Documentation ¶
Overview ¶
Package config maintains information about permissions.
The format and API's in this package will probably change over time.
Index ¶
- Constants
- Variables
- func SetUser(r *http.Request, u *User) *http.Request
- type Authenticator
- type BasicAuthAuthenticator
- func (b *BasicAuthAuthenticator) AddUserPassword(key string, password string)
- func (b *BasicAuthAuthenticator) Authenticate(w http.ResponseWriter, r *http.Request) (*User, error)
- func (b *BasicAuthAuthenticator) Logout(w http.ResponseWriter, r *http.Request)
- func (b *BasicAuthAuthenticator) SetPolicy(p *Policy)
- type FileConfig
- type GoogleAuthenticator
- func (g *GoogleAuthenticator) Authenticate(w http.ResponseWriter, r *http.Request) (*User, error)
- func (g *GoogleAuthenticator) Logout(w http.ResponseWriter, r *http.Request)
- func (g *GoogleAuthenticator) SetPolicy(p *Policy)
- func (g *GoogleAuthenticator) URL(w http.ResponseWriter, r *http.Request) string
- type Group
- type NoopAuthenticator
- type OAuthAuthenticator
- type Permission
- type Policy
- type PolicyPolicy
- type Settings
- type User
- func (u *User) CanPlayRecordings() bool
- func (u *User) CanViewAlerts() bool
- func (u *User) CanViewCallFrom() bool
- func (u *User) CanViewCallPrice() bool
- func (u *User) CanViewCallTo() bool
- func (u *User) CanViewCallbackURLs() bool
- func (u *User) CanViewCalls() bool
- func (u *User) CanViewConferences() bool
- func (u *User) CanViewMedia() bool
- func (u *User) CanViewMessageBody() bool
- func (u *User) CanViewMessageFrom() bool
- func (u *User) CanViewMessagePrice() bool
- func (u *User) CanViewMessageTo() bool
- func (u *User) CanViewMessages() bool
- func (u *User) CanViewNumMedia() bool
- func (u *User) CanViewNumRecordings() bool
- func (u *User) CanViewRecordingPrice() bool
- func (u *User) CanViewResource(resourceCreatedAt time.Time, globalMaxAge time.Duration) bool
- type UserSettings
Constants ¶
const AuthTimeout = 1 * time.Hour
const DefaultPageSize = 50
const DefaultPort = "4114"
const GoogleTimeout = 5 * time.Second
Variables ¶
var DefaultMaxResourceAge = time.Since(twilio.Epoch)
DefaultMaxResourceAge allows all resources to be fetched. The company was founded in 2008, so there should definitely be no resources created in the 1980's.
var DefaultTimezones = []string{
"America/Los_Angeles",
"America/Denver",
"America/Chicago",
"America/New_York",
}
DefaultTimezones are a user's options if no timezones are configured. These correspond to the 4 timezones in the USA, west to east.
var DefaultUser = NewUser(AllUserSettings())
var ErrTooOld = errors.New("Cannot access this resource because its age exceeds the viewable limit")
ErrTooOld is returned for a resource that's more than MaxResourceAge old.
var MustLogin = errors.New("Need to login")
var PermissionDenied = errors.New("You do not have permission to access that information")
Functions ¶
Types ¶
type Authenticator ¶
type Authenticator interface { SetPolicy(*Policy) // Authenticate ensures the request is authenticated. If it is not // authenticated, or authentication returns an error, Authenticate will // write a response and return a non-nil error. Authenticate(http.ResponseWriter, *http.Request) (*User, error) Logout(http.ResponseWriter, *http.Request) }
type BasicAuthAuthenticator ¶
type BasicAuthAuthenticator struct { Realm string // Passwords holds a map of usernames/passwords for basic auth. The keys // should match the keys in the Users map. Passwords map[string]string Policy *Policy // contains filtered or unexported fields }
BasicAuthAuthenticator can authenticate users via Basic Auth. Call AddUserPassword to set a Basic Auth user/password combo, and SetPolicy to set the Policy for authenticated users. If no Policy has been set, DefaultUser will be returned for all authenticated users.
