Documentation
¶
Overview ¶
Package auth provides authentication and authorization for XxSql.
Index ¶
- Variables
- type DatabasePrivilege
- type GlobalPrivilege
- type Manager
- func (m *Manager) Authenticate(username, password string) (*Session, error)
- func (m *Manager) ChangePassword(username, oldPassword, newPassword string) error
- func (m *Manager) CheckPermission(username string, perm Permission) (bool, error)
- func (m *Manager) CheckTablePermission(username, database, table string, perm Permission) bool
- func (m *Manager) CleanupExpiredSessions() int
- func (m *Manager) CreateUser(username, password string, role UserRole) (*User, error)
- func (m *Manager) DeleteUser(username string) error
- func (m *Manager) GetGrants(username string) ([]string, error)
- func (m *Manager) GetMySQLAuthHash(username string) ([]byte, error)
- func (m *Manager) GetUser(username string) (*User, error)
- func (m *Manager) GetUserByID(id uint64) (*User, error)
- func (m *Manager) GrantDatabase(username, database string, priv *DatabasePrivilege) error
- func (m *Manager) GrantGlobal(username string, priv *GlobalPrivilege) error
- func (m *Manager) GrantTable(username, database, table string, priv *TablePrivilege) error
- func (m *Manager) InvalidateSession(sessionID string)
- func (m *Manager) ListUsers() []*User
- func (m *Manager) Load() error
- func (m *Manager) LoadGrants() error
- func (m *Manager) RefreshSession(sessionID string) (*Session, error)
- func (m *Manager) RevokeDatabase(username, database string, priv *DatabasePrivilege) error
- func (m *Manager) RevokeGlobal(username string, priv *GlobalPrivilege) error
- func (m *Manager) RevokeTable(username, database, table string, priv *TablePrivilege) error
- func (m *Manager) Save() error
- func (m *Manager) SaveGrants() error
- func (m *Manager) SetUserDatabase(sessionID, database string) error
- func (m *Manager) ValidateSession(sessionID string) (*Session, error)
- func (m *Manager) VerifyMySQLAuth(username string, salt, authResponse []byte) (bool, error)
- type ManagerOption
- type Permission
- type PermissionChecker
- type Session
- type TablePrivilege
- type User
- type UserRole
Constants ¶
This section is empty.
Variables ¶
var RolePermissions = map[UserRole]Permission{ RoleAdmin: PermManageUsers | PermManageConfig | PermStartStop | PermCreateTable | PermDropTable | PermCreateDatabase | PermDropDatabase | PermSelect | PermInsert | PermUpdate | PermDelete | PermCreateIndex | PermDropIndex | PermBackup | PermRestore, RoleUser: PermSelect | PermInsert | PermUpdate | PermDelete, }
RolePermissions maps roles to their permissions.
Functions ¶
This section is empty.
Types ¶
type DatabasePrivilege ¶
type DatabasePrivilege struct {
Database string
Select bool
Insert bool
Update bool
Delete bool
Create bool
Drop bool
Index bool
Alter bool
}
DatabasePrivilege represents privileges on all tables in a database.
func (*DatabasePrivilege) HasPrivilege ¶
func (d *DatabasePrivilege) HasPrivilege(perm Permission) bool
HasPrivilege checks if a database privilege has a specific permission.
type GlobalPrivilege ¶
type GlobalPrivilege struct {
Select bool
Insert bool
Update bool
Delete bool
Create bool
Drop bool
Index bool
Alter bool
Grant bool // WITH GRANT OPTION
}
GlobalPrivilege represents global privileges.
func (*GlobalPrivilege) HasPermission ¶
func (g *GlobalPrivilege) HasPermission(perm Permission) bool
HasPermission checks if a global privilege has a specific permission.
type Manager ¶
type Manager struct {
// contains filtered or unexported fields
}
Manager manages users and sessions.
func NewManager ¶
func NewManager(opts ...ManagerOption) *Manager
NewManager creates a new auth manager.
func (*Manager) Authenticate ¶
Authenticate authenticates a user and creates a session.
func (*Manager) ChangePassword ¶
ChangePassword changes a user's password.
func (*Manager) CheckPermission ¶
func (m *Manager) CheckPermission(username string, perm Permission) (bool, error)
CheckPermission checks if a user has a specific permission.
func (*Manager) CheckTablePermission ¶
func (m *Manager) CheckTablePermission(username, database, table string, perm Permission) bool
CheckTablePermission checks if a user has a specific permission on a table.
func (*Manager) CleanupExpiredSessions ¶
CleanupExpiredSessions removes expired sessions.
func (*Manager) CreateUser ¶
CreateUser creates a new user.
func (*Manager) DeleteUser ¶
DeleteUser deletes a user.
func (*Manager) GetMySQLAuthHash ¶
GetMySQLAuthHash returns the MySQL auth hash for a user.
func (*Manager) GetUserByID ¶
GetUserByID retrieves a user by ID.
func (*Manager) GrantDatabase ¶
func (m *Manager) GrantDatabase(username, database string, priv *DatabasePrivilege) error
GrantDatabase grants database-level privileges to a user.
func (*Manager) GrantGlobal ¶
func (m *Manager) GrantGlobal(username string, priv *GlobalPrivilege) error
GrantGlobal grants global privileges to a user.
func (*Manager) GrantTable ¶
func (m *Manager) GrantTable(username, database, table string, priv *TablePrivilege) error
GrantTable grants table-level privileges to a user.
func (*Manager) InvalidateSession ¶
InvalidateSession invalidates a session.
func (*Manager) LoadGrants ¶
LoadGrants loads grants from the persistence file.
func (*Manager) RefreshSession ¶
RefreshSession refreshes a session's expiration time.
func (*Manager) RevokeDatabase ¶
func (m *Manager) RevokeDatabase(username, database string, priv *DatabasePrivilege) error
RevokeDatabase revokes database-level privileges from a user.
func (*Manager) RevokeGlobal ¶
func (m *Manager) RevokeGlobal(username string, priv *GlobalPrivilege) error
RevokeGlobal revokes global privileges from a user.
func (*Manager) RevokeTable ¶
func (m *Manager) RevokeTable(username, database, table string, priv *TablePrivilege) error
RevokeTable revokes table-level privileges from a user.
func (*Manager) SaveGrants ¶
SaveGrants saves grants to the persistence file.
func (*Manager) SetUserDatabase ¶
SetUserDatabase sets the database for a session.
func (*Manager) ValidateSession ¶
ValidateSession validates a session and returns it if valid.
type ManagerOption ¶
type ManagerOption func(*Manager)
ManagerOption is a functional option for Manager.
func WithDataDir ¶
func WithDataDir(dir string) ManagerOption
WithDataDir sets the data directory for persistence.
func WithSessionTTL ¶
func WithSessionTTL(ttl time.Duration) ManagerOption
WithSessionTTL sets the session TTL.
type Permission ¶
type Permission uint32
Permission represents a permission bit.
const ( PermManageUsers Permission = 1 << iota PermManageConfig PermStartStop PermCreateTable PermDropTable PermCreateDatabase PermDropDatabase PermSelect PermInsert PermUpdate PermDelete PermCreateIndex PermDropIndex PermBackup PermRestore )
type PermissionChecker ¶
type PermissionChecker struct {
// contains filtered or unexported fields
}
PermissionChecker provides permission checking for a session.
func NewPermissionChecker ¶
func NewPermissionChecker(session *Session) *PermissionChecker
NewPermissionChecker creates a new permission checker.
func (*PermissionChecker) Check ¶
func (p *PermissionChecker) Check(perm Permission) bool
Check checks if the session has the given permission.
func (*PermissionChecker) Require ¶
func (p *PermissionChecker) Require(perm Permission) error
Require checks the permission and returns an error if not granted.
type Session ¶
type Session struct {
ID string
UserID uint64
Username string
Role UserRole
CreatedAt time.Time
ExpiresAt time.Time
Database string
}
Session represents an authenticated session.
func (*Session) HasPermission ¶
func (s *Session) HasPermission(perm Permission) bool
HasPermission checks if the session has the given permission.
type TablePrivilege ¶
type TablePrivilege struct {
Database string
Table string
Select bool
Insert bool
Update bool
Delete bool
Create bool
Drop bool
Index bool
Alter bool
}
TablePrivilege represents privileges on a specific table.
func (*TablePrivilege) HasPrivilege ¶
func (t *TablePrivilege) HasPrivilege(perm Permission) bool
HasPrivilege checks if a specific privilege is granted.
Source Files