README
¶
Things Service
The Things service is the core resource management component of the Mainflux IoT platform. It manages the lifecycle of devices, their communication profiles, and the organizational groups they belong to. It also enforces role-based access control on all resources and provides the device authentication primitives used by the protocol adapters.
Resource Model
Resources in the Things service are organized in a four-level hierarchy:
Organization
└── Group
├── Profile
│ └── Thing
└── Thing
- Organization — A multi-tenant namespace managed by the Auth service. Groups are created within an organization.
- Group — The primary access-control boundary. All permissions for things and profiles are enforced at the group level. Users are granted roles within a group.
- Profile — A communication template shared by one or more things. Profiles define message format, content type, and optional data transformation rules. Things must be assigned to a profile.
- Thing — A physical or virtual device. A thing belongs to exactly one group and one profile.
Things
A thing represents a device or endpoint that connects to the platform. Things communicate with the platform using unique authentication keys.
| Field | Description |
|---|---|
id |
Unique thing identifier (UUID) |
group_id |
ID of the group the thing belongs to |
profile_id |
ID of the profile assigned to the thing |
name |
Human-readable device name |
type |
Device classification: device, sensor, actuator, controller, gateway |
key |
Internal authentication key used to authenticate the device |
external_key |
Optional external authentication key (e.g. for hardware-provisioned devices) |
metadata |
Arbitrary key-value pairs for custom attributes |
Device Authentication Keys
Things authenticate to the platform using one of two key types:
- Internal key — Generated by the platform at provisioning time. Used directly in the
Authorizationheader of protocol adapter requests. - External key — An optional secondary key, typically provided by the device manufacturer or hardware provisioning process. It can be set and removed independently via the API without reprovisioning the thing.
The platform resolves either key type to the thing's identity when processing inbound messages.
Profiles
A profile defines the message format and processing rules for all things assigned to it. Things within the same profile share the same communication contract.
| Field | Description |
|---|---|
id |
Unique profile identifier (UUID) |
group_id |
ID of the group the profile belongs to |
name |
Profile name |
config |
Communication and transformation configuration (see below) |
metadata |
Arbitrary key-value pairs for custom attributes |
Profile Configuration
The config object controls how messages published by things on this profile are processed:
| Field | Description |
|---|---|
content_type |
MIME content type of the messages (e.g. application/json) |
transformer.data_filters |
List of message field names to retain; all others are discarded |
transformer.data_field |
Field name containing the payload data |
transformer.time_field |
Field name containing the message timestamp |
transformer.time_format |
Format string for parsing the timestamp field |
transformer.time_location |
Timezone for timestamp normalization |
A profile cannot be deleted while things are assigned to it.
Groups
Groups are the administrative and access-control unit within an organization. All things and profiles belong to exactly one group.
| Field | Description |
|---|---|
id |
Unique group identifier (UUID) |
org_id |
ID of the organization this group belongs to |
name |
Group name |
description |
Optional free-form description |
metadata |
Arbitrary key-value pairs for custom attributes |
created_at |
Creation timestamp |
updated_at |
Last-modified timestamp |
The user who creates a group is automatically assigned the owner role for that group.
Role-Based Access Control
Access to things, profiles, and group management operations is controlled by the role a user holds within the resource's parent group.
| Role | Description |
|---|---|
owner |
Full control over the group. Cannot be changed or removed. |
admin |
Can manage group memberships and update group settings. |
editor |
Can create, update, and delete things and profiles within the group. |
viewer |
Read-only access to group resources. |
Required roles per operation:
| Operation | Minimum role |
|---|---|
| View thing / profile / group | viewer |
| Create / update thing or profile | editor |
| Delete thing or profile | editor |
| Update external key | editor |
| Manage group memberships | admin |
| Delete group | owner |
Group Memberships
Group memberships associate users with a group and grant them a role. Membership management requires at least the admin role in the target group.
- The
ownerrole is assigned exclusively to the group creator and cannot be transferred. - The owner cannot be removed from the group.
- Membership changes trigger email notifications to the affected user.
Standalone Mode
In constrained or development deployments, the Things service can operate in standalone mode without a live connection to the Auth service. In this mode, a single preconfigured user identity is used for all authorization checks, eliminating the need for the gRPC Auth service.
To enable standalone mode, set both MF_THINGS_STANDALONE_EMAIL and MF_THINGS_STANDALONE_TOKEN.
Configuration
The service is configured using the environment variables presented in the following table. Note that any unset variables will be replaced with their default values.
| Variable | Description | Default |
|---|---|---|
MF_THINGS_LOG_LEVEL |
Service log level (debug, info, warn, error) | error |
MF_THINGS_DB_HOST |
Database host address | localhost |
MF_THINGS_DB_PORT |
Database host port | 5432 |
MF_THINGS_DB_USER |
Database user | mainflux |
MF_THINGS_DB_PASS |
Database password | mainflux |
MF_THINGS_DB |
Name of the database used by the service | things |
MF_THINGS_DB_SSL_MODE |
Database connection SSL mode (disable, require, verify-ca, verify-full) | disable |
MF_THINGS_DB_SSL_CERT |
Path to the PEM encoded certificate file | |
MF_THINGS_DB_SSL_KEY |
Path to the PEM encoded key file | |
MF_THINGS_DB_SSL_ROOT_CERT |
Path to the PEM encoded root certificate file | |
MF_THINGS_CLIENT_TLS |
Enable TLS for outgoing gRPC connections | false |
MF_THINGS_CA_CERTS |
Path to trusted CA certificates in PEM format | |
MF_THINGS_CACHE_URL |
Redis URL for the thing key cache | redis://localhost:6379/0 |
MF_THINGS_ES_URL |
Redis URL for the event store | redis://localhost:6379/0 |
MF_THINGS_HTTP_PORT |
Things service HTTP port | 8182 |
MF_THINGS_AUTH_HTTP_PORT |
Things service internal auth HTTP port | 8989 |
MF_THINGS_AUTH_GRPC_PORT |
Things service auth gRPC port | 8183 |
MF_THINGS_SERVER_CERT |
Path to server certificate in PEM format | |
MF_THINGS_SERVER_KEY |
Path to server key in PEM format | |
MF_THINGS_STANDALONE_EMAIL |
User email for standalone mode (disables Auth gRPC communication) | |
MF_THINGS_STANDALONE_TOKEN |
User token for standalone mode, used in place of the Auth service | |
MF_JAEGER_URL |
Jaeger server URL for distributed tracing. Leave empty to disable tracing. | |
MF_AUTH_GRPC_URL |
Auth service gRPC URL | localhost:8181 |
MF_AUTH_GRPC_TIMEOUT |
Auth service gRPC request timeout | 1s |
MF_EMAIL_HOST |
Mail server host | localhost |
MF_EMAIL_PORT |
Mail server port | 25 |
MF_EMAIL_USERNAME |
Mail server username | |
MF_EMAIL_PASSWORD |
Mail server password | |
MF_EMAIL_FROM_ADDRESS |
Sender email address | |
MF_EMAIL_FROM_NAME |
Sender display name | |
MF_EMAIL_TEMPLATES_DIR |
Path to the directory containing email templates | . |
Deployment
The service is distributed as a Docker container. Refer to the things service section in the Docker Compose file for a reference deployment configuration.
To build and run the service manually:
# Download the latest version
git clone https://github.com/MainfluxLabs/mainflux
cd mainflux
# Compile the service
make things
# Copy binary to bin
make install
# Run the service
MF_THINGS_LOG_LEVEL=[log level] \
MF_THINGS_DB_HOST=[db host] \
MF_THINGS_DB_PORT=[db port] \
MF_THINGS_DB_USER=[db user] \
MF_THINGS_DB_PASS=[db password] \
MF_THINGS_DB=[db name] \
MF_THINGS_CACHE_URL=[redis url] \
MF_THINGS_ES_URL=[redis url] \
MF_THINGS_HTTP_PORT=[http port] \
MF_AUTH_GRPC_URL=[auth grpc url] \
$GOBIN/mainfluxlabs-things
Setting MF_THINGS_CA_CERTS enables mutual TLS verification for outgoing gRPC connections to the Auth service, trusting only the provided CA certificates.