func NewBasicAuthAuthenticator ¶
func NewBasicAuthAuthenticator(realm string) *BasicAuthAuthenticator
func (*BasicAuthAuthenticator) AddUserPassword ¶
func (b *BasicAuthAuthenticator) AddUserPassword(key string, password string)
AddUserPassword sets a user and password for Basic Auth. AddUserPassword overrides any previous passwords that have been set for key. Call AddUserPassword with an empty password to remove a user.
func (*BasicAuthAuthenticator) Authenticate ¶
func (b *BasicAuthAuthenticator) Authenticate(w http.ResponseWriter, r *http.Request) (*User, error)
Authenticate checks whether the request was made with a valid user/password via Basic Auth. When authenticating, if the Basic Auth user is in the policy, that user's permissions are used. If no user is available, but a policy is defined and it contains a "default" group, those permissions are used. If no policy is present, config.DefaultUser is returned for authenticated users.
func (*BasicAuthAuthenticator) Logout ¶
func (b *BasicAuthAuthenticator) Logout(w http.ResponseWriter, r *http.Request)
func (*BasicAuthAuthenticator) SetPolicy ¶
func (b *BasicAuthAuthenticator) SetPolicy(p *Policy)
SetPolicy sets the policy. Call AddUserPassword to set a Basic Auth user / password.
type FileConfig ¶
type FileConfig struct { Port string `yaml:"port"` AccountSid string `yaml:"twilio_account_sid"` AuthToken string `yaml:"twilio_auth_token"` Realm services.Rlm `yaml:"realm"` // Default timezone for dates/times in the UI Timezone string `yaml:"default_timezone"` // List of timezones a user can choose in the UI Timezones []string `yaml:"timezones"` PublicHost string `yaml:"public_host"` // IP subnets that are allowed to visit the site. THIS IS NOT A SECURITY // FEATURE. IP ADDRESSES ARE EASILY SPOOFED, AND YOUR IP ADDRESS IS EASILY // DISCOVERABLE. To determine a user's ip address, we check the first value // in a X-Forwarded-For header, or the RemoteHost value of a http.Request. // // If you have an IPv4 address, the subnet for *only* that address is // "A.B.C.D/32". The recommended smallest subnet for IPv6 is /64. IPSubnets []string `yaml:"ip_subnets"` PageSize uint `yaml:"page_size"` SecretKey string `yaml:"secret_key"` MaxResourceAge time.Duration `yaml:"max_resource_age"` // Need a pointer to a boolean here since we want to be able to distinguish // "false" from "omitted" ShowMediaByDefault *bool `yaml:"show_media_by_default,omitempty"` EmailAddress string `yaml:"email_address"` ErrorReporter string `yaml:"error_reporter,omitempty"` ErrorReporterToken string `yaml:"error_reporter_token,omitempty"` AuthScheme string `yaml:"auth_scheme"` User string `yaml:"basic_auth_user"` Password string `yaml:"basic_auth_password"` GoogleClientID string `yaml:"google_client_id"` GoogleClientSecret string `yaml:"google_client_secret"` GoogleAllowedDomains []string `yaml:"google_allowed_domains"` PolicyFile string `yaml:"policy_file"` Policy *Policy Debug bool `yaml:"debug"` }
FileConfig defines the settings you can load from a YAML configuration file. Load configuration from a YAML file into a FileConfig struct, then call NewSettingsFromConfig to get a Settings object.
All of the types and values here should be representable in a YAML file.
type GoogleAuthenticator ¶
type GoogleAuthenticator struct { log.Logger AllowUnencryptedTraffic bool Conf *oauth2.Config RenderLogin func(http.ResponseWriter, *http.Request, string) RenderLogout func(http.ResponseWriter, *http.Request) // contains filtered or unexported fields }
func NewGoogleAuthenticator ¶
func NewGoogleAuthenticator(logger log.Logger, clientID string, clientSecret string, baseURL string, allowedDomains []string, secretKey *[32]byte) *GoogleAuthenticator
NewGoogleAuthenticator creates a new GoogleAuthenticator that can authenticate requests via Google login.
