authorization

package
v2.3.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 16, 2022 License: MIT Imports: 28 Imported by: 0

Documentation

Index

Constants

View Source 
const MaxIDGenerationN = 100
View Source 
const ReservedIDs = 1000
View Source 
const (
	// SaltBytes is the number of bytes used for salts.
	SaltBytes = 32
)

Variables

View Source 
var (
	// ErrInvalidAuthID is used when the Authorization's ID cannot be encoded
	ErrInvalidAuthID = &errors.Error{
		Code: errors.EInvalid,
		Msg:  "authorization ID is invalid",
	}

	// ErrAuthNotFound is used when the specified auth cannot be found
	ErrAuthNotFound = &errors.Error{
		Code: errors.ENotFound,
		Msg:  "authorization not found",
	}

	// NotUniqueIDError occurs when attempting to create an Authorization with an ID that already belongs to another one
	NotUniqueIDError = &errors.Error{
		Code: errors.EConflict,
		Msg:  "ID already exists",
	}

	// ErrFailureGeneratingID occurs ony when the random number generator
	// cannot generate an ID in MaxIDGenerationN times.
	ErrFailureGeneratingID = &errors.Error{
		Code: errors.EInternal,
		Msg:  "unable to generate valid id",
	}

	// ErrTokenAlreadyExistsError is used when attempting to create an authorization
	// with a token that already exists
	ErrTokenAlreadyExistsError = &errors.Error{
		Code: errors.EConflict,
		Msg:  "token already exists",
	}

	// ErrBucketNotFound is used when attempting to create an authorization
	// with a bucket id that does not exist
	ErrBucketNotFound = &errors.Error{
		Code: errors.ENotFound,
		Msg:  "bucket not found when creating auth",
	}
)
View Source 
var EIncorrectPassword = tenant.EIncorrectPassword
View Source 
var (
	ErrUnsupportedScheme = &errors2.Error{
		Code: errors2.EInternal,
		Msg:  "unsupported authorization scheme",
	}
)

Functions

func ErrInternalServiceError 

func ErrInternalServiceError(err error) *errors.Error

ErrInternalServiceError is used when the error comes from an internal system.

func ErrInvalidAuthIDError 

func ErrInvalidAuthIDError(err error) *errors.Error

ErrInvalidAuthIDError is used when a service was provided an invalid ID.

func UnavailablePasswordServiceError 

func UnavailablePasswordServiceError(err error) *errors.Error

UnavailablePasswordServiceError is used if we aren't able to add the password to the store, it means the store is not available at the moment (e.g. network).

func UnexpectedAuthIndexError 

func UnexpectedAuthIndexError(err error) *errors.Error

UnexpectedAuthIndexError is used when the error comes from an internal system.

Types

type AuthFinder 

type AuthFinder interface {
	FindAuthorizationByID(ctx context.Context, id platform.ID) (*influxdb.Authorization, error)
}

type AuthHandler 

type AuthHandler struct {
	chi.Router
	// contains filtered or unexported fields
}

func NewHTTPAuthHandler 

func NewHTTPAuthHandler(log *zap.Logger, authService influxdb.AuthorizationService, passwordService PasswordService, tenantService TenantService) *AuthHandler

NewHTTPAuthHandler constructs a new http server.

func (*AuthHandler) Prefix 

func (h *AuthHandler) Prefix() string

type AuthTokenFinder 

type AuthTokenFinder interface {
	FindAuthorizationByToken(ctx context.Context, token string) (*influxdb.Authorization, error)
}

type AuthedPasswordService 

type AuthedPasswordService struct {
	// contains filtered or unexported fields
}

AuthedPasswordService is middleware for authorizing requests to the inner PasswordService.

func NewAuthedPasswordService 

func NewAuthedPasswordService(auth AuthFinder, inner PasswordService) *AuthedPasswordService

NewAuthedPasswordService wraps an existing PasswordService with authorization middleware.

func (*AuthedPasswordService) SetPassword 

func (s *AuthedPasswordService) SetPassword(ctx context.Context, authID platform.ID, password string) error

SetPassword overrides the password of a known user.

type Authorizer 

type Authorizer struct {
	AuthV1   AuthTokenFinder  // A service to find V1 tokens
	AuthV2   AuthTokenFinder  // A service to find V2 tokens
	Comparer PasswordComparer // A service to compare passwords for V1 tokens
	User     UserFinder       // A service to find users
}

A type that is used to verify credentials.

func (*Authorizer) Authorize 

func (v *Authorizer) Authorize(ctx context.Context, c influxdb.CredentialsV1) (auth *influxdb.Authorization, err error)

Authorize returns an influxdb.Authorization if c can be verified; otherwise, an error. influxdb.ErrCredentialsUnauthorized will be returned if the credentials are invalid.

type CachingPasswordsService 

type CachingPasswordsService struct {
	// contains filtered or unexported fields
}

An implementation of influxdb.PasswordsService that will perform ComparePassword requests at a reduced cost under certain conditions. See ComparePassword for further information.

