auth

package
v0.0.0-...-9082c2d Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 2, 2016 License: Apache-2.0 Imports: 28 Imported by: 4

Documentation

Overview

Authentication service.

This service is a generic service for authentication.

Index

Constants

This section is empty.

Variables

View Source 
var (
	PASSWORD_HASH_SALT_LENGTH = 32
	PASSWORD_HASH_N           = 32768
	PASSWORD_HASH_R           = 8
	PASSWORD_HASH_P           = 1
	PASSWORD_HASH_KEYLEN      = 64
)

Functions

func AddAuthToUser 

func AddAuthToUser(db ab.DB, uuid, authid, secret, provider string) error

Adds an authentication method for a user.

func AuthenticateUser 

func AuthenticateUser(db ab.DB, name, authid string) (string, error)

Authenticates a user with authid.

func ConsumeToken 

func ConsumeToken(db ab.DB, uuid, category, token string) (bool, error)

Consumes a saved token.

This function deletes the token from the database.

func CreateToken 

func CreateToken(db ab.DB, uuid, category string, expires *time.Time, autoclean bool) (string, error)

Generates and saves a new token.

func GetOAuth1Client 

func GetOAuth1Client(db ab.DB, logger *log.Log, provider OAuth1ProviderDelegate, uid string) *oauth.Credentials

func GetOAuth2Client 

func GetOAuth2Client(db ab.DB, logger *log.Log, provider OAuth2ProviderDelegate, uid string) *http.Client

func LoggedInMiddleware 

func LoggedInMiddleware(user UserDelegate) func(http.Handler) http.Handler

This middlware restricts the endpoint for loggedin users.

func NotLoggedInMiddleware 

func NotLoggedInMiddleware(user UserDelegate) func(http.Handler) http.Handler

This middleware restricts the endpoint for anonymous users.

func RemoveExpiredTokens 

func RemoveExpiredTokens(db ab.DB) error

Removes all expired tokens from the dataabase.

Types

type AuthProvider 

type AuthProvider interface {
	GetName() string  // machine name of the provider (usually a lowercase word, max 32 characters)
	GetLabel() string // this is displayed to the user
	Register(baseURL string, srv *ab.Server, user UserDelegate)
}

type MailTemplateData 

type MailTemplateData struct {
	Url  string
	Mail string
	From string
}

type MultiUserDelegate 

type MultiUserDelegate struct {
	LoginUserDelegate func([]UserDelegate) []UserDelegate
	// contains filtered or unexported fields
}

This user delegate allows using multiple user delegats as if they were one.

The LoginUserDelegate decides which delegates should perform the login; if left empty, then all delegates will login.

func NewMultiUserDelegate 

func NewMultiUserDelegate(delegates ...UserDelegate) *MultiUserDelegate

func (*MultiUserDelegate) CurrentUser 

func (mud *MultiUserDelegate) CurrentUser(r *http.Request) string

func (*MultiUserDelegate) IsLoggedIn 

func (mud *MultiUserDelegate) IsLoggedIn(r *http.Request) bool

func (*MultiUserDelegate) LoginUser 

func (mud *MultiUserDelegate) LoginUser(r *http.Request, uuid string)

type OAuth1Provider 

type OAuth1Provider struct {
	// contains filtered or unexported fields
}

func NewOAuth1Provider 

func NewOAuth1Provider(ec *ab.EntityController, delegate OAuth1ProviderDelegate) *OAuth1Provider

func (*OAuth1Provider) GetLabel 

func (p *OAuth1Provider) GetLabel() string

func (*OAuth1Provider) GetName 

func (p *OAuth1Provider) GetName() string

func (*OAuth1Provider) Register 

func (p *OAuth1Provider) Register(baseURL string, srv *ab.Server, user UserDelegate)

type OAuth1ProviderDelegate 

type OAuth1ProviderDelegate interface {
	OAuthProvider
	GetClient() *oauth.Client
	PrepareUser(*oauth.Credentials) (ab.Entity, string, error)
}

type OAuth2Provider 

type OAuth2Provider struct {
	// contains filtered or unexported fields
}

func NewOAuth2Provider 

func NewOAuth2Provider(ec *ab.EntityController, delegate OAuth2ProviderDelegate) *OAuth2Provider

func (*OAuth2Provider) GetLabel 

func (p *OAuth2Provider) GetLabel() string

func (*OAuth2Provider) GetName 

func (p *OAuth2Provider) GetName() string

func (*OAuth2Provider) Register 

func (p *OAuth2Provider) Register(baseURL string, srv *ab.Server, user UserDelegate)

type OAuth2ProviderDelegate 

type OAuth2ProviderDelegate interface {
	OAuthProvider
	GetConfig() *oauth2.Config
	PrepareUser(*http.Client, *oauth2.Token) (ab.Entity, string, error)
}

type OAuthCredentials 

type OAuthCredentials struct {
	ID     string
	Secret string
}

Container struct for OAuth credentials.

func (OAuthCredentials) Empty 

func (c OAuthCredentials) Empty() bool

type OAuthProvider 

type OAuthProvider interface {
	GetName() string                                          // machine name of the provider (usually a lowercase word, max 32 characters)
	GetLabel() string                                         // the name of the OAuth provider that is displayed for the user
	ResolveUniqueID(db ab.DB, user ab.Entity) (string, error) // Tries to resolve the user with unique properties on the user entity
}

type Password 

type Password interface {
	ab.Entity
	GetPassword() string
	ValidatePassword() error
	GetEntity() ab.Entity
}

type PasswordAuthEmailSenderDelegate 

type PasswordAuthEmailSenderDelegate interface {
	SendRegistrationEmail(address, url string) error
	SendLostPasswordLink(address, url string) error
}

type PasswordAuthProvider 

type PasswordAuthProvider struct {
	// contains filtered or unexported fields
}

func NewPasswordAuthProvider 

func NewPasswordAuthProvider(ec *ab.EntityController, delegate PasswordAuthProviderDelegate, emailDelegate PasswordAuthEmailSenderDelegate) *PasswordAuthProvider

func (*PasswordAuthProvider) GetLabel 

func (p *PasswordAuthProvider) GetLabel() string

func (*PasswordAuthProvider) GetName 

func (p *PasswordAuthProvider) GetName() string

func (*PasswordAuthProvider) Register 

func (p *PasswordAuthProvider) Register(baseURL string, srv *ab.Server, user UserDelegate)

type PasswordAuthProviderDelegate 

type PasswordAuthProviderDelegate interface {
	GetPassword() Password
	GetDBErrorConverter() func(*pq.Error) ab.VerboseError
	GetAuthID(ab.Entity) string
	GetEmail(ab.Entity) string
	Get2FAIssuer() string
	LoadUser(string) (ab.Entity, error)
	LoadUserByMail(string) (ab.Entity, error)
}

type PasswordAuthSMTPEmailSenderDelegate 

type PasswordAuthSMTPEmailSenderDelegate struct {
	SMTPAddr  string
	SiteEmail string
	From      string

	RegistrationEmailTemplate *template.Template
	LostPasswordEmailTemplate *template.Template
	// contains filtered or unexported fields
}

func NewPasswordAuthSMTPEmailSenderDelegate 

func NewPasswordAuthSMTPEmailSenderDelegate(smtpAddr string, smtpAuth smtp.Auth, baseURL string) *PasswordAuthSMTPEmailSenderDelegate
func (d *PasswordAuthSMTPEmailSenderDelegate) SendLostPasswordLink(address, url string) error

func (*PasswordAuthSMTPEmailSenderDelegate) SendRegistrationEmail 

func (d *PasswordAuthSMTPEmailSenderDelegate) SendRegistrationEmail(address, url string) error

type PasswordChangeFields 

type PasswordChangeFields struct {
	PasswordFields
	OldPassword string `json:"old_password"`
}

func (PasswordChangeFields) GetOldPassword 

func (pcf PasswordChangeFields) GetOldPassword() string

type PasswordFields 

type PasswordFields struct {
	Password        string `json:"password"`
	PasswordConfirm string `json:"password_confirm"`
}

func (PasswordFields) GetPassword 

func (pf PasswordFields) GetPassword() string

func (PasswordFields) ValidatePassword 

func (pf PasswordFields) ValidatePassword() error

type PasswordLoginData 

type PasswordLoginData struct {
	Identifier string `json:"identifier"`
	Password   string `json:"password"`
}

type Service 

type Service struct {
	BaseURL string // base URL of the server that uses this service
	// contains filtered or unexported fields
}

Auth service settings.

func NewService 

func NewService(baseURL string, user UserDelegate, conn ab.DB, providers ...AuthProvider) *Service

Creates a new auth service.

Before using this service, make sure that you called util.SetKey().

func (*Service) AddProvider 

func (s *Service) AddProvider(p AuthProvider)

Adds an OAuth1Provider or an OAuth2Provider to the service. Adding a type that only implements the OAuthProvider interface will cause a runtime panic on Register().

func (*Service) Register 

func (s *Service) Register(srv *ab.Server) error

func (*Service) SchemaInstalled 

func (s *Service) SchemaInstalled(db ab.DB) bool

func (*Service) SchemaSQL 

func (s *Service) SchemaSQL() string

func (*Service) StopCleanup 

func (s *Service) StopCleanup()

Stops the token cleanup goroutine.

type SessionUserDelegate 

type SessionUserDelegate struct {
	DB         ab.DB
	TableName  string // Name of the user table, defaults to "user"
	UUIDColumn string // Name of the uuid column, defaults to "uuid"
}

A session-based user delegate, that stores the current user's UUID in the "uid" key of the session.

The DB value is optional. If provided, the delegate assumes that a table named "user" exists, and it has a UUID field which is its primary key.

func (*SessionUserDelegate) CurrentUser 

func (ud *SessionUserDelegate) CurrentUser(r *http.Request) string

func (*SessionUserDelegate) IsLoggedIn 

func (ud *SessionUserDelegate) IsLoggedIn(r *http.Request) bool

func (*SessionUserDelegate) LoginUser 

func (ud *SessionUserDelegate) LoginUser(r *http.Request, uuid string)

type UserDelegate 

type UserDelegate interface {
	IsLoggedIn(r *http.Request) bool
	CurrentUser(r *http.Request) string
	LoginUser(r *http.Request, uuid string)
}

Delegate interface for user management. This decouples the user management from the auth service.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.