config

package
v2.11.3+incompatible Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 7, 2021 License: BSD-3-Clause Imports: 15 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// PermRead is the read permission.
	PermRead = "read"
	// PermList is the list permission.
	PermList = "list"
	// PermReadAndList allows both read and list.
	PermReadAndList = "read,list"
)
View Source 
const (
	// VersionUnknownStr is the string representation of VUnknown.
	VersionUnknownStr string = "unknown"
	// Version1Str is the string representation of Version1.
	Version1Str string = "v1"
	// Version2Str is the string representation of Version2.
	Version2Str string = "v2"
)
View Source 
const DefaultConfigFilename = ".kbp_config"

DefaultConfigFilename is the default filename for Keybase Pages config file.

View Source 
const DefaultConfigFilepath = "/.kbp_config"

DefaultConfigFilepath is the default path for Keybase Pages config file under the site root, and is what's used in kbpagesd.

Variables

This section is empty.

Functions

func GenerateSHA256PasswordHash 

func GenerateSHA256PasswordHash(cleartext string) (string, error)

GenerateSHA256PasswordHash generates a SHA256 based password hash.

Types

type AccessControlV1 

type AccessControlV1 struct {
	// WhitelistAdditionalPermissions is a map of username -> permissions that
	// defines a list of additional permissions that authenticated users have
	// in addition to AnonymousPermissions.
	WhitelistAdditionalPermissions map[string]string `json:"whitelist_additional_permissions"`
	// AnonymousPermissions is the permissions for
	// unauthenticated/anonymous requests.
	AnonymousPermissions string `json:"anonymous_permissions"`
}

AccessControlV1 defines an access control list (ACL) for the V1 config.

type Common 

type Common struct {
	// Version specifies the version of the config.
	Version string `json:"version"`
}

Common includes common fields that should appear in all versions of configs.

type Config 

type Config interface {
	Version() Version
	Authenticate(ctx context.Context, username, password string) bool
	// GetPermissions returns permission info. If username is nil, anonymous
	// permissions are returned. Otherwise, permissions for *username is
	// returned. Additionally, "maximum possible permissions" are returned,
	// which indicates whether a permission (read or list) is possible to be
	// granted on the path if proper authentication is provided.
	GetPermissions(path string, username *string) (
		read, list bool,
		possibleRead, possibleList bool,
		realm string, err error)

	Encode(w io.Writer, prettify bool) error
}

Config is a collection of methods for getting different configuration parameters.

func ParseConfig 

func ParseConfig(reader io.Reader) (config Config, err error)

ParseConfig parses a config from reader, and initializes internal checker(s) in the config.

type ErrDuplicateAccessControlPath 

type ErrDuplicateAccessControlPath struct {
	// contains filtered or unexported fields
}

ErrDuplicateAccessControlPath is returned when multiple ACLs are defined for the same path in config.

func (ErrDuplicateAccessControlPath) Error 

func (e ErrDuplicateAccessControlPath) Error() string

Error implements the error interface.

type ErrInvalidPermissions 

type ErrInvalidPermissions struct {
	// contains filtered or unexported fields
}

ErrInvalidPermissions is returned when an invalid permissions string appears in the config.

func (ErrInvalidPermissions) Error 

func (e ErrInvalidPermissions) Error() string

Error implements the error interface.

type ErrInvalidVersion 

type ErrInvalidVersion struct {
	// contains filtered or unexported fields
}

ErrInvalidVersion is returned when Version field of the config is invalid.

func (ErrInvalidVersion) Error 

func (e ErrInvalidVersion) Error() string

Error implements the error interface.

type ErrUndefinedUsername 

type ErrUndefinedUsername struct {
	// contains filtered or unexported fields
}

ErrUndefinedUsername is returned when a username appears in a ACL but it's not defined in the config's Users section.

func (ErrUndefinedUsername) Error 

func (e ErrUndefinedUsername) Error() string

Error implements the error interface.

type InvalidPasswordHash 

type InvalidPasswordHash struct{}

InvalidPasswordHash is the error that happens when there's an invalid password hash in the config.

func (InvalidPasswordHash) Error 

func (InvalidPasswordHash) Error() string

Error implements the error interface.

type V1 

type V1 struct {
	Common

	// Users is a [username -> bcrypt-hashed password] map that defines how
	// users should be authenticated.
	Users map[string]string `json:"users"`

	// ACLs is a path -> AccessControlV1 map that defines ACLs for different
	// paths.
	ACLs map[string]AccessControlV1 `json:"acls"`
	// contains filtered or unexported fields
}

V1 defines a V1 config. Public fields are accessible by `json` encoders and decoder.

On first call to GetPermission* methods, it initializes an internal ACL checker. If the object is constructed from ParseConfig, its internal ACL checker is initialized automatically. Any changes to the ACL fields afterwards have no effect.

func DefaultV1 

func DefaultV1() *V1

DefaultV1 returns a default V1 config, which allows anonymous read to everything.

func (*V1) Authenticate 

func (c *V1) Authenticate(ctx context.Context, username, cleartextPassword string) bool

Authenticate implements the Config interface.

func (*V1) Encode 

func (c *V1) Encode(w io.Writer, prettify bool) error

Encode implements the Config interface.

func (*V1) EnsureInit 

func (c *V1) EnsureInit() error

EnsureInit initializes c, and returns any error encountered during the initialization. It is not necessary to call EnsureInit. Methods that need it does it automatically.

func (*V1) GetPermissions 

func (c *V1) GetPermissions(path string, username *string) (
	read, list bool,
	possibleRead, possibleList bool,
	realm string, err error)

GetPermissions implements the Config interface.

func (*V1) HasBcryptPasswords 

func (c *V1) HasBcryptPasswords() (bool, error)

HasBcryptPasswords checks if any password hash in the config is a bcrypt hash. This method is temporary for migration and will go away.

func (*V1) Validate 

func (c *V1) Validate() error

Validate checks all public fields of c, and returns an error if any of them is invalid, or a nil-error if they are all valid.

Although changes to ACL fields have no effect to ACL checkings once the internal ACL checker is intialized (see comment on V1), this method still checks the updated ACL feilds. So it's OK to use Validate directly on a *V1 that has been modified since it was initialized.

As a result, unlike other methods on the type, this method is not goroutine safe against changes to the public fields.

func (*V1) Version 

func (c *V1) Version() Version

Version implements the Config interface.

type Version 

type Version int

Version specifies the version of a config. 

const (
	// VersionUnknown defines an unknown config version.
	VersionUnknown Version = iota
	// Version1 is version 1.
	Version1
	// Version2 is version 2.
	//
	// Currently the only difference between V1 and V2 is that V2 uses
	// sha-based password hash instead of bcrypt in V1. V2 still uses the ACL
	// definition and checker from V1.
	Version2
)

func (Version) String 

func (v Version) String() string

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.