id

package
v2.0.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 26, 2022 License: AGPL-3.0 Imports: 8 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	DataTypeSealedUser io.DataType = iota + io.DataTypeEnd + 1
	DataTypeSealedGroup
)

Variables

View Source 
var ErrGroupAlreadyExists = errors.New("group already exists")

Error returned if a group already exists.

View Source 
var ErrGroupNotFound = errors.New("group not found")

Error returned if a group was not found.

View Source 
var ErrNotAuthenticated = errors.New("user not authenticated")

Error returned if a user cannot be authenticated, e.g. if they provide a wrong password.

View Source 
var ErrNotAuthorized = errors.New("user not authorized")

Error returned if the user is not authorized.

View Source 
var ErrUserAlreadyExists = errors.New("user already exists")

Error returned if a user already exists.

View Source 
var ErrUserNotFound = errors.New("user not found")

Error returned if a user was not found.

Functions

This section is empty.

Types

type AccessGroup 

type AccessGroup struct {
	ID     string
	Scopes Scope
}

AccessGroup represents a group of Identities. The Provider implementations should ensure that the ID string is unique across all instances.

type Group 

type Group struct {
	Scopes Scope
}

Group contains data about a group of users. Note: All fields need to exported in order to serialize them.

type Identity 

type Identity struct {
	ID     string
	Scopes Scope
	Groups map[string]AccessGroup
}

Identity represents data about the caller of the library. The Provider implementations should ensure that the ID string is unique across all instances.

func (*Identity) GetIDScope 

func (i *Identity) GetIDScope(id string) Scope

GetIDScope returns the scopes associated with a given ID (identity or group ID).

func (*Identity) GetIDs 

func (i *Identity) GetIDs() map[string]struct{}

GetIDs returns all IDs related to the identity, i.e. the identity ID and all its group IDs.

type Provider 

type Provider interface {
	GetIdentity(ctx context.Context, token string) (Identity, error)
}

type Scope 

type Scope uint64
const (
	ScopeEncrypt Scope = 1 << iota
	ScopeDecrypt
	ScopeUpdate
	ScopeDelete
	ScopeCreateToken
	ScopeGetTokenContents
	ScopeGetAccessGroups
	ScopeModifyAccessGroups
	ScopeIndex
	ScopeEnd
)
const ScopeAll Scope = ScopeEnd - 1
const ScopeNone Scope = 0

func ScopeUnion 

func ScopeUnion(scopes ...Scope) Scope

ScopeUnion returns the union of all the input scopes.

func (Scope) Contains 

func (s Scope) Contains(scope Scope) bool

Contains checks wether the scope contains a specific scope.

func (Scope) String 

func (s Scope) String() string

type SealedGroup 

type SealedGroup struct {
	// The group identifier.
	GID string

	Ciphertext []byte
	WrappedKey []byte
}

SealedGroup is an encrypted structure which contains data about a user group.

type SealedUser 

type SealedUser struct {
	// The user identifier.
	UID string

	Ciphertext []byte
	WrappedKey []byte
}

SealedUser is an encrypted structure which contains data about a user.

type Standalone 

type Standalone struct {
	// contains filtered or unexported fields
}

Standalone is an ID Provider that manages its own data.

func NewStandalone 

func NewStandalone(config StandaloneConfig, ioProvider io.Provider) (Standalone, error)

NewStandalone creates an ID Provider that uses the provided key material and stores data in the given IO provider.

func (*Standalone) AddUserToGroups 

func (s *Standalone) AddUserToGroups(ctx context.Context, token, uid string, gids ...string) error

AddUserToGroups adds the user to the provided groups. The authorizing user must be a member of all the groups.

func (*Standalone) ChangeUserPassword 

func (s *Standalone) ChangeUserPassword(ctx context.Context, uid, oldPassword string) (string, error)

ChangeUserPassword authenticates the provided user with the given password and generates a new password for the user.

func (*Standalone) DeleteUser 

func (s *Standalone) DeleteUser(ctx context.Context, token, uid string) error

DeleteUser deletes the user from the IO Provider.

func (*Standalone) GetIdentity 

func (s *Standalone) GetIdentity(ctx context.Context, token string) (Identity, error)

func (*Standalone) LoginUser 

func (s *Standalone) LoginUser(ctx context.Context, uid, password string) (string, int64, error)

LoginUser checks whether the password provided matches the user. If authentication is successful a token is generated and returned alongside its expiry time in Unix time.

func (*Standalone) NewGroup 

func (s *Standalone) NewGroup(ctx context.Context, token string, scopes ...Scope) (string, error)

NewGroup creates a new group and adds the calling user to it.

func (*Standalone) NewUser 

func (s *Standalone) NewUser(ctx context.Context, scopes ...Scope) (string, string, error)

NewUser creates a new user with a randomly generated ID and password.

func (*Standalone) RemoveUserFromGroups 

func (s *Standalone) RemoveUserFromGroups(ctx context.Context, token, uid string, gids ...string) error

RemoveUserFromGroups removes the user from the provided groups. The authorizing user must be a member of all the groups.

type StandaloneConfig 

type StandaloneConfig struct {
	UEK []byte `koanf:"uek"`
	GEK []byte `koanf:"gek"`
	TEK []byte `koanf:"tek"`
}

StandaloneConfig contains the keys with which the Standalone ID Provider will be configured.

type User 

type User struct {
	// Salt and password hash for the user's password.
	SaltAndHash []byte

	Scopes Scope

	// A list of groups the user is a member of.
	Groups map[string]struct{}
}

User contains data about a user. Note: All fields need to be exported in order for gob to serialize them.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.