Machine-to-Machine (M2M) Policies
Things are assigned a type that determines what they are allowed to do within their group. The supported types are:
| Type | Description |
|---|---|
controller |
Orchestrates other devices; issues commands |
gateway |
Bridges networks; forwards data |
sensor |
Reads and reports measurements |
actuator |
Receives and executes commands |
device |
General-purpose device |
Capability matrix
Authorization is enforced per action:
message— any type can send a message to any other type within the same group.command— restricted by publisher type:
| Publisher type | command targets |
|---|---|
controller |
sensor, actuator, device |
gateway |
sensor, actuator, device |
device |
device |
sensor |
(none) |
actuator |
(none) |
Both publisher and recipient must belong to the same group. A thing with an unknown or missing type is denied all command actions.
Usage
For the full HTTP API reference, see the OpenAPI specification.
For a broader overview of how device provisioning and profiles fit into the platform, refer to the official documentation.
Documentation
¶
Overview ¶
Package things contains the domain concept definitions needed to support Mainflux things service functionality.
Index ¶
- Constants
- Variables
- func CanCommand(publisherType, recipientType string) error
- func CanGroupCommand(publisherType string) error
- type Backup
- type Config
- type Emailer
- type Group
- type GroupCache
- type GroupMembership
- type GroupMemberships
- type GroupMembershipsPage
- type GroupMembershipsRepository
- type GroupPage
- type GroupRepository
- type Groups
- type Metadata
- type PageMetadata
- type Profile
- type ProfileCache
- type ProfileRepository
- type ProfilesPage
- type PubConfigInfo
- type Service
- type Thing
- type ThingAccessReq
- type ThingCache
- type ThingCommandReq
- type ThingGroupCommandReq
- type ThingKey
- type ThingRepository
- type ThingsPage
- type Transformer
- type UserAccessReq
Constants ¶
View Source
const ( Viewer = domain.GroupViewer Editor = domain.GroupEditor Admin = domain.GroupAdmin Owner = domain.GroupOwner )
Role constants are aliases for the shared domain types.
View Source
const ( KeyTypeInternal = domain.KeyTypeInternal KeyTypeExternal = domain.KeyTypeExternal ThingTypeDevice = "device" ThingTypeSensor = "sensor" ThingTypeActuator = "actuator" ThingTypeController = "controller" ThingTypeGateway = "gateway" )
Variables ¶
View Source
var AllowedOrders = map[string]string{
"id": "id",
"name": "name",
"email": "email",
"created_at": "created_at",
"updated_at": "updated_at",
"type": "type",
}
View Source
var ErrGroupMembershipExists = errors.New("group membership already exists")
ErrGroupMembershipExists indicates that membership already exists.
View Source
var (
ErrProfileAssigned = errors.New("profile currently assigned to thing(s)")
)
Functions ¶
func CanCommand ¶ added in v0.39.0
CanCommand checks publisher type against a specific recipient type.
func CanGroupCommand ¶ added in v0.39.0
CanGroupCommand checks if the publisher has any command authority. Group commands are intentionally coarse — filtering by recipient type is the responsibility of the receiving things, not the publisher.
Types ¶
type Backup ¶
type Backup struct {
Things []Thing
Profiles []Profile
Groups []Group
GroupMemberships []GroupMembership
}
type GroupCache ¶ added in v0.25.0
type GroupCache interface {
// RemoveGroupEntities removes all entities related to the group identified by groupID.
RemoveGroupEntities(context.Context, string) error
// SaveGroupMembership stores role for given groupID and memberID.
SaveGroupMembership(context.Context, string, string, string) error
// ViewRole returns role for given groupID and memberID.
ViewRole(context.Context, string, string) (string, error)
// RemoveGroupMembership removes group membership for given groupID and memberID.
RemoveGroupMembership(context.Context, string, string) error
// RetrieveGroupIDsByMember returns group IDs for given memberID.
