config

package
Version: v2.11.3+incompatible Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Feb 7, 2021 License: BSD-3-Clause Imports: 15 Imported by: 0

Documentation

Index

Constants

View Source
const (
	// PermRead is the read permission.
	PermRead = "read"
	// PermList is the list permission.
	PermList = "list"
	// PermReadAndList allows both read and list.
	PermReadAndList = "read,list"
)
View Source
const (
	// VersionUnknownStr is the string representation of VUnknown.
	VersionUnknownStr string = "unknown"
	// Version1Str is the string representation of Version1.
	Version1Str string = "v1"
	// Version2Str is the string representation of Version2.
	Version2Str string = "v2"
)
View Source
const DefaultConfigFilename = ".kbp_config"

DefaultConfigFilename is the default filename for Keybase Pages config file.

View Source
const DefaultConfigFilepath = "/.kbp_config"

DefaultConfigFilepath is the default path for Keybase Pages config file under the site root, and is what's used in kbpagesd.

Variables

This section is empty.

Functions

func GenerateSHA256PasswordHash

func GenerateSHA256PasswordHash(cleartext string) (string, error)

GenerateSHA256PasswordHash generates a SHA256 based password hash.

Types

type AccessControlV1

type AccessControlV1 struct {
	// WhitelistAdditionalPermissions is a map of username -> permissions that
	// defines a list of additional permissions that authenticated users have
	// in addition to AnonymousPermissions.
	WhitelistAdditionalPermissions map[string]string `json:"whitelist_additional_permissions"`
	// AnonymousPermissions is the permissions for
	// unauthenticated/anonymous requests.
	AnonymousPermissions string `json:"anonymous_permissions"`
}

AccessControlV1 defines an access control list (ACL) for the V1 config.

type Common

type Common struct {
	// Version specifies the version of the config.
	Version string `json:"version"`
}

Common includes common fields that should appear in all versions of configs.

type Config

type Config interface {
	Version() Version
	Authenticate(ctx context.Context, username, password string) bool
	// GetPermissions returns permission info. If username is nil, anonymous
	// permissions are returned. Otherwise, permissions for *username is
	// returned. Additionally, "maximum possible permissions" are returned,
	// which indicates whether a permission (read or list) is possible to be
	// granted on the path if proper authentication is provided.
	GetPermissions(path string, username *string) (
		read, list bool,
		possibleRead, possibleList bool,
		realm string, err error)

	Encode(w io.Writer, prettify bool) error
}

Config is a collection of methods for getting different configuration parameters.

func ParseConfig

func ParseConfig(reader io.Reader) (config Config, err error)

ParseConfig parses a config from reader, and initializes internal checker(s) in the config.

type ErrDuplicateAccessControlPath

type ErrDuplicateAccessControlPath struct {
	// contains filtered or unexported fields
}

ErrDuplicateAccessControlPath is returned when multiple ACLs are defined for the same path in config.

func (ErrDuplicateAccessControlPath) Error

Error implements the error interface.

type ErrInvalidPermissions

type ErrInvalidPermissions struct {
	// contains filtered or unexported fields
}

ErrInvalidPermissions is returned when an invalid permissions string appears in the config.

func (ErrInvalidPermissions) Error

func (e ErrInvalidPermissions) Error() string

Error implements the error interface.

type ErrInvalidVersion

type ErrInvalidVersion struct {
	// contains filtered or unexported fields
}

ErrInvalidVersion is returned when Version field of the config is invalid.

func (ErrInvalidVersion) Error

func (e ErrInvalidVersion) Error() string

Error implements the error interface.

type ErrUndefinedUsername

type ErrUndefinedUsername struct {
	// contains filtered or unexported fields
}

ErrUndefinedUsername is returned when a username appears in a ACL but it's not defined in the config's Users section.

func (ErrUndefinedUsername) Error

func (e ErrUndefinedUsername) Error() string

Error implements the error interface.

type InvalidPasswordHash

type InvalidPasswordHash struct{}

InvalidPasswordHash is the error that happens when there's an invalid password hash in the config.

func (InvalidPasswordHash) Error

func (InvalidPasswordHash) Error() string

Error implements the error interface.

type V1

type V1 struct {
	Common

	// Users is a [username -> bcrypt-hashed password] map that defines how
	// users should be authenticated.
	Users map[string]string `json:"users"`

	// ACLs is a path -> AccessControlV1 map that defines ACLs for different
	// paths.
	ACLs map[string]AccessControlV1 `json:"acls"`
	// contains filtered or unexported fields
}

V1 defines a V1 config. Public fields are accessible by `json` encoders and decoder.

On first call to GetPermission* methods, it initializes an internal ACL checker. If the object is constructed from ParseConfig, its internal ACL checker is initialized automatically. Any changes to the ACL fields afterwards have no effect.

func DefaultV1

func DefaultV1() *V1

DefaultV1 returns a default V1 config, which allows anonymous read to everything.

func (*V1) Authenticate

func (c *V1) Authenticate(ctx context.Context, username, cleartextPassword string) bool

Authenticate implements the Config interface.

func (*V1) Encode

func (c *V1) Encode(w io.Writer, prettify bool) error

Encode implements the Config interface.

func (*V1) EnsureInit

func (c *V1) EnsureInit() error

EnsureInit initializes c, and returns any error encountered during the initialization. It is not necessary to call EnsureInit. Methods that need it does it automatically.

func (*V1) GetPermissions

func (c *V1) GetPermissions(path string, username *string) (
	read, list bool,
	possibleRead, possibleList bool,
	realm string, err error)

GetPermissions implements the Config interface.

func (*V1) HasBcryptPasswords

func (c *V1) HasBcryptPasswords() (bool, error)

HasBcryptPasswords checks if any password hash in the config is a bcrypt hash. This method is temporary for migration and will go away.

func (*V1) Validate

func (c *V1) Validate() error

Validate checks all public fields of c, and returns an error if any of them is invalid, or a nil-error if they are all valid.

Although changes to ACL fields have no effect to ACL checkings once the internal ACL checker is intialized (see comment on V1), this method still checks the updated ACL feilds. So it's OK to use Validate directly on a *V1 that has been modified since it was initialized.

As a result, unlike other methods on the type, this method is not goroutine safe against changes to the public fields.

func (*V1) Version

func (c *V1) Version() Version

Version implements the Config interface.

type Version

type Version int

Version specifies the version of a config.

const (
	// VersionUnknown defines an unknown config version.
	VersionUnknown Version = iota
	// Version1 is version 1.
	Version1
	// Version2 is version 2.
	//
	// Currently the only difference between V1 and V2 is that V2 uses
	// sha-based password hash instead of bcrypt in V1. V2 still uses the ACL
	// definition and checker from V1.
	Version2
)

func (Version) String

func (v Version) String() string

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
t or T : Toggle theme light dark auto
y or Y : Canonical URL