auth

package
v0.0.0-...-e9c30ff Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 20, 2024 License: Apache-2.0 Imports: 16 Imported by: 0

Documentation

Index

Constants

View Source 
const CurrentTokenVersion = 2

Variables

View Source 
var PermissionLevelOrder = map[PermissionLevel]int{
	UnauthenticatedPermissionLevel: 0,
	UserPermissionLevel:            1,
	AppEditorPermissionLevel:       2,
	AdminPermissionLevel:           3,
}

PermissionLevelOrder allows for checking which permission levels are more elevated; a higher value means higher privileges

Functions

func RecordAuthEvent 

func RecordAuthEvent(ctxCtx context.Context, address string, reason types.AuthReason, reasonInfo interface{}, method types.AuthMethod, methodInfo interface{}) error

RecordAuthEvent records an auth event in the database

func UserPermissionLevelIsAtLeast 

func UserPermissionLevelIsAtLeast(user User, level PermissionLevel) bool

Types

type APIUserSerializer 

type APIUserSerializer func(ctx context.Context, user User) *proto.User

APIUserSerializer is a function that is able to return the protobuf representation of a user

type JWTManager 

type JWTManager struct {
	// contains filtered or unexported fields
}

JWTManager generates and verifies access tokens

func NewJWTManager 

func NewJWTManager(secretKey []byte, tokenLifetimes map[PermissionLevel]time.Duration) (*JWTManager, error)

NewJWTManager returns a new JWTManager

func (*JWTManager) Generate 

func (manager *JWTManager) Generate(ctx context.Context, rewardAddress string, permissionLevel PermissionLevel, username string) (string, time.Time, int, error)

Generate generates a JWT for a user

func (*JWTManager) InvalidateUserAuthTokens 

func (manager *JWTManager) InvalidateUserAuthTokens(ctxCtx context.Context, user User) error

InvalidateUserAuthTokens invalidates all previously issued authentication tokens for the given user

func (*JWTManager) IsTokenAboutToExpire 

func (manager *JWTManager) IsTokenAboutToExpire(claims *UserClaims) bool

IsTokenAboutToExpire returns whether the given token needs renewing ASAP

func (*JWTManager) Verify 

func (manager *JWTManager) Verify(ctx context.Context, accessToken string) (*UserClaims, error)

Verify verifies a JWT

type PermissionLevel 

type PermissionLevel string

PermissionLevel represents the elevation of a user 

const AdminPermissionLevel PermissionLevel = "admin"
const AppEditorPermissionLevel PermissionLevel = "appeditor"
const UnauthenticatedPermissionLevel PermissionLevel = "" // must be the empty string

const UserPermissionLevel PermissionLevel = "user"

func ParseAPIPermissionLevel 

func ParseAPIPermissionLevel(level proto.PermissionLevel) PermissionLevel

ParseAPIPermissionLevel parses a protobuf permission level into a Permission Level

func ParsePermissionLevel 

func ParsePermissionLevel(p string) (PermissionLevel, error)

ParsePermissionLevel parses a permission level into a PermissionLevel

func (PermissionLevel) SerializeForAPI 

func (p PermissionLevel) SerializeForAPI() proto.PermissionLevel

type ThirdPartyAuthenticationCredentials 

type ThirdPartyAuthenticationCredentials struct {
	AuthToken string
	Expiry    time.Time
}

ThirdPartyAuthenticationCredentials are the credentials provided to a third party when the authorization process is approved by the user

type ThirdPartyAuthorizationProcess 

type ThirdPartyAuthorizationProcess struct {
	ID              string                                           // generated by the server
	ApplicationName string                                           // provided by the third party on a per-request basis
	PermissionLevel PermissionLevel                                  // provided by the third party on a per-request basis
	Reason          string                                           // provided by the third party on a per-request basis, shown to the user making it clear the third-party is being quoted
	Complete        bool                                             // set to true once the user consents or dissents
	UserConsented   event.Event[ThirdPartyAuthenticationCredentials] // fired when the user approves the authorization request
	UserDissented   event.NoArgEvent                                 // fired when the user rejects the authorization request or when it expires
	// contains filtered or unexported fields
}

ThirdPartyAuthorizationProcess is the process for authorizing a third party to act on a user's behalf

func (*ThirdPartyAuthorizationProcess) Consent 

func (process *ThirdPartyAuthorizationProcess) Consent(ctx context.Context, user User, remoteAddress string) error

func (*ThirdPartyAuthorizationProcess) Dissent 

func (process *ThirdPartyAuthorizationProcess) Dissent()

type ThirdPartyAuthorizer 

type ThirdPartyAuthorizer struct {
	// contains filtered or unexported fields
}

ThirdPartyAuthorizer is responsible for authorizing external systems to act on a user's behalf

func NewThirdPartyAuthorizer 

func NewThirdPartyAuthorizer(jwtManager *JWTManager) *ThirdPartyAuthorizer

NewThirdPartyAuthorizer returns a new initialized ThirdPartyAuthorizer

func (*ThirdPartyAuthorizer) BeginProcess 

func (authorizer *ThirdPartyAuthorizer) BeginProcess(applicationName string, permissionLevel PermissionLevel, reason string) *ThirdPartyAuthorizationProcess

func (*ThirdPartyAuthorizer) GetProcess 

func (authorizer *ThirdPartyAuthorizer) GetProcess(id string) (*ThirdPartyAuthorizationProcess, bool)

type User 

type User interface {
	Address() string
	PermissionLevel() PermissionLevel
	IsUnknown() bool
	IsFromAlienChain() bool
	ApplicationID() string

	Nickname() *string
	SetNickname(*string)
	ModeratorName() string
}

User represents an identity on the service 

var UnknownUser User = &unknownUser{}

func BuildNonAuthorizedUser 

func BuildNonAuthorizedUser(address string, permissionLevel PermissionLevel, nickname *string, applicationID *string) User

BuildNonAuthorizedUser uses the specified components to return a User that is not backed by JWT claims

func NewAddressOnlyUser 

func NewAddressOnlyUser(address string) User

func NewAddressOnlyUserWithPermissionLevel 

func NewAddressOnlyUserWithPermissionLevel(address string, permLevel PermissionLevel) User

func NewApplicationUser 

func NewApplicationUser(address string, applicationID string) User

type UserClaims 

type UserClaims struct {
	jwt.StandardClaims

	ClaimsVersion int `json:"claims_version"`
	Season        int `json:"season"` // incremented on a per-user basis when each user wants to invalidate all of their auth tokens
	// contains filtered or unexported fields
}

UserClaims is the claim type used

func (*UserClaims) Address 

func (u *UserClaims) Address() string

func (*UserClaims) ApplicationID 

func (u *UserClaims) ApplicationID() string

func (*UserClaims) IsFromAlienChain 

func (u *UserClaims) IsFromAlienChain() bool

func (*UserClaims) IsUnknown 

func (u *UserClaims) IsUnknown() bool

func (*UserClaims) ModeratorName 

func (u *UserClaims) ModeratorName() string

func (*UserClaims) Nickname 

func (u *UserClaims) Nickname() *string

func (*UserClaims) PermissionLevel 

func (u *UserClaims) PermissionLevel() PermissionLevel

func (*UserClaims) SetNickname 

func (u *UserClaims) SetNickname(s *string)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.