auth

package
v1.5.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 20, 2023 License: Apache-2.0 Imports: 21 Imported by: 2

Documentation

Index

Constants

View Source 
const (
	PermissionNone = iota
	PermissionR
	PermissionRW
)

Non-admin permissions

View Source 
const PermissionAdmin = 254

PermissionAdmin the system admin permission byte

View Source 
const PermissionSysAdmin = 255

PermissionSysAdmin the admin permission byte

Variables

View Source 
var AuthEnabled bool

AuthEnabled toggles authentication on or off

View Source 
var DevMode bool

DevMode if set to true, remote client commands (except admin ones) will be accepted even if auth is off

View Source 
var ErrNoAuthData = errors.New("no authentication data provided").WithCode(errors.CodProtocolViolation)
View Source 
var ErrNotLoggedIn = errors.New("not logged in").WithCode(errors.CodInvalidAuthorizationSpecification)
View Source 
var IsTampered bool

IsTampered if set to true then one of the databases is tempered and the user is notified

View Source 
var IsValidUsername = regexp.MustCompile(`^[a-zA-Z0-9_]+$`).MatchString

IsValidUsername is a regexp function used to check username requirements

View Source 
var PasswordRequirementsMsg = fmt.Sprintf(
	"password must have between %d and %d letters, digits and special characters "+
		"of which at least 1 uppercase letter, 1 digit and 1 special character",
	minPasswordLen,
	maxPasswordLen,
)

PasswordRequirementsMsg message used to inform the user about password strength requirements

View Source 
var SysAdminPassword = SysAdminUsername

SysAdminPassword the admin password (can be default or from command flags, config or env var)

View Source 
var SysAdminUsername = "immudb"

SysAdminUsername the system admin username

View Source 
var UpdateMetrics func(context.Context)

UpdateMetrics callback which will be called to update metrics

View Source 
var WarnDefaultAdminPassword = "immudb user has the default password: please change it to ensure proper security"

WarnDefaultAdminPassword warning user message for the case when admin uses the default password

Functions

func ClientStreamInterceptor 

func ClientStreamInterceptor(token string) func(context.Context, *grpc.StreamDesc, *grpc.ClientConn, string, grpc.Streamer, ...grpc.CallOption) (grpc.ClientStream, error)

ClientStreamInterceptor gRPC client interceptor for streams

func ClientUnaryInterceptor 

func ClientUnaryInterceptor(token string) func(context.Context, string, interface{}, interface{}, *grpc.ClientConn, grpc.UnaryInvoker, ...grpc.CallOption) error

ClientUnaryInterceptor gRPC client interceptor for unary methods

func ComparePasswords 

func ComparePasswords(hashedPassword []byte, plainPassword []byte) error

ComparePasswords compares the provided plainPassword against the provided hashed password

func DecodeBase64Password added in v0.6.2 

func DecodeBase64Password(passwordBase64 string) (string, error)

DecodeBase64Password decodes the provided base64-encoded password if it has the "enc:" prefix or returns it with leading and trailing space trimmed otherwise

func DropTokenKeys 

func DropTokenKeys(username string) bool

DropTokenKeys removes the token keys from the cache, hence invalidating any token that was generated with those keys

func DropTokenKeysForCtx added in v0.6.1 

func DropTokenKeysForCtx(ctx context.Context) (bool, error)

DropTokenKeysForCtx removes the token keys from the cache for the username of the token that resides in the provided context

func GenerateToken 

func GenerateToken(user User, database int64, expTime int) (string, error)

GenerateToken ...

func HasPermissionForMethod 

func HasPermissionForMethod(userPermission uint32, method string) bool

HasPermissionForMethod checks if userPermission can access method name

func HashAndSaltPassword 

func HashAndSaltPassword(plainPassword []byte) ([]byte, error)

HashAndSaltPassword hashes and salts the provided password

func IsMaintenanceMethod added in v1.0.5 

func IsMaintenanceMethod(method string) bool

func IsStrongPassword 

func IsStrongPassword(password string) error

IsStrongPassword checks if the provided password meets the strength requirements

func NewStringUUID added in v0.7.0 

func NewStringUUID() string

NewStringUUID generate uuid and return as string

func NewUUID added in v0.7.0 

func NewUUID() xid.ID

NewUUID generate uuid

func ServerStreamInterceptor 

func ServerStreamInterceptor(srv interface{}, ss grpc.ServerStream, info *grpc.StreamServerInfo, handler grpc.StreamHandler) error

ServerStreamInterceptor gRPC server interceptor for streams

func ServerUnaryInterceptor 

func ServerUnaryInterceptor(ctx context.Context, req interface{}, info *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (interface{}, error)

ServerUnaryInterceptor gRPC server interceptor for unary methods

Types

type AuthType added in v1.2.0 

type AuthType int
const (
	TokenAuth AuthType = iota
	SessionAuth
	None
)

func GetAuthTypeFromContext added in v1.2.0 

func GetAuthTypeFromContext(ctx context.Context) AuthType

type JSONToken 

type JSONToken struct {
	Username      string
	Expiration    time.Time
	DatabaseIndex int64
}

JSONToken ...

func GetLoggedInUser added in v0.7.0 

func GetLoggedInUser(ctx context.Context) (*JSONToken, error)

GetLoggedInUser gets userdata from context

type Kind 

type Kind uint32

Kind the authentication kind 

const (
	KindNone Kind = iota
	KindPassword
	KindCryptoSig
)

Authentication kinds

type Permission added in v0.7.0 

type Permission struct {
	Permission uint32 `json:"permission"` //permission of type auth.PermissionW
	Database   string `json:"database"`   //databases the user has access to
}

Permission per database

type User 

type User struct {
	Username       string       `json:"username"`
	HashedPassword []byte       `json:"hashedpassword"`
	Permissions    []Permission `json:"permissions"`
	Active         bool         `json:"active"`
	IsSysAdmin     bool         `json:"-"`         //for the sysadmin we'll use this instead of adding all db and permissions to Permissions, to save some cpu cycles
	CreatedBy      string       `json:"createdBy"` //user which created this user
	CreatedAt      time.Time    `json:"createdat"` //time in which this user is created/updated
}

User ...

func (*User) ComparePasswords 

func (u *User) ComparePasswords(plainPassword []byte) error

ComparePasswords ...

func (*User) GrantPermission added in v0.7.0 

func (u *User) GrantPermission(database string, permission uint32) bool

GrantPermission add permission to database

func (*User) HasAtLeastOnePermission added in v0.7.0 

func (u *User) HasAtLeastOnePermission(permission uint32) bool

HasAtLeastOnePermission checks if user has this permission for at least one database

func (*User) HasPermission added in v0.7.0 

func (u *User) HasPermission(database string, permission uint32) bool

HasPermission checks if user has such permission for this database

func (*User) RevokePermission added in v0.7.0 

func (u *User) RevokePermission(database string) bool

RevokePermission revoke database permission from user

func (*User) SetPassword 

func (u *User) SetPassword(plainPassword []byte) ([]byte, error)

SetPassword Hashes and salts the password and assigns it to hashedPassword of User

func (*User) WhichPermission added in v0.7.0 

func (u *User) WhichPermission(database string) uint32

WhichPermission returns the permission that this user has on this database

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.