The cache is only valid for the duration of the process.

func NewCachingPasswordsService 

func NewCachingPasswordsService(inner influxdb.PasswordsService) *CachingPasswordsService

func (*CachingPasswordsService) CompareAndSetPassword 

func (c *CachingPasswordsService) CompareAndSetPassword(ctx context.Context, id platform.ID, old, new string) error

func (*CachingPasswordsService) ComparePassword 

func (c *CachingPasswordsService) ComparePassword(ctx context.Context, id platform.ID, password string) error

ComparePassword will attempt to perform the comparison using a lower cost hashing function if influxdb.ContextHasPasswordCacheOption returns true for ctx.

func (*CachingPasswordsService) SetPassword 

func (c *CachingPasswordsService) SetPassword(ctx context.Context, id platform.ID, password string) error

type Client 

type Client struct {
	Client *httpc.Client
}

Client connects to Influx via HTTP using tokens to manage authorizations

func (*Client) CreateAuthorization 

func (s *Client) CreateAuthorization(ctx context.Context, a *influxdb.Authorization) error

CreateAuthorization creates a new authorization and sets b.ID with the new identifier.

func (*Client) DeleteAuthorization 

func (s *Client) DeleteAuthorization(ctx context.Context, id platform.ID) error

DeleteAuthorization removes a authorization by id.

func (*Client) FindAuthorizationByID 

func (s *Client) FindAuthorizationByID(ctx context.Context, id platform.ID) (*influxdb.Authorization, error)

FindAuthorizationByID finds a single Authorization by its ID against a remote influx server.

func (*Client) FindAuthorizationByToken 

func (s *Client) FindAuthorizationByToken(ctx context.Context, token string) (*influxdb.Authorization, error)

FindAuthorizationByToken is not supported by the HTTP authorization service.

func (*Client) FindAuthorizations 

func (s *Client) FindAuthorizations(ctx context.Context, filter influxdb.AuthorizationFilter, opt ...influxdb.FindOptions) ([]*influxdb.Authorization, int, error)

FindAuthorizations returns a list of authorizations that match filter and the total count of matching authorizations. Additional options provide pagination & sorting.

func (*Client) SetPassword 

func (s *Client) SetPassword(ctx context.Context, id platform.ID, password string) error

SetPassword sets the password for the authorization token id.

func (*Client) UpdateAuthorization 

func (s *Client) UpdateAuthorization(ctx context.Context, id platform.ID, upd *influxdb.AuthorizationUpdate) (*influxdb.Authorization, error)

UpdateAuthorization updates the status and description if available.

type PasswordComparer 

type PasswordComparer interface {
	ComparePassword(ctx context.Context, authID platform.ID, password string) error
}

type PasswordService 

type PasswordService interface {
	SetPassword(ctx context.Context, id platform.ID, password string) error
}

type Service 

type Service struct {
	// contains filtered or unexported fields
}

func NewService 

func NewService(st *Store, ts TenantService) *Service

func (*Service) CompareAndSetPassword 

func (s *Service) CompareAndSetPassword(ctx context.Context, authID platform.ID, old, new string) error

CompareAndSetPassword checks the password and if they match updates to the new password.

func (*Service) ComparePassword 

func (s *Service) ComparePassword(ctx context.Context, authID platform.ID, password string) error

ComparePassword checks if the password matches the password recorded. Passwords that do not match return errors.

func (*Service) CreateAuthorization 

func (s *Service) CreateAuthorization(ctx context.Context, a *influxdb.Authorization) error

func (*Service) DeleteAuthorization 

func (s *Service) DeleteAuthorization(ctx context.Context, id platform.ID) error

func (*Service) FindAuthorizationByID 

func (s *Service) FindAuthorizationByID(ctx context.Context, id platform.ID) (*influxdb.Authorization, error)

func (*Service) FindAuthorizationByToken 

func (s *Service) FindAuthorizationByToken(ctx context.Context, n string) (*influxdb.Authorization, error)

FindAuthorizationByToken returns a authorization by token for a particular authorization.

