Documentation
¶
Index ¶
- Constants
- Variables
- func ErrToStatus(err error) int
- func Float64Time(f float64) time.Time
- type EmailClaims
- type User
- func (u *User) BeforeCreate(tx *gorm.DB) error
- func (u *User) BeforeUpdate(tx *gorm.DB) error
- func (u *User) CheckPassword(password string) error
- func (u *User) Clean()
- func (u *User) GenerateEmailToken(key []byte, issuer, audience string, validity time.Duration) (string, error)
- func (u *User) GenerateToken(key []byte, issuer string, expiry time.Time) (string, error)
- func (u *User) NonAdminSaveOK(reservedUsernames []string) error
- func (u *User) ValidAdmin(claims *UserClaims) bool
- type UserClaims
- type UserMeta
Constants ¶
View Source
const SelfUser = "self"
SelfUser is a special username meaning the currently authenticated user
Variables ¶
View Source
var ( // ErrUserNotFound indicates the user attempted to perform an API call with a username that does not exist ErrUserNotFound = errors.New("user does not exist") // ErrUsernameExists indicates another user with the provided username exists ErrUsernameExists = errors.New("user with that username already exists") // ErrEmailExists indicates another user with the provided email exists ErrEmailExists = errors.New("user with that email already exists") // ErrLoginDisabled indicates login is disabled for this user ErrLoginDisabled = errors.New("login is disabled for this user") // ErrTokenRequired indicates a JWT is required for this endpoint ErrTokenRequired = errors.New("a valid token is required for this endpoint") // ErrAdminRequired indicates that an admin user is required ErrAdminRequired = errors.New("only admin users can make use of this endpoint") // ErrTokenExpired indicates that a user's token has expired ErrTokenExpired = errors.New("your token has expired") // ErrIncorrectPassword indicates the provide password was incorrect ErrIncorrectPassword = errors.New("incorrect password") // ErrUnverified indicates the user's email is not verified ErrUnverified = errors.New("email address is not verified") // ErrVerified indicates the user's email is already verified ErrVerified = errors.New("email address is already verified") // ErrOtherVerification indicates the user attempted to verify another user ErrOtherVerification = errors.New("can only verify own account") // ErrOtherReset indicates the user attempted to reset the password of another user ErrOtherReset = errors.New("can only reset password for own account") // ErrReservedUsername indicates a user attempted to use a reserved username ErrReservedUsername = errors.New("username is reserved, contact support if this username previously belonged to you") // ErrPasswordRequired indicates a user attempt to reset their password without providing the new password ErrPasswordRequired = errors.New("password is required") // ErrInternalField indicates an attempt to modify a field managed internally ErrInternalField = errors.New("attempt to modify internal field") // ErrInvalidUpdate indicates a misuse of the user Update operation ErrInvalidUpdate = errors.New("invalid update operation") )
View Source
var ( // AudAuth is the JWT audience for regular authentication tokens AudAuth = "auth" // AudVerification is the JWT audience for email verification tokens AudVerification = "verification" // AudPasswordReset is the JWT audience for password reset tokens AudPasswordReset = "password_reset" )
Functions ¶
func ErrToStatus ¶
ErrToStatus converts an error to a HTTP status code
func Float64Time ¶ added in v1.0.0
Types ¶
type EmailClaims ¶
type EmailClaims struct {
jwt.StandardClaims
Version uint `json:"version"`
}
EmailClaims represents claims in an emailed JWT
type User ¶
type User struct {
ID uint `json:"id" gorm:"primaryKey"`
// User-modifiable
Username string `json:"username" gorm:"uniqueIndex"`
Email string `json:"email" gorm:"uniqueIndex"`
Password *string `json:"password,omitempty"`
FirstName string `json:"first_name"`
LastName string `json:"last_name"`
SSHKey *string `json:"ssh_key,omitempty"`
// Only admin can set
Verified *bool `json:"verified" gorm:"not null"`
Renewed time.Time `json:"renewed"`
IsAdmin *bool `json:"is_admin" gorm:"not null"`
// Set only internally
TokenVersion uint `json:"-"`
Meta UserMeta `json:"meta" gorm:"embedded"`
}
User represents a Netsoc member
func (*User) BeforeCreate ¶
BeforeCreate is called by GORM before creating the User
func (*User) BeforeUpdate ¶
BeforeUpdate is called by GORM before updating the User
func (*User) CheckPassword ¶
CheckPassword validates a password against the stored hash
func (*User) Clean ¶
func (u *User) Clean()
Clean scrubs fields which should not be visible in a returned object
func (*User) GenerateEmailToken ¶
func (u *User) GenerateEmailToken(key []byte, issuer, audience string, validity time.Duration) (string, error)
GenerateEmailToken generates a JWT for sending by email the user
func (*User) GenerateToken ¶
GenerateToken generates a JWT for the user
func (*User) NonAdminSaveOK ¶
NonAdminSaveOK returns true if a partial User (patch) can be saved with a non-admin account
func (*User) ValidAdmin ¶ added in v1.0.0
func (u *User) ValidAdmin(claims *UserClaims) bool
ValidAdmin returns whether or not a user is a "valid admin" (IsAdmin and not expired)
type UserClaims ¶
type UserClaims struct {
jwt.StandardClaims
IsAdmin bool `json:"is_admin"`
Version uint `json:"version"`
}
UserClaims represents claims in an auth JWT
Source Files
Click to show internal directories.
Click to hide internal directories.