To get a clientID and clientSecret, see https://github.com/kevinburke/logrole/blob/master/docs/google.md
func (*GoogleAuthenticator) Authenticate ¶
func (g *GoogleAuthenticator) Authenticate(w http.ResponseWriter, r *http.Request) (*User, error)
func (*GoogleAuthenticator) Logout ¶
func (g *GoogleAuthenticator) Logout(w http.ResponseWriter, r *http.Request)
func (*GoogleAuthenticator) SetPolicy ¶
func (g *GoogleAuthenticator) SetPolicy(p *Policy)
func (*GoogleAuthenticator) URL ¶
func (g *GoogleAuthenticator) URL(w http.ResponseWriter, r *http.Request) string
type Group ¶
type Group struct { Permissions *UserSettings `yaml:"permissions"` Name string `yaml:"name"` Default bool `yaml:"default,omitempty"` Users []string `yaml:"users"` }
type NoopAuthenticator ¶
type NoopAuthenticator struct {
User *User
}
NoopAuthenticator returns the given User in response to all Authenticate requests.
func (*NoopAuthenticator) Authenticate ¶
func (n *NoopAuthenticator) Authenticate(w http.ResponseWriter, r *http.Request) (*User, error)
func (*NoopAuthenticator) Logout ¶
func (n *NoopAuthenticator) Logout(w http.ResponseWriter, r *http.Request)
func (*NoopAuthenticator) SetPolicy ¶
func (n *NoopAuthenticator) SetPolicy(p *Policy)
SetPolicy does nothing.
type OAuthAuthenticator ¶
type OAuthAuthenticator interface {
URL(http.ResponseWriter, *http.Request) string
}
type Permission ¶
type Permission struct {
// contains filtered or unexported fields
}
func NewPermission ¶
func NewPermission(maxResourceAge time.Duration) *Permission
func (*Permission) MaxResourceAge ¶
func (p *Permission) MaxResourceAge() time.Duration
type Policy ¶
type Policy []*Group
TODO naming here
func (*Policy) Lookup ¶
Lookup finds the User with the given id. If no user with that name is found, but a default group is defined, a user from that group is returned. The boolean is true if a user was found directly by id. Otherwise returns an error.
Lookup assumes the Policy is valid.
func (*Policy) UnmarshalYAML ¶
Unmarshal a YAML file into a Policy. Need a custom Unmarshaler so we can detect a nil UserSettings object and replace it with one where all permissions are set to true.
type PolicyPolicy ¶
type PolicyPolicy struct {
Policy *Policy `yaml:"policy"`
}
type Settings ¶
type Settings struct { Logger log.Logger // The host the user visits to get to this site. PublicHost string // Whether to allow HTTP traffic. AllowUnencryptedTraffic bool Client *twilio.Client // LocationFinder determines the correct timezone to display for a given // request, based on the default and a user's TZ cookie (if present). LocationFinder services.LocationFinder // How many messages to display per page. PageSize uint // Used to encrypt next page URI's and sessions. See // https://github.com/kevinburke/logrole/blob/master/docs/settings.md#secret-key SecretKey *[32]byte // Don't show resources that are older than this age. Set to a very high // value to show all resources. MaxResourceAge time.Duration // Should a user have to click a button to view media attached to a MMS? ShowMediaByDefault bool // Email address for server errors / "contact me" on error pages. Mailto *mail.Address // Error reporter. This must not be nil; set to NoopErrorReporter to ignore // errors. Reporter services.ErrorReporter // The authentication scheme. Authenticator Authenticator // THIS IS NOT A SECURITY FEATURE AND SHOULD NOT BE RELIED ON FOR IP // WHITELISTING. IPSubnets []*net.IPNet }
Settings are used to configure a Server and apply to all of the website's users.
func NewSettingsFromConfig ¶
func NewSettingsFromConfig(c *FileConfig, l log.Logger) (settings *Settings, err error)
NewSettingsFromConfig creates a new Settings object from the given FileConfig, or an error.