RetrieveGroupIDsByMember(context.Context, string) ([]string, error)
}
GroupCache contains group caching interface.
type GroupMembership ¶ added in v0.29.0
type GroupMembership = domain.GroupMembership
Domain type aliases
type GroupMemberships ¶ added in v0.29.0
type GroupMemberships interface {
// CreateGroupMemberships adds memberships to a group identified by the provided ID.
CreateGroupMemberships(ctx context.Context, token, redirectPath string, gms ...GroupMembership) error
// CreateGroupMembershipsInternal saves group memberships without requiring authentication.
CreateGroupMembershipsInternal(ctx context.Context, gms ...GroupMembership) error
// ListGroupMemberships retrieves a paginated list of group memberships for the given group.
ListGroupMemberships(ctx context.Context, token, groupID string, pm PageMetadata) (GroupMembershipsPage, error)
// UpdateGroupMemberships updates roles of a specific group membership.
UpdateGroupMemberships(ctx context.Context, token string, gms ...GroupMembership) error
// RemoveGroupMemberships removes memberships from the given group.
RemoveGroupMemberships(ctx context.Context, token, groupID string, memberIDs ...string) error
}
GroupMemberships defines a service for managing group memberships.
type GroupMembershipsPage ¶ added in v0.29.0
type GroupMembershipsPage = domain.GroupMembershipsPage
Domain type aliases
type GroupMembershipsRepository ¶ added in v0.29.0
type GroupMembershipsRepository interface {
// Save persists group memberships.
Save(ctx context.Context, gms ...GroupMembership) error
// RetrieveRole retrieves role of a specific group membership.
RetrieveRole(ctx context.Context, gm GroupMembership) (string, error)
// RetrieveByGroup retrieves a paginated list of group memberships by group ID.
RetrieveByGroup(ctx context.Context, groupID string, pm PageMetadata) (GroupMembershipsPage, error)
// BackupAll retrieves all group memberships. Used for backup.
BackupAll(ctx context.Context) ([]GroupMembership, error)
// BackupByGroup retrieves all group memberships by group ID. This is used for backup.
BackupByGroup(ctx context.Context, groupID string) ([]GroupMembership, error)
// RetrieveGroupIDsByMember retrieves IDs of groups where the member belongs.
RetrieveGroupIDsByMember(ctx context.Context, memberID string) ([]string, error)
// Remove removes the provided group memberships.
Remove(ctx context.Context, groupID string, memberIDs ...string) error
// Update updates existing group memberships.
Update(ctx context.Context, gms ...GroupMembership) error
}
GroupMembershipsRepository specifies an interface for managing group memberships in persistence.
type GroupRepository ¶
type GroupRepository interface {
// Save persists groups.
Save(ctx context.Context, g ...Group) ([]Group, error)
// Update performs an update to the existing group.
Update(ctx context.Context, g Group) (Group, error)
// Remove removes groups by their IDs.
Remove(ctx context.Context, ids ...string) error
// RemoveByOrg removes groups by org ID.
RemoveByOrg(ctx context.Context, orgID string) error
// RetrieveByID retrieves a group by its ID.
RetrieveByID(ctx context.Context, id string) (Group, error)
// RetrieveByIDs retrieves groups by their IDs.
RetrieveByIDs(ctx context.Context, ids []string, pm PageMetadata) (GroupPage, error)
// BackupAll retrieves all groups.
BackupAll(ctx context.Context) ([]Group, error)
// RetrieveIDsByOrgMembership retrieves group IDs by org membership.
RetrieveIDsByOrgMembership(ctx context.Context, orgID, memberID string) ([]string, error)
// RetrieveIDsByOrg retrieves all group IDs by org.
RetrieveIDsByOrg(ctx context.Context, orgID string) ([]string, error)
// RetrieveAll retrieves all groups with pagination.
RetrieveAll(ctx context.Context, pm PageMetadata) (GroupPage, error)
}
GroupRepository specifies a group persistence API.
type Groups ¶
type Groups interface {
// CreateGroups adds groups to the user identified by the provided key.
CreateGroups(ctx context.Context, token, orgID string, groