auth

package
v0.15.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 15, 2024 License: AGPL-3.0 Imports: 18 Imported by: 0

Documentation

Overview

Package auth manages users, passwords, tokens and sessions.

Index

Constants

View Source 
const (
	CodeChars = "123456789ABCDEFGHILKMNPQRSTUVWXYZ"
	CodeSize  = 6
)
View Source 
const (
	CookieName = takeout.AppName
)

Variables

View Source 
var (
	ErrBadDriver                = errors.New("driver not supported")
	ErrUserNotFound             = errors.New("user not found")
	ErrKeyMismatch              = errors.New("key mismatch")
	ErrSessionNotFound          = errors.New("session not found")
	ErrSessionExpired           = errors.New("session expired")
	ErrCodeNotFound             = errors.New("code not found")
	ErrCodeExpired              = errors.New("code has expired")
	ErrCodeAlreadyUsed          = errors.New("code already authorized")
	ErrInvalidTokenSubject      = errors.New("invalid subject")
	ErrInvalidTokenAudience     = errors.New("invalid audience")
	ErrInvalidTokenMethod       = errors.New("invalid token method")
	ErrInvalidTokenIssuer       = errors.New("invalid token issuer")
	ErrInvalidTokenClaims       = errors.New("invalid token claims")
	ErrInvalidAccessTokenSecret = errors.New("invalid access token secret")
	ErrInvalidMediaTokenSecret  = errors.New("invalid media token secret")
	ErrInvalidCodeTokenSecret   = errors.New("invalid code token secret")
	ErrInvalidFileTokenSecret   = errors.New("invalid file token secret")
	ErrInvalidTokenSecret       = errors.New("invalid token secret")
	ErrTokenExpired             = errors.New("token expired")
	ErrMissingTOTP              = errors.New("missing totp")
	ErrInvalidPasscodeIssuer    = errors.New("invalid passcode issuer")
	ErrInvalidPasscode          = errors.New("invalid passcode")
	ErrPasscodeRequired         = errors.New("passcode required")
	ErrLoginFailed              = errors.New("login failed")
)

Functions

func CredentialsError 

func CredentialsError(err error) bool

func ExpireCookie 

func ExpireCookie(cookie *http.Cookie) *http.Cookie

ExpireCookie will update cookie fields to ensure it's expired.

func GeneratePasscode added in v0.15.0 

func GeneratePasscode(secret string) (string, error)

for unit testing

func GenerateTOTP added in v0.15.0 

func GenerateTOTP(config config.TOTPConfig, userid string) (string, error)

func SecretFromURL added in v0.15.0 

func SecretFromURL(url string) (string, error)

func UpdateCookie 

func UpdateCookie(session *Session, cookie *http.Cookie)

UpdateCookie will update the cookie age based on the time left for the session.

func ValidatePasscode added in v0.15.0 

func ValidatePasscode(passcode, secret string) bool

Types

type Auth 

type Auth struct {
	// contains filtered or unexported fields
}

func NewAuth 

func NewAuth(config *config.Config) *Auth

func (*Auth) AddUser 

func (a *Auth) AddUser(userid, pass string) error

AddUser adds a new user to the user database.

func (*Auth) AssignMedia 

func (a *Auth) AssignMedia(userid, media string) error

func (*Auth) AssignTOTP added in v0.15.0 

func (a *Auth) AssignTOTP(userid, url string) error

assign a TOTP to a user

The TOTP secret is not stored encrypted. May change this later but would need a way to protect passwords used to encrypt secrets.

Entire otpauth URL is stored to support future use of different parameters.

func (*Auth) AssignedMedia 

func (a *Auth) AssignedMedia() []string

func (*Auth) AuthorizeCode 

func (a *Auth) AuthorizeCode(value, token string) error

This assumes token is valid

func (*Auth) ChangePass 

func (a *Auth) ChangePass(userid, newpass string) error

ChangePass changes the password associated with the provided userid. User Check prior to this if you'd like to verify the current password.