func (*Service) FindAuthorizations 

func (s *Service) FindAuthorizations(ctx context.Context, filter influxdb.AuthorizationFilter, opt ...influxdb.FindOptions) ([]*influxdb.Authorization, int, error)

FindAuthorizations retrives all authorizations that match an arbitrary authorization filter. Filters using ID, or Token should be efficient. Other filters will do a linear scan across all authorizations searching for a match.

func (*Service) SetPassword 

func (s *Service) SetPassword(ctx context.Context, authID platform.ID, password string) error

SetPassword overrides the password of a known user.

func (*Service) SetPasswordHash 

func (s *Service) SetPasswordHash(ctx context.Context, authID platform.ID, passHash string) error

SetPasswordHash updates the password hash for id. If passHash is not a valid bcrypt hash, SetPasswordHash returns an error.

This API is intended for upgrading 1.x users.

func (*Service) UpdateAuthorization 

func (s *Service) UpdateAuthorization(ctx context.Context, id platform.ID, upd *influxdb.AuthorizationUpdate) (*influxdb.Authorization, error)

UpdateAuthorization updates the status and description if available.

type Store 

type Store struct {
	IDGen platform.IDGenerator
	// contains filtered or unexported fields
}

func NewStore 

func NewStore(kvStore kv.Store) (*Store, error)

func (*Store) CreateAuthorization 

func (s *Store) CreateAuthorization(ctx context.Context, tx kv.Tx, a *influxdb.Authorization) error

CreateAuthorization takes an Authorization object and saves it in storage using its token using its token property as an index

func (*Store) DeleteAuthorization 

func (s *Store) DeleteAuthorization(ctx context.Context, tx kv.Tx, id platform.ID) error

DeleteAuthorization removes an authorization from storage

func (*Store) DeletePassword 

func (s *Store) DeletePassword(ctx context.Context, tx kv.Tx, id platform.ID) error

func (*Store) GetAuthorizationByID 

func (s *Store) GetAuthorizationByID(ctx context.Context, tx kv.Tx, id platform.ID) (*influxdb.Authorization, error)

GetAuthorization gets an authorization by its ID from the auth bucket in kv

func (*Store) GetAuthorizationByToken 

func (s *Store) GetAuthorizationByToken(ctx context.Context, tx kv.Tx, token string) (*influxdb.Authorization, error)

func (*Store) GetPassword 

func (s *Store) GetPassword(ctx context.Context, tx kv.Tx, id platform.ID) (string, error)

func (*Store) ListAuthorizations 

func (s *Store) ListAuthorizations(ctx context.Context, tx kv.Tx, f influxdb.AuthorizationFilter) ([]*influxdb.Authorization, error)

ListAuthorizations returns all the authorizations matching a set of FindOptions. This function is used for FindAuthorizationByID, FindAuthorizationByToken, and FindAuthorizations in the AuthorizationService implementation

func (*Store) SetPassword 

func (s *Store) SetPassword(ctx context.Context, tx kv.Tx, id platform.ID, password string) error

func (*Store) Update 

func (s *Store) Update(ctx context.Context, fn func(kv.Tx) error) error

Update opens up a transaction that will mutate data.

func (*Store) UpdateAuthorization 

func (s *Store) UpdateAuthorization(ctx context.Context, tx kv.Tx, id platform.ID, a *influxdb.Authorization) (*influxdb.Authorization, error)

UpdateAuthorization updates the status and description only of an authorization

func (*Store) View 

func (s *Store) View(ctx context.Context, fn func(kv.Tx) error) error

View opens up a transaction that will not write to any data. Implementing interfaces should take care to ensure that all view transactions do not mutate any data.

type TenantService 

type TenantService interface {
	FindOrganizationByID(ctx context.Context, id platform.ID) (*influxdb.Organization, error)
	FindOrganization(ctx context.Context, filter influxdb.OrganizationFilter) (*influxdb.Organization, error)
	FindUserByID(ctx context.Context, id platform.ID) (*influxdb.User, error)
	FindUser(ctx context.Context, filter influxdb.UserFilter) (*influxdb.User, error)
	FindBucketByID(ctx context.Context, id platform.ID) (*influxdb.Bucket, error)
}

TenantService is used to look up the Organization and User for an Authorization

type UserFinder 

type UserFinder interface {
	// Returns a single user by ID.
	FindUserByID(ctx context.Context, id platform.ID) (*influxdb.User, error)
}

Source Files

View all Source files

Directories

Path Synopsis
Package mocks is a generated GoMock package.
 Package mocks is a generated GoMock package.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.