path int true "User ID" @Success 200 {object} User @Failure 401 {object} echo.HTTPError "Unauthorized" @Failure 403 {object} echo.HTTPError "Forbidden" @Failure 500 {object} echo.HTTPError "Internal server error" @Router /iam/users/{id}/enable [put]

func (*IAMServer) HandleSetUserRoles 

func (s *IAMServer) HandleSetUserRoles(c echo.Context) error

HandleSetUserRoles godoc @Summary Set roles for user @Tags Users @ID set-user-roles @Security Bearer @Param id path int true "User ID" @Param body body setUserRoles true "Roles to set" @Success 200 {object} User @Failure 400 {object} echo.HTTPError "Bad Request" @Failure 401 {object} echo.HTTPError "Unauthorized" @Failure 500 {object} echo.HTTPError "Internal Server Error" @Router /iam/users/{id}/roles [put]

func (*IAMServer) HandleUpdateRole 

func (s *IAMServer) HandleUpdateRole(c echo.Context) error

HandleUpdateRole godoc @Summary Update role @Tags Roles @ID update-role @Security Bearer @Param id path int true "Role ID" @Param body body updateRoleBody true "Update Role Body" @Success 200 {object} Role @Failure 400 {object} echo.HTTPError "Bad Request" @Failure 401 {object} echo.HTTPError "Unauthorized" @Failure 500 {object} echo.HTTPError "Internal server error" @Router /iam/roles/{id} [put]

func (*IAMServer) HandleUpdateUser 

func (s *IAMServer) HandleUpdateUser(c echo.Context) error

HandleUpdateUser updates a user @Summary Update user @ID update-user @Tags Users @Produce json @Security Bearer @Param id path int true "User ID" @Param body body updateUserBody true "User" @Success 200 {object} User @Failure 400 {object} echo.HTTPError "Bad Request: invalid input parameter" @Failure 401 {object} echo.HTTPError "Unauthorized" @Failure 404 {object} echo.HTTPError "User not found" @Failure 500 {object} echo.HTTPError "Internal server error" @Router /iam/users/{id} [put]

func (*IAMServer) HandleWhoAmI 

func (s *IAMServer) HandleWhoAmI(c echo.Context) error

@Summary Get current user information @Tags Current @ID get-current @Accept json @Produce json @Security Bearer @Success 200 {object} User "User information" @Failure 401 {object} echo.HTTPError "Unauthorized" @Failure 500 {object} echo.HTTPError "Internal server error" @Router /iam/current [GET]

func (*IAMServer) InsertAuditLog 

func (s *IAMServer) InsertAuditLog(user *User, method string, registerPath string, path string, status int, metaData *jsontype.Tags) error

func (*IAMServer) MakeAuditLogHandler 

func (s *IAMServer) MakeAuditLogHandler() echo.MiddlewareFunc

func (*IAMServer) MakeJwtHandler 

func (s *IAMServer) MakeJwtHandler() echo.MiddlewareFunc

func (*IAMServer) MakeLoginHandler 

func (s *IAMServer) MakeLoginHandler() echo.MiddlewareFunc

func (*IAMServer) SetApiRulesForRole 

func (s *IAMServer) SetApiRulesForRole(domain string, role string, rules []ApiRule) (bool, error)

func (*IAMServer) SetAuditLogIgnoreIds 

func (s *IAMServer) SetAuditLogIgnoreIds(ids []string)

func (*IAMServer) SetGroupPoliciesForRole 

func (s *IAMServer) SetGroupPoliciesForRole(domain string, role string, rules []GroupRule) (bool, error)

func (*IAMServer) SetRolesForUser 

func (s *IAMServer) SetRolesForUser(domain string, user string, roles []string) (bool, error)

func (*IAMServer) SetupAdmin 

func (s *IAMServer) SetupAdmin(schema string, password string) error

func (*IAMServer) SetupEchoGroup 

func (s *IAMServer) SetupEchoGroup(group *echo.Group) *echo.Group

type Role 

type Role struct {
	ID      uint           `json:"Id" gorm:"primarykey"`
	Updated int64          `json:"Updated" gorm:"autoUpdateTime"`
	Created int64          `json:"Created" gorm:"autoCreateTime"`
	Deleted gorm.DeletedAt `json:"Deleted" gorm:"index"`

	Schema      string                            `json:"Schema" gorm:"uniqueIndex:idx_iam_role_unique"`
	Name        string                            `json:"Name" gorm:"uniqueIndex:idx_iam_role_unique,<-:create"`
	Alias       string                            `json:"Alias"`
	Default     bool                              `json:"Default" gorm:"<-:create,default:false"`
	Enable      bool                              `json:"Enable" gorm:"index"`
	MetaDataRaw jsontype.JSONType[*jsontype.Tags] `json:"-" gorm:"column:meta_data"`
	MetaData    *jsontype.Tags                    `json:"MetaData" gorm:"-"`

	Rules []string `json:"Rules" gorm:"-"`
}

func (*Role) AfterFind 

func (m *Role) AfterFind(tx *gorm.DB) (err error)

func (*Role) BeforeSave 

func (m *Role) BeforeSave(tx *gorm.DB) (err error)

func (*Role) GetRules 

func (m *Role) GetRules(s *IAMServer)

type Tags 

type Tags map[string]any

type User 

type User struct {
	ID      uint           `json:"Id" gorm:"primarykey"`
	Updated int64          `json:"Updated" gorm:"autoUpdateTime"`
	Created int64          `json:"Created" gorm:"autoCreateTime"`
	Deleted gorm.DeletedAt `json:"Deleted" gorm:"index"`

	Schema           string                            `json:"Schema" gorm:"uniqueIndex:idx_iam_user_unique"`
	Name             string                            `json:"Name" gorm:"uniqueIndex:idx_iam_user_unique,<-:create"`
	Alias            string                            `json:"Alias"`
	Password         string                            `json:"-"`
	PasswordExpireAt int64                             `json:"PasswordExpireAt"`
	Default          bool                              `json:"Default" gorm:"<-:create,default:false"`
	Enable           bool                              `json:"Enable" gorm:"index"`
	MetaDataRaw      jsontype.JSONType[*jsontype.Tags] `json:"-" gorm:"column:meta_data"`
	MetaData         *jsontype.Tags                    `json:"MetaData" gorm:"-"`
	Roles            []string                          `json:"Roles" gorm:"-"`
	Rules            []string                          `json:"Rules" gorm:"-"`
}

func (*User) AfterFind 

func (m *User) AfterFind(tx *gorm.DB) (err error)

func (*User) BeforeSave 

func (m *User) BeforeSave(tx *gorm.DB) (err error)

func (*User) ChangePassword 

func (s *User) ChangePassword(old string, password string) bool

func (User) CheckPassword 

func (s User) CheckPassword(password string) bool

func (*User) GetRolesAndRules 

func (m *User) GetRolesAndRules(s *IAMServer)

func (*User) SetPassword 

func (s *User) SetPassword(password string)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.