authdb

package
v1.65.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 24, 2023 License: AGPL-3.0 Imports: 15 Imported by: 0

Documentation

Index

Constants

View Source
const EncKeySizeEncoded = 28

EncKeySizeEncoded is size in base32 bytes + magic byte.

View Source
const KeyHashSizeEncoded = 64

KeyHashSizeEncoded is the length of a hex encoded KeyHash.

Variables

View Source
var (

	// NotFound is returned when a record is not found.
	NotFound = errs.Class("not found")

	// ErrAccessGrant occurs when an invalid access grant is given.
	ErrAccessGrant = errs.Class("access grant")
)
View Source
var Invalid = errs.Class("invalid")

Invalid is the class of error that is returned for invalid records.

View Source
var KeyHashError = errs.Class("key hash")

KeyHashError is a class of key hash errors.

Functions

This section is empty.

Types

type Database

type Database struct {
	// contains filtered or unexported fields
}

Database wraps Storage implementation and uses it to store encrypted accesses and secrets.

func NewDatabase

func NewDatabase(storage Storage, allowedSatelliteURLs map[storj.NodeURL]struct{}) *Database

NewDatabase constructs a Database. allowedSatelliteAddresses should contain the full URL (with a node ID), including port, for each satellite we allow for incoming access grants.

func (*Database) Get

func (db *Database) Get(ctx context.Context, accessKeyID EncryptionKey) (accessGrant string, public bool, secretKey SecretKey, err error)

Get retrieves an access grant and secret key, looked up by the hash of the access key, and then decrypted.

func (*Database) HealthCheck added in v1.65.0

func (db *Database) HealthCheck(ctx context.Context) (err error)

HealthCheck ensures the underlying storage backend works and returns an error otherwise.

func (*Database) Put

func (db *Database) Put(ctx context.Context, key EncryptionKey, accessGrant string, public bool) (secretKey SecretKey, err error)

Put encrypts the access grant with the key and stores it under the hash of the encryption key. It rejects access grants with expiration times that are before a minute from now.

func (*Database) SetAllowedSatellites

func (db *Database) SetAllowedSatellites(allowedSatelliteURLs map[storj.NodeURL]struct{})

SetAllowedSatellites updates the allowed satellites list from configuration values.

type EncryptionKey

type EncryptionKey [16]byte

EncryptionKey is an encryption key that an access/secret are encrypted with.

func NewEncryptionKey

func NewEncryptionKey() (EncryptionKey, error)

NewEncryptionKey returns a new random EncryptionKey with initial version byte.

func (*EncryptionKey) FromBase32

func (k *EncryptionKey) FromBase32(encoded string) error

FromBase32 loads the EncryptionKey from a lowercase RFC 4648 base32 string.

func (*EncryptionKey) FromBinary

func (k *EncryptionKey) FromBinary(data []byte) error

FromBinary reads the key from binary which must include the version byte.

func (EncryptionKey) Hash

func (k EncryptionKey) Hash() KeyHash

Hash returns the KeyHash for the EncryptionKey.

func (EncryptionKey) ToBase32

func (k EncryptionKey) ToBase32() string

ToBase32 returns the EncryptionKey as a lowercase RFC 4648 base32 string.

func (EncryptionKey) ToBinary

func (k EncryptionKey) ToBinary() []byte

ToBinary returns the EncryptionKey including the version byte.

func (EncryptionKey) ToStorjKey

func (k EncryptionKey) ToStorjKey() storj.Key

ToStorjKey returns the storj.Key equivalent for the EncryptionKey.

type KeyHash

type KeyHash [32]byte

KeyHash is the key under which Records are saved.

func (KeyHash) Bytes added in v1.31.0

func (kh KeyHash) Bytes() []byte

Bytes returns the bytes for key hash.

func (*KeyHash) FromHex added in v1.32.0

func (kh *KeyHash) FromHex(encoded string) error

FromHex sets the key hash from a hex encoded string.

func (*KeyHash) SetBytes added in v1.31.0

func (kh *KeyHash) SetBytes(v []byte) error

SetBytes sets the key hash from bytes.

func (KeyHash) ToHex added in v1.32.0

func (kh KeyHash) ToHex() string

ToHex converts a key hash to a hex encoded string.

type Record

type Record struct {
	SatelliteAddress     string
	MacaroonHead         []byte // 32 bytes probably
	EncryptedSecretKey   []byte
	EncryptedAccessGrant []byte
	ExpiresAt            *time.Time
	Public               bool // if true, knowledge of secret key is not required
}

Record holds encrypted credentials alongside metadata.

type SecretKey

type SecretKey [32]byte

SecretKey is the secret key used to sign requests.

func (SecretKey) ToBase32

func (s SecretKey) ToBase32() string

ToBase32 returns the SecretKey as a lowercase RFC 4648 base32 string.

func (SecretKey) ToBinary

func (s SecretKey) ToBinary() []byte

ToBinary returns the SecretKey including the version byte.

type Storage added in v1.65.0

type Storage interface {
	// Put stores the record.
	// It is an error if the key already exists.
	Put(ctx context.Context, keyHash KeyHash, record *Record) (err error)

	// Get retrieves the record.
	// It returns (nil, nil) if the key does not exist.
	// If the record is invalid, the error contains why.
	Get(ctx context.Context, keyHash KeyHash) (record *Record, err error)

	// HealthCheck ensures the storage backend works and returns an error
	// otherwise.
	HealthCheck(ctx context.Context) error

	// Run runs the storage backend.
	Run(ctx context.Context) error

	// Close closes the storage backend.
	Close() error
}

Storage is meant to be the storage backend for Auth Service's database, with the ability to store and retrieve records saved under key hashes.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL