authfile

package module
v0.0.0-...-c7bcc31 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 16, 2019 License: MIT Imports: 14 Imported by: 2

README

authfile

Simple username/password file management

Documentation

Overview

Package authfile implements a library and provider for simple password management. It handles files that contain lines of username/password and provides an API to create, verify, update and delete entries. username:hashed_password Lines starting with # are ignored. Lines starting with $ set the cost of the bcrypt. otherwise the default cost of the bcrypt implementation is used. Service. Reader/writer

Index

Constants

This section is empty.

Variables

View Source 
var (
	// ErrUserDoesNotExist is returned if operating on a user that does not exist.
	ErrUserDoesNotExist = errors.New("authfile: User does not exist")
	// ErrUserExists is returned if trying to add a user that already exists.
	ErrUserExists = errors.New("authfile: User exists")
	// ErrAuthenticationFailed is returnd if the password does not match the user.
	ErrAuthenticationFailed = errors.New("authfile: Authentication failure")
)
View Source 
var (
	// ErrNoTransaction is returned if trying to load without a transaction
	ErrNoTransaction = errors.New("authfile: No transaction")
)

Functions

func MsgBuffer 

func MsgBuffer(out chan interface{}, wait time.Duration) chan interface{}

MsgBuffer is a timed message buffer. Close the returned channel to stop it.

Types

type Entry 

type Entry struct {
	Username     string // The username.
	PasswordHash []byte // The password hash.
}

Entry defines a single entry.

type FileBackend 

type FileBackend struct {
	// contains filtered or unexported fields
}

FileBackend implements a file based backend.

func NewFileBackend 

func NewFileBackend(filename string, perm os.FileMode, update time.Duration) (*FileBackend, error)

NewFileBackend returns a new file based IO backend. The backend will also start a file change monitor if the update parameter is >0. In this case the authservice update function will be called if the file has changed.

func NewROFileBackend 

func NewROFileBackend(filename string, perm os.FileMode, update time.Duration) (*FileBackend, error)

NewROFileBackend returns a new Read-Only file based IO backend. The backend will also start a file change monitor if the update parameter is >0. In this case the authservice update function will be called if the file has changed.

func (*FileBackend) Close 

func (filebackend *FileBackend) Close()

Close the backend file.

func (*FileBackend) RequestRead 

func (filebackend *FileBackend) RequestRead(authservice IAuthenticationService)

RequestRead is called by the authentication service when it requests a read.

func (*FileBackend) RequestWrite 

func (filebackend *FileBackend) RequestWrite(authservice IAuthenticationService)

RequestWrite is called by the authentication service when it requests a write.

func (FileBackend) UsernameIsValid 

func (filebackend FileBackend) UsernameIsValid(username string) bool

UsernameIsValid checks if a username is valid. It may not start with "$"" or "#", and may not contain a ":".

type IAuthenticationService 

type IAuthenticationService interface {
	// Authenticate checks if a username is present and the password matches. Returns nil on success.
	Authenticate(username, password string) error
	// Delete a user, return nil on success.
	Delete(username string) error
	// Add a user with password. Return nil on success.
	Add(username, password string) error
	// Modify a user to use a new password. Return nil on success.
	Modify(username, password string) error
	// VerifyModify modifies the password of a user only after verifying that the old password is correct.
	VerifyModify(username, oldpassword, newpassword string) error
	// StartLoad creates a new loading transaction.
	StartLoad()
	// Load a user with a password hash.
	Load(username string, passwordHash []byte) error
	// Commit newly loaded data as the authoritative data.
	Commit()
	// Rollback a current load transaction.
	Rollback()
	// SetCost updates the bcrypt cost that is required.
	SetCost(cost int)
	// GetCost returns the current target bcrypt cost of the system.
	GetCost() int
	// List all entries of the service. There is no defined order.
	List() []Entry
	// Update triggers the authentication service to request a reload from the backend storage.
	Update()
	// Sync the backend.
	Sync()
	// Shutdown the authentication service, updating the backend.
	Shutdown()
	// Kill the authentication service.
	Kill()
}

IAuthenticationService is the interface of an authentication service

type IOProvider 

type IOProvider interface {
	RequestRead(authservice IAuthenticationService)  // Called when the auth provider wants to read the backend data.
	RequestWrite(authservice IAuthenticationService) // Called when the auth provider wants to write to the backend.
	UsernameIsValid(username string) bool            // Returns true if the username is safe, false if not.
}

IOProvider implements reading/writing services for the authentication service. The authentication service requests reads/writes, and the IOProvider is expected to use the API to get the serialized data from the provider or push serialized data to the provider.

type InMemoryService 

type InMemoryService struct {
	// contains filtered or unexported fields
}

InMemoryService implements an authentication service.

func NewInMemoryService 

func NewInMemoryService(backend IOProvider, loadTimeout time.Duration) *InMemoryService

NewInMemoryService provides a new authentication service that keeps all accounts in memory. loadTimeout is the time until a load from backend must succeed (during which modifications via api are blocked).

func (*InMemoryService) Add 

func (service *InMemoryService) Add(username, password string) error

Add a user with password. Return nil on success.

func (*InMemoryService) Authenticate 

func (service *InMemoryService) Authenticate(username, password string) error

Authenticate checks if a username is present and the password matches. Returns nil on success.

func (*InMemoryService) Commit 

func (service *InMemoryService) Commit()

Commit newly loaded data as the authoritative data.

func (*InMemoryService) Delete 

func (service *InMemoryService) Delete(username string) error

Delete a user, return nil on success.

func (*InMemoryService) GetCost 

func (service *InMemoryService) GetCost() int

GetCost returns the current target bcrypt cost of the system.

func (*InMemoryService) Kill 

func (service *InMemoryService) Kill()

Kill the authentication service.

func (*InMemoryService) List 

func (service *InMemoryService) List() []Entry

List all entries of the service. There is no defined order.

func (*InMemoryService) Load 

func (service *InMemoryService) Load(username string, passwordHash []byte) error

Load a user with a password hash. It requires a transaction started with StartLoad which needs to be committed with Commit.

func (*InMemoryService) Modify 

func (service *InMemoryService) Modify(username, password string) error

Modify a user to use a new password. Return nil on success.

func (*InMemoryService) Rollback 

func (service *InMemoryService) Rollback()

Rollback current load transaction, if there is any.

func (*InMemoryService) SetCost 

func (service *InMemoryService) SetCost(cost int)

SetCost updates the bcrypt cost that is required.

func (*InMemoryService) Shutdown 

func (service *InMemoryService) Shutdown()

Shutdown the authentication service, updating the backend.

func (*InMemoryService) StartLoad 

func (service *InMemoryService) StartLoad()

StartLoad starts a new loading transaction. Only one loading transaction can exist at any time. If the loading transaction times out before the Commit() call, loaded data is lost. During a load transactions all modifying calls will be delayed, while Authentication calls operate on the old data. Calling StartLoad silently rolls back any previous uncommitted load transaction!

func (*InMemoryService) Sync 

func (service *InMemoryService) Sync()

Sync the backend.

func (*InMemoryService) Update 

func (service *InMemoryService) Update()

Update triggers the authentication service to request a reload from the backend storage.

func (*InMemoryService) VerifyModify 

func (service *InMemoryService) VerifyModify(username, oldpassword, newpassword string) error

VerifyModify modifies the password of a user only after verifying that the old password is correct.

type WorkPool 

type WorkPool struct {
	// contains filtered or unexported fields
}

WorkPool implements a bounded worker pool.

func NewWorkPool 

func NewWorkPool(maxworkers int) *WorkPool

NewWorkPool creates a new worker pool with maxworkers workers.

func (*WorkPool) Dispatch 

func (wp *WorkPool) Dispatch(job func()) (res bool)

Dispatch a job to the workPool. It will block when no workers are available. It returns true after successful dispatch, or false if the workpool is unavailable.

func (*WorkPool) Shutdown 

func (wp *WorkPool) Shutdown()

Shutdown the workpool.

Source Files

View all Source files

Directories

Path Synopsis
cmd
bcryptfile

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.