Documentation ¶
Index ¶
- Constants
- Variables
- func ErrToStatus(err error) int
- func Float64Time(f float64) time.Time
- type EmailClaims
- type User
- func (u *User) BeforeCreate(tx *gorm.DB) error
- func (u *User) BeforeUpdate(tx *gorm.DB) error
- func (u *User) CheckPassword(password string) error
- func (u *User) Clean()
- func (u *User) GenerateEmailToken(key []byte, issuer, audience string, validity time.Duration) (string, error)
- func (u *User) GenerateToken(key []byte, issuer string, expiry time.Time) (string, error)
- func (u *User) NonAdminSaveOK(reservedUsernames []string) error
- func (u *User) ValidAdmin(claims *UserClaims) bool
- type UserClaims
- type UserMeta
Constants ¶
const SelfUser = "self"
SelfUser is a special username meaning the currently authenticated user
Variables ¶
var ( // ErrUserNotFound indicates the user attempted to perform an API call with a username that does not exist ErrUserNotFound = errors.New("user does not exist") // ErrUsernameExists indicates another user with the provided username exists ErrUsernameExists = errors.New("user with that username already exists") // ErrEmailExists indicates another user with the provided email exists ErrEmailExists = errors.New("user with that email already exists") // ErrLoginDisabled indicates login is disabled for this user ErrLoginDisabled = errors.New("login is disabled for this user") // ErrTokenRequired indicates a JWT is required for this endpoint ErrTokenRequired = errors.New("a valid token is required for this endpoint") // ErrAdminRequired indicates that an admin user is required ErrAdminRequired = errors.New("only admin users can make use of this endpoint") // ErrTokenExpired indicates that a user's token has expired ErrTokenExpired = errors.New("your token has expired") // ErrIncorrectPassword indicates the provide password was incorrect ErrIncorrectPassword = errors.New("incorrect password") // ErrUnverified indicates the user's email is not verified ErrUnverified = errors.New("email address is not verified") // ErrVerified indicates the user's email is already verified ErrVerified = errors.New("email address is already verified") // ErrOtherVerification indicates the user attempted to verify another user ErrOtherVerification = errors.New("can only verify own account") // ErrOtherReset indicates the user attempted to reset the password of another user ErrOtherReset = errors.New("can only reset password for own account") // ErrReservedUsername indicates a user attempted to use a reserved username ErrReservedUsername = errors.New("username is reserved, contact support if this username previously belonged to you") // ErrPasswordRequired indicates a user attempt to reset their password without providing the new password ErrPasswordRequired = errors.New("password is required") // ErrInternalField indicates an attempt to modify a field managed internally ErrInternalField = errors.New("attempt to modify internal field") // ErrInvalidUpdate indicates a misuse of the user Update operation ErrInvalidUpdate = errors.New("invalid update operation") )
var ( // AudAuth is the JWT audience for regular authentication tokens AudAuth = "auth" // AudVerification is the JWT audience for email verification tokens AudVerification = "verification" // AudPasswordReset is the JWT audience for password reset tokens AudPasswordReset = "password_reset" )
Functions ¶
func ErrToStatus ¶
ErrToStatus converts an error to a HTTP status code
func Float64Time ¶ added in v1.0.0
Types ¶
type EmailClaims ¶
type EmailClaims struct { jwt.StandardClaims Version uint `json:"version"` }
EmailClaims represents claims in an emailed JWT
type User ¶
type User struct { ID uint `json:"id" gorm:"primaryKey"` // User-modifiable Username string `json:"username" gorm:"uniqueIndex"` Email string `json:"email" gorm:"uniqueIndex"` Password *string `json:"password,omitempty"` FirstName string `json:"first_name"` LastName string `json:"last_name"` SSHKey *string `json:"ssh_key,omitempty"` // Only admin can set Verified *bool `json:"verified" gorm:"not null"` Renewed time.Time `json:"renewed"` IsAdmin *bool `json:"is_admin" gorm:"not null"` // Set only internally TokenVersion uint `json:"-"` Meta UserMeta `json:"meta" gorm:"embedded"` }
User represents a Netsoc member
func (*User) BeforeCreate ¶
BeforeCreate is called by GORM before creating the User
func (*User) BeforeUpdate ¶
BeforeUpdate is called by GORM before updating the User
func (*User) CheckPassword ¶
CheckPassword validates a password against the stored hash
func (*User) Clean ¶
func (u *User) Clean()
Clean scrubs fields which should not be visible in a returned object
func (*User) GenerateEmailToken ¶
func (u *User) GenerateEmailToken(key []byte, issuer, audience string, validity time.Duration) (string, error)
GenerateEmailToken generates a JWT for sending by email the user
func (*User) GenerateToken ¶
GenerateToken generates a JWT for the user
func (*User) NonAdminSaveOK ¶
NonAdminSaveOK returns true if a partial User (patch) can be saved with a non-admin account
func (*User) ValidAdmin ¶ added in v1.0.0
func (u *User) ValidAdmin(claims *UserClaims) bool
ValidAdmin returns whether or not a user is a "valid admin" (IsAdmin and not expired)
type UserClaims ¶
type UserClaims struct { jwt.StandardClaims IsAdmin bool `json:"is_admin"` Version uint `json:"version"` }
UserClaims represents claims in an auth JWT