Pass a log.Logger to configure how messages are logged. If the Logger is nil, github.com/kevinburke/handlers.Logger will be used.
type User ¶
type User struct {
// contains filtered or unexported fields
}
func NewUser ¶
func NewUser(us *UserSettings) *User
NewUser creates a new User with the given settings.
func (*User) CanPlayRecordings ¶
func (*User) CanViewAlerts ¶
func (*User) CanViewCallFrom ¶
func (*User) CanViewCallPrice ¶
func (*User) CanViewCallTo ¶
func (*User) CanViewCallbackURLs ¶
func (*User) CanViewCalls ¶
func (*User) CanViewConferences ¶
func (*User) CanViewMedia ¶
func (*User) CanViewMessageBody ¶
func (*User) CanViewMessageFrom ¶
func (*User) CanViewMessagePrice ¶
func (*User) CanViewMessageTo ¶
func (*User) CanViewMessages ¶
func (*User) CanViewNumMedia ¶
func (*User) CanViewNumRecordings ¶
func (*User) CanViewRecordingPrice ¶
func (*User) CanViewResource ¶
CanViewResource returns true if the specified timestamp is within the user's maxResourceAge setting. If the user's maxResourceAge is nonzero, it overrides the globalMaxAge. Returns true if the globalMaxAge and the user's maxResourceAge are both zero.
type UserSettings ¶
type UserSettings struct { // Can the user see whether a message had MMS attached? CanViewNumMedia bool `yaml:"can_view_num_media"` // Can the user view anything about a SMS/MMS message? CanViewMessages bool `yaml:"can_view_messages"` // Can the user view the message sender? CanViewMessageFrom bool `yaml:"can_view_message_from"` // Can the user view the message recipient's phone number? CanViewMessageTo bool `yaml:"can_view_message_to"` // Can the user view a SMS message body? CanViewMessageBody bool `yaml:"can_view_message_body"` // Can the user view the photos in a MMS message? CanViewMedia bool `yaml:"can_view_media"` // Can the user see how much a message cost to send? CanViewMessagePrice bool `yaml:"can_view_message_price"` // Can the user see any information about a call? CanViewCalls bool `yaml:"can_view_calls"` // Can the user view the call originator? CanViewCallFrom bool `yaml:"can_view_call_from"` // Can the user view the call recipient? CanViewCallTo bool `yaml:"can_view_call_to"` CanViewCallPrice bool `yaml:"can_view_call_price"` // Can the user see whether a call has recordings attached? CanViewNumRecordings bool `yaml:"can_view_num_recordings"` // Can the user listen to recordings? CanPlayRecordings bool `yaml:"can_play_recordings"` CanViewRecordingPrice bool `yaml:"can_view_recording_price"` // Can the user view metadata about a conference (sid, date created, // region, etc)? CanViewConferences bool `yaml:"can_view_conferences"` // Can the user view information about errors that occurred while routing // a call? e.g. "HTTP retrieval failure" at the callback URL. CanViewAlerts bool `yaml:"can_view_alerts"` // Can the user view a StatusCallbackURL? Also protects // Voice/SMS/Fallback/Callback URL's for phone numbers. CanViewCallbackURLs bool `yaml:"can_view_callback_urls"` // The maximum viewable age of resources this user can view. If nonzero, // this overrides any global setting. // // Note phone numbers are *exempt* from this rule. All of your account's phone // numbers will be viewable even if the phone number was purchased before this // age. MaxResourceAge time.Duration `yaml:"max_resource_age"` }
UserSettings are used to define which permissions a User has. When parsing from YAML, any omitted fields are set to "true".
func AllUserSettings ¶
func AllUserSettings() *UserSettings
AllUserSettings returns a UserSettings value with the widest possible set of permissions.
func (*UserSettings) UnmarshalYAML ¶
func (us *UserSettings) UnmarshalYAML(unmarshal func(interface{}) error) error
Unmarshal YAML into the UserSettings object. By default, unspecified values are set to true.