security

package
v0.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 10, 2024 License: Apache-2.0 Imports: 14 Imported by: 0

Documentation

Index

Constants

View Source 
const (

	// AuthHeaderKey helps to obtain authorization header matching the field in a request
	AuthHeaderKey = "authorization"
)

Variables

View Source 
var (
	ErrPermissionDenied          = errors.New("auth: permission denied")
	ErrInvalidAuthToken          = errors.New("auth: invalid auth token")
	ErrInvalidUsernameOrPassword = errors.New("auth: invalid username or password")
)

Functions

This section is empty.

Types

type AuthenticationDB 

type AuthenticationDB interface {
	// AddUser adds new user with name, password and permission groups. Password should be already hashed.
	AddUser(name, password string, permissions []string) error
	// GetUser returns user data according to name, or nil of not found
	GetUser(name string) (*User, error)
	// Authenticate authenticates user with password.
	Authenticate(name, password string) error
	// SetLoginTime writes last login time for specific user
	SetLoginTime(name string)
	// SetLogoutTime writes last logout time for specific user
	SetLogoutTime(name string)
	// IsLoggedOut uses login/logout timestamps to evaluate whether the user was logged out
	IsLoggedOut(name string) (bool, error)
}

AuthenticationDB is common interface to access user database/permissions

func CreateDefaultAuthDB 

func CreateDefaultAuthDB(cost int) AuthenticationDB

CreateDefaultAuthDB builds new default storage

type AuthenticatorAPI 

type AuthenticatorAPI interface {
	// RegisterHandlers registers authenticator handlers to router.
	RegisterHandlers(router *mux.Router)

	// AddPermissionGroup adds new permission group. PG is defined by name and
	// a set of URL keys. User with permission group enabled has access to that
	// set of keys. PGs with duplicated names are skipped.
	AddPermissionGroup(group ...*access.PermissionGroup)

	// Validate provides middleware used while registering new HTTP handler.
	// For every request, token and permission group is validated.
	Validate(h http.Handler) http.Handler

	// AuthorizeRequest tries to authorize user from request.
	AuthorizeRequest(r *http.Request) (user string, err error)

	// IsPermitted checks if user is permitted to access URL from request.
	IsPermitted(user string, r *http.Request) error
}

AuthenticatorAPI provides methods for handling permissions

func NewAuthenticator 

func NewAuthenticator(opt *Settings, log logging.Logger) AuthenticatorAPI

NewAuthenticator prepares new instance of authenticator.

type Settings 

type Settings struct {
	// Router
	Router *mux.Router
	// Authentication database, default implementation is used if not set
	AuthStore AuthenticationDB
	// List of registered users
	Users []access.User
	// Expiration time (token claim). If not set, default value of 1 hour will be used.
	ExpTime time.Duration
	// Cost value used to hash user passwords
	Cost int
	// Custom token sign key. If not set, default value will be used.
	SignKey string
}

Settings defines fields required to instantiate authenticator

type User 

type User struct {
	access.User
	// contains filtered or unexported fields
}

User stores credentials, permissions and tracks last login/logout

Source Files

View all Source files

Directories

Path Synopsis
model
access-security

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.