authtoken

package

v0.1.0-beta.1 Latest Latest Go to latest Published: Sep 25, 2020 License: MPL-2.0 Imports: 23 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

Documentation ¶

Overview ¶

Package authtoken provides an authtoken with an encrypted value and an associated expiration time. It also provides a repository which manages the lifetime of the token.

The auth token value is a base62 bit value with a version prefix. This value is encrypted at rest and is used to authenticate incoming requests to the controller. It is associated with a public id which allows admins to operate on it without knowing the token itself. It also has an expiration time and a last accessed time which are used to determine if the token can still be used.

Repository ¶

A repository provides methods for creating, validating a provided token value, and deleting the auth token. At validation time if the token is determined to be expired or stale it will be removed from the backing storage by the repo.

Index ¶

Constants
func EncryptToken(ctx context.Context, kmsCache *kms.Kms, scopeId, publicId, token string) (string, error)
type AuthToken
- func TestAuthToken(t *testing.T, conn *gorm.DB, kms *kms.Kms, scopeId string) *AuthToken
- func (s *AuthToken) SetTableName(n string)
- func (s *AuthToken) TableName() string
type Option
- func WithLimit(limit int) Option
type Repository
- func NewRepository(r db.Reader, w db.Writer, kms *kms.Kms, opt ...Option) (*Repository, error)

Constants ¶

View Source

const (
	AuthTokenPrefix = "at"
	// The version prefix is used to differentiate token versions just for future proofing.
	TokenValueVersionPrefix = "0"
)

Variables ¶

This section is empty.

Functions ¶

func EncryptToken ¶

func EncryptToken(ctx context.Context, kmsCache *kms.Kms, scopeId, publicId, token string) (string, error)

EncryptToken is a shared function for encrypting a token value for return to the user.

Types ¶

type AuthToken ¶

type AuthToken struct {
	*store.AuthToken
	// contains filtered or unexported fields
}

A AuthToken contains auth tokens. It is owned by a scope.

func TestAuthToken ¶

func TestAuthToken(t *testing.T, conn *gorm.DB, kms *kms.Kms, scopeId string) *AuthToken

func (*AuthToken) SetTableName ¶

func (s *AuthToken) SetTableName(n string)

SetTableName sets the table name. If the caller attempts to set the name to "" the name will be reset to the default name.

func (*AuthToken) TableName ¶

func (s *AuthToken) TableName() string

TableName returns the table name for the auth token.

type Option ¶

type Option func(*options)

Option - how Options are passed as arguments.

func WithLimit ¶

func WithLimit(limit int) Option

WithLimit provides an option to provide a limit. Intentionally allowing negative integers. If WithLimit < 0, then unlimited results are returned. If WithLimit == 0, then default limits are used for results.

type Repository ¶

type Repository struct {
	// contains filtered or unexported fields
}

A Repository stores and retrieves the persistent types in the authtoken package. It is not safe to use a repository concurrently.

func NewRepository ¶

func NewRepository(r db.Reader, w db.Writer, kms *kms.Kms, opt ...Option) (*Repository, error)

NewRepository creates a new Repository. The returned repository is not safe for concurrent go routines to access it.

func (*Repository) CreateAuthToken ¶

func (r *Repository) CreateAuthToken(ctx context.Context, withIamUser *iam.User, withAuthAccountId string, opt ...Option) (*AuthToken, error)

CreateAuthToken inserts an Auth Token into the repository and returns a new Auth Token. The returned auth token contains the auth token value. The provided IAM User ID must be associated to the provided auth account id or an error will be returned. All options are ignored.

func (*Repository) DeleteAuthToken ¶

func (r *Repository) DeleteAuthToken(ctx context.Context, id string, opt ...Option) (int, error)

DeleteAuthToken deletes the token with the provided id from the repository returning a count of the number of records deleted. All options are ignored.

func (*Repository) ListAuthTokens ¶

func (r *Repository) ListAuthTokens(ctx context.Context, withOrgId string, opt ...Option) ([]*AuthToken, error)

ListAuthTokens in an org and supports the WithLimit option.

func (*Repository) LookupAuthToken ¶

func (r *Repository) LookupAuthToken(ctx context.Context, id string, opt ...Option) (*AuthToken, error)

LookupAuthToken returns the AuthToken for the provided id. Returns nil, nil if no AuthToken is found for id. For security reasons, the actual token is not included in the returned AuthToken. All exported options are ignored.

func (*Repository) ValidateToken ¶

func (r *Repository) ValidateToken(ctx context.Context, id, token string, opt ...Option) (*AuthToken, error)

ValidateToken returns a token from storage if the auth token with the provided id and token exists. The approximate last accessed time may be updated depending on how long it has been since the last time the token was validated. If a token is returned it is guaranteed to be valid. For security reasons, the actual token value is not included in the returned AuthToken. If no valid auth token is found nil, nil is returned. All options are ignored.

NOTE: Do not log or add the token string to any errors to avoid leaking it as it is a secret.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
store

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL