service

package
v0.3.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 24, 2026 License: MIT Imports: 15 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// Admins can peform certain "other user" actions, ex: setting the password for a user other than themselves. This
	// is the default role, although this can be overriden in the service config
	RoleAdministrator = "admin"
)

Variables

View Source 
var (
	ErrLoginError            = errors.New("incorrect identifier/password combination")
	ErrEndpointDisabledError = errors.New("endpoint disabled")
)
View Source 
var (
	ErrSessionStoreRequiredError = errors.New("session store required")
	ErrUnauthenticatedError      = errors.New("authentication required")
	ErrSessionLookupError        = errors.New("error retrieving session info")
	ErrUnauthorizedError         = errors.New("unauthorized")
	ErrNoSessionError            = errors.New("no session object in context")
	ErrSessionCastError          = errors.New("unable to cast session value from context")
)
View Source 
var (
	ErrPasswordHashingError = errors.New("error hashing password")
)

Functions

func BasicAuthMiddleware 

func BasicAuthMiddleware(store SessionStore) func(http.Handler) http.Handler

func EnsureSessionHasOneOfRole 

func EnsureSessionHasOneOfRole(ctx context.Context, roles ...string) error

func HashPassword 

func HashPassword(pwd string) (string, error)

func NewConnectInterceptor 

func NewConnectInterceptor(conf ConnectInterceptorConfig) (connect.Interceptor, error)

func PasswordsMatch 

func PasswordsMatch(proposed string, stored string) bool

func SesssionFromContext 

func SesssionFromContext(ctx context.Context) (*storage.Session, error)

func SetSessionInContext 

func SetSessionInContext(ctx context.Context, session *storage.Session) context.Context

Types

type AuthBypassFunc 

type AuthBypassFunc func(route string) bool

type ConnectInterceptorConfig 

type ConnectInterceptorConfig struct {
	Store      SessionStore
	BypassFunc AuthBypassFunc
}

type Service 

type Service struct {
	pbv1beta1connect.UnimplementedPAuthServiceHandler
	// contains filtered or unexported fields
}

func NewService 

func NewService(conf ServiceConfig) *Service

func (*Service) Bootstrap 

func (s *Service) Bootstrap(ctx context.Context) (bool, error)

func (*Service) CreateUser 

func (s *Service) CreateUser(ctx context.Context, req *connect.Request[pbv1beta1.CreateUserRequest]) (*connect.Response[pbv1beta1.CreateUserResponse], error)

func (*Service) DeleteUser 

func (s *Service) DeleteUser(ctx context.Context, req *connect.Request[pbv1beta1.DeleteUserRequest]) (*connect.Response[pbv1beta1.DeleteUserResponse], error)

func (*Service) GrantUserRole 

func (s *Service) GrantUserRole(ctx context.Context, req *connect.Request[pbv1beta1.GrantUserRoleRequest]) (*connect.Response[pbv1beta1.GrantUserRoleResponse], error)

func (*Service) IsKeyActive 

func (s *Service) IsKeyActive(ctx context.Context, req *connect.Request[pbv1beta1.IsKeyActiveRequest]) (*connect.Response[pbv1beta1.IsKeyActiveResponse], error)

func (*Service) ListUserRoles 

func (s *Service) ListUserRoles(ctx context.Context, req *connect.Request[pbv1beta1.ListUserRolesRequest]) (*connect.Response[pbv1beta1.ListUserRolesResponse], error)

func (*Service) ListUsers 

func (s *Service) ListUsers(ctx context.Context, req *connect.Request[pbv1beta1.ListUsersRequest]) (*connect.Response[pbv1beta1.ListUsersResponse], error)

func (*Service) Login 

func (s *Service) Login(ctx context.Context, req *connect.Request[pbv1beta1.LoginRequest]) (*connect.Response[pbv1beta1.LoginResponse], error)

func (*Service) Purge 

func (s *Service) Purge(ctx context.Context, req *connect.Request[pbv1beta1.PurgeRequest]) (*connect.Response[pbv1beta1.PurgeResponse], error)

func (*Service) ReadUser 

func (s *Service) ReadUser(ctx context.Context, req *connect.Request[pbv1beta1.ReadUserReqeust]) (*connect.Response[pbv1beta1.ReadUserResponse], error)

func (*Service) RevokeUserRole 

func (s *Service) RevokeUserRole(ctx context.Context, req *connect.Request[pbv1beta1.RevokeUserRoleRequest]) (*connect.Response[pbv1beta1.RevokeUserRoleResponse], error)

func (*Service) SetUserPassword 

func (s *Service) SetUserPassword(ctx context.Context, req *connect.Request[pbv1beta1.SetUserPasswordRequest]) (*connect.Response[pbv1beta1.SetUserPasswordResponse], error)

func (*Service) UpdateUser 

func (s *Service) UpdateUser(ctx context.Context, req *connect.Request[pbv1beta1.UpdateUserRequest]) (*connect.Response[pbv1beta1.UpdateUserResponse], error)

type ServiceConfig 

type ServiceConfig struct {
	Store storage.Storer
	// PurgeEnabled enables the purge endpoint. This endpoint should never be enabled on a non-testing deployment
	PurgeEnabled bool
	// InitialAdminEmail is the email for the initial bootstrap user
	InitialAdminEmail string
	// InitialAdminPassword is the password for the initial bootstrap user
	InitialAdminPassword string
	// InitialAdminRoles are the roles given to the initial admin, defaults to RoleAdministrator
	InitialAdminRoles []string
	// CreateUserRoles are roles that are allowed to create other users, defaults to RoleAdministrator
	CreateUserRoles *set.Set[string]
	// ReadUserRoles are the roles that are allowed to read users other than themselves, defautls to RoleAdministrator
	ReadUserRoles *set.Set[string]
	// ListUserRoles are roles that are allowed to list all users on the platform, defaults to RoleAdministrator
	ListUserRoles *set.Set[string]
	// SetUserPasswordRoles are roles that are allowed to set the passwords for other users, defaults to RoleAdministrator
	SetUserPasswordRoles *set.Set[string]
	// UpdateUserRoles are roles that are allowed to update information about other users, defaults to RoleAdministrator
	UpdateUserRoles *set.Set[string]
	// DeleteUserRoles are roles that are allowed to delete users, defaults to RoleAdministrator
	DeleteUserRoles *set.Set[string]
	// GrantUserRoles are roles that are allowed to grant roles to other users, defaults to RoleAdministrator
	GrantUserRoles *set.Set[string]
	// RevokeUserRoles are roles that are allowed to revoke roles from other users, defaults to RoleAdministrator
	RevokeUserRoles *set.Set[string]
	// SessionLifetime is how long a given session is valid for. If not given defaults to 7 days
	SessionLifetime *time.Duration
	// NowFunc is using to override what "now" is for session duration calcuation. Typically only needed for testing
	NowFunc func() time.Time
}

type SessionStore 

type SessionStore interface {
	GetActiveSession(ctx context.Context, sessionKey string) (*storage.Session, error)
	ReadLoginInfo(ctx context.Context, userID *string, email *string) (*storage.LoginInfo, error)
	ListUserRoles(ctx context.Context, userId string) ([]string, error)
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.