TODO this should trigger a TOTP change as well.

func (*Auth) CheckAccessToken 

func (a *Auth) CheckAccessToken(signedToken string) error

func (*Auth) CheckAccessTokenUser 

func (a *Auth) CheckAccessTokenUser(signedToken string) (User, error)

func (*Auth) CheckCodeToken 

func (a *Auth) CheckCodeToken(signedToken string) error

func (*Auth) CheckCookie 

func (a *Auth) CheckCookie(cookie *http.Cookie) error

func (*Auth) CheckFileToken added in v0.14.0 

func (a *Auth) CheckFileToken(signedToken string, path string) error

func (*Auth) CheckMediaToken 

func (a *Auth) CheckMediaToken(signedToken string) error

func (*Auth) CheckMediaTokenUser 

func (a *Auth) CheckMediaTokenUser(signedToken string) (User, error)

func (*Auth) Close 

func (a *Auth) Close()

func (*Auth) CookieSession 

func (a *Auth) CookieSession(cookie *http.Cookie) *Session

CookieSession will find the session associated with the provided cookie.

func (*Auth) DeleteExpiredCodes 

func (a *Auth) DeleteExpiredCodes() error

func (*Auth) DeleteExpiredSessions 

func (a *Auth) DeleteExpiredSessions() error

func (*Auth) DeleteSession 

func (a *Auth) DeleteSession(session Session)

DeleteSession will delete the provided session

func (*Auth) DeleteSessions 

func (a *Auth) DeleteSessions(u *User) error

func (*Auth) ExpireAll added in v0.15.0 

func (a *Auth) ExpireAll(userid string) error

Expire all user sessions. This will expire all cookies and refresh tokens. All other tokens will be valid until their ExpireAt.

func (*Auth) GenerateCode 

func (a *Auth) GenerateCode() *Code

func (*Auth) LinkedCode 

func (a *Auth) LinkedCode(value string) *Code

func (*Auth) Login 

func (a *Auth) Login(userid, pass string) (Session, error)

Login will create a new login session after authenticating the userid and password.

func (*Auth) LookupCode 

func (a *Auth) LookupCode(value string) *Code

func (*Auth) NewAccessToken 

func (a *Auth) NewAccessToken(s Session) (string, error)

NewAccessToken creates a new JWT token associated with the provided session.

func (*Auth) NewCodeToken 

func (a *Auth) NewCodeToken(subject string) (string, error)

NewCodeToken creates a new JWT token for code-based authentication

func (*Auth) NewCookie 

func (a *Auth) NewCookie(session *Session) http.Cookie

NewCookie creates a new cookie associated with the provided session.

func (*Auth) NewFileToken added in v0.14.0 

func (a *Auth) NewFileToken(path string) (string, error)

NewFileToken creates a new JWT token for file auth

func (*Auth) NewMediaToken 

func (a *Auth) NewMediaToken(s Session) (string, error)

NewMediaToken creates a new JWT token associated with the provided session.

func (*Auth) Open 

func (a *Auth) Open() (err error)

func (*Auth) PasscodeLogin added in v0.15.0 

func (a *Auth) PasscodeLogin(userid, pass, passcode string) (Session, error)

func (*Auth) Refresh 

func (a *Auth) Refresh(session *Session) error

func (*Auth) RefreshCookie 

func (a *Auth) RefreshCookie(session *Session, cookie *http.Cookie) error

RefreshCookie will renew a session and cookie.

func (*Auth) SessionUser 

func (a *Auth) SessionUser(session *Session) (*User, error)

func (*Auth) TokenSession 

func (a *Auth) TokenSession(token string) *Session

TokenSession will find the session associated with this provided token.

func (*Auth) User 

func (a *Auth) User(userid string) (User, error)

User returns the user found with the provded userid.

func (*Auth) ValidCode 

func (a *Auth) ValidCode(value string) *Code

type Code 

type Code struct {
	gorm.Model
	Value   string `gorm:"unique_index:idx_code_value"`
	Expires time.Time
	Token   string
}

func (*Code) Linked 

func (c *Code) Linked() bool

type Session 

type Session struct {
	gorm.Model
	User    string `gorm:"unique_index:idx_session_user"`
	Token   string `gorm:"unique_index:idx_session_token"`
	Expires time.Time
}

A Session is an authenticated user login session associated with a token and expiration date.

func (*Session) Duration 

func (s *Session) Duration() time.Duration

Duration returns the remain time for this session.

func (*Session) Expired 

func (s *Session) Expired() bool

Expired returns whether or not the session is expired.

func (*Session) Valid 

func (s *Session) Valid() bool

Valid returns whether or not the session is not expired.

type User 

type User struct {
	gorm.Model
	Name  string `gorm:"unique_index:idx_user_name"`
	Key   []byte
	Salt  []byte
	Media string
	TOTP  string
}

func (*User) FirstMedia 

func (u *User) FirstMedia() string

func (*User) MediaList 

func (u *User) MediaList() []string

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.