auth

package

v2.5.1+incompatible Latest Latest Go to latest Published: Feb 15, 2019 License: MIT Imports: 13 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/abck/chirpstack-application-server

Links

Documentation ¶

Index ¶

Variables
type Claims
type Flag
type JWTValidator
- func NewJWTValidator(db sqlx.Ext, algorithm, secret string) *JWTValidator
type Validator
type ValidatorFunc

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	ErrNoMetadataInContext       = errors.New("no metadata in context")
	ErrNoAuthorizationInMetadata = errors.New("no authorization-data in metadata")
	ErrInvalidAlgorithm          = errors.New("invalid algorithm")
	ErrInvalidToken              = errors.New("invalid token")
	ErrNotAuthorized             = errors.New("not authorized")
)

errors

View Source

var DisableAssignExistingUsers = false

DisableAssignExistingUsers controls if existing users can be assigned to an organization or application. When set to false (default), organization admin users are able to list all users, which might depending on the context of the setup be a privacy issue.

Functions ¶

This section is empty.

Types ¶

type Claims ¶

type Claims struct {
	jwt.StandardClaims

	// Username defines the identity of the user.
	Username string `json:"username"`
}

Claims defines the struct containing the token claims.

type Flag ¶

type Flag int

Flag defines the authorization flag.

const (
	Create Flag = iota
	Read
	Update
	Delete
	List
	UpdateProfile
)

Authorization flags.

type JWTValidator ¶

type JWTValidator struct {
	// contains filtered or unexported fields
}

JWTValidator validates JWT tokens.

func NewJWTValidator ¶

func NewJWTValidator(db sqlx.Ext, algorithm, secret string) *JWTValidator

NewJWTValidator creates a new JWTValidator.

func (JWTValidator) GetIsAdmin ¶

func (v JWTValidator) GetIsAdmin(ctx context.Context) (bool, error)

GetIsAdmin returns if the authenticated user is a global amin.

func (JWTValidator) GetUsername ¶

func (v JWTValidator) GetUsername(ctx context.Context) (string, error)

GetUsername returns the username of the authenticated user.

func (JWTValidator) Validate ¶

func (v JWTValidator) Validate(ctx context.Context, funcs ...ValidatorFunc) error

Validate validates the token from the given context against the given validator funcs.

type Validator ¶

type Validator interface {
	// Validate validates the given set of validators against the given context.
	// Must return after the first validator function either returns true or
	// and error. The way how the validation must be seens is:
	//   if validatorFunc1 || validatorFunc2 || validatorFunc3 ...
	// In case multiple validators must validate to true, then a validator
	// func needs to be implemented which validates a given set of funcs as:
	//   if validatorFunc1 && validatorFunc2 && ValidatorFunc3 ...
	Validate(context.Context, ...ValidatorFunc) error

	// GetUsername returns the name of the authenticated user.
	GetUsername(context.Context) (string, error)

	// GetIsAdmin returns if the authenticated user is a global admin.
	GetIsAdmin(context.Context) (bool, error)
}

Validator defines the interface a validator needs to implement.

type ValidatorFunc ¶

type ValidatorFunc func(sqlx.Queryer, *Claims) (bool, error)

ValidatorFunc defines the signature of a claim validator function. It returns a bool indicating if the validation passed or failed and an error in case an error occured (e.g. db connectivity).

func ValidateActiveUser ¶

func ValidateActiveUser() ValidatorFunc

ValidateActiveUser validates if the user in the JWT claim is active.

func ValidateApplicationAccess ¶

func ValidateApplicationAccess(applicationID int64, flag Flag) ValidatorFunc

ValidateApplicationAccess validates if the client has access to the given application.

func ValidateApplicationUserAccess ¶

func ValidateApplicationUserAccess(applicationID, userID int64, flag Flag) ValidatorFunc

ValidateApplicationUserAccess validates if the client has access to the given application member.

func ValidateApplicationUsersAccess ¶

func ValidateApplicationUsersAccess(applicationID int64, flag Flag) ValidatorFunc

ValidateApplicationUsersAccess validates if the client has access to the given application members.

func ValidateApplicationsAccess ¶

func ValidateApplicationsAccess(flag Flag, organizationID int64) ValidatorFunc

ValidateApplicationsAccess validates if the client has access to the global applications resource.

func ValidateDeviceProfileAccess ¶

func ValidateDeviceProfileAccess(flag Flag, id uuid.UUID) ValidatorFunc

ValidateDeviceProfileAccess validates if the client has access to the given device-profile.

func ValidateDeviceProfilesAccess ¶

func ValidateDeviceProfilesAccess(flag Flag, organizationID, applicationID int64) ValidatorFunc

ValidateDeviceProfilesAccess validates if the client has access to the device-profiles.

func ValidateDeviceQueueAccess ¶

func ValidateDeviceQueueAccess(devEUI lorawan.EUI64, flag Flag) ValidatorFunc

ValidateDeviceQueueAccess validates if the client has access to the queue of the given node.

func ValidateGatewayAccess ¶

func ValidateGatewayAccess(flag Flag, mac lorawan.EUI64) ValidatorFunc

ValidateGatewayAccess validates if the client has access to the given gateway.

func ValidateGatewayProfileAccess ¶

func ValidateGatewayProfileAccess(flag Flag) ValidatorFunc

ValidateGatewayProfileAccess validates if the client has access to the gateway-profiles.

func ValidateGatewaysAccess ¶

func ValidateGatewaysAccess(flag Flag, organizationID int64) ValidatorFunc

ValidateGatewaysAccess validates if the client has access to the gateways.

func ValidateIsApplicationAdmin ¶

func ValidateIsApplicationAdmin(applicationID int64) ValidatorFunc

ValidateIsApplicationAdmin validates if the client has access to administrate the given application.

func ValidateIsOrganizationAdmin ¶

func ValidateIsOrganizationAdmin(organizationID int64) ValidatorFunc

ValidateIsOrganizationAdmin validates if the client has access to administrate the given organization.

func ValidateMulticastGroupAccess ¶

func ValidateMulticastGroupAccess(flag Flag, multicastGroupID uuid.UUID) ValidatorFunc

ValidateMulticastGroupAccess validates if the client has access to the given multicast-group.

func ValidateMulticastGroupQueueAccess ¶

func ValidateMulticastGroupQueueAccess(flag Flag, multicastGroupID uuid.UUID) ValidatorFunc

ValidateMulticastGroupQueueAccess validates if the client has access to the given multicast-group queue.

func ValidateMulticastGroupsAccess ¶

func ValidateMulticastGroupsAccess(flag Flag, organizationID int64) ValidatorFunc

ValidateMulticastGroupsAccess validates if the client has access to the multicast-groups.

func ValidateNetworkServerAccess ¶

func ValidateNetworkServerAccess(flag Flag, id int64) ValidatorFunc

ValidateNetworkServerAccess validates if the client has access to the given network-server.

func ValidateNetworkServersAccess ¶

func ValidateNetworkServersAccess(flag Flag, organizationID int64) ValidatorFunc

ValidateNetworkServersAccess validates if the client has access to the network-servers.

func ValidateNodeAccess ¶

func ValidateNodeAccess(devEUI lorawan.EUI64, flag Flag) ValidatorFunc

ValidateNodeAccess validates if the client has access to the given node.

func ValidateNodesAccess ¶

func ValidateNodesAccess(applicationID int64, flag Flag) ValidatorFunc

ValidateNodesAccess validates if the client has access to the global nodes resource.

func ValidateOrganizationAccess ¶

func ValidateOrganizationAccess(flag Flag, id int64) ValidatorFunc

ValidateOrganizationAccess validates if the client has access to the given organization.

func ValidateOrganizationNetworkServerAccess ¶

func ValidateOrganizationNetworkServerAccess(flag Flag, organizationID, networkServerID int64) ValidatorFunc

ValidateOrganizationNetworkServerAccess validates if the given client has access to the given organization id / network server id combination.

func ValidateOrganizationUserAccess ¶

func ValidateOrganizationUserAccess(flag Flag, organizationID, userID int64) ValidatorFunc

ValidateOrganizationUserAccess validates if the client has access to the given user of the given organization.

func ValidateOrganizationUsersAccess ¶

func ValidateOrganizationUsersAccess(flag Flag, id int64) ValidatorFunc

ValidateOrganizationUsersAccess validates if the client has access to the organization users.

func ValidateOrganizationsAccess ¶

func ValidateOrganizationsAccess(flag Flag) ValidatorFunc

ValidateOrganizationsAccess validates if the client has access to the organizations.

func ValidateServiceProfileAccess ¶

func ValidateServiceProfileAccess(flag Flag, id uuid.UUID) ValidatorFunc

ValidateServiceProfileAccess validates if the client has access to the given service-profile.

func ValidateServiceProfilesAccess ¶

func ValidateServiceProfilesAccess(flag Flag, organizationID int64) ValidatorFunc

ValidateServiceProfilesAccess validates if the client has access to the service-profiles.

func ValidateUserAccess ¶

func ValidateUserAccess(userID int64, flag Flag) ValidatorFunc

ValidateUserAccess validates if the client has access to the given user resource.

func ValidateUsersAccess ¶

func ValidateUsersAccess(flag Flag) ValidatorFunc

ValidateUsersAccess validates if the client has access to the global users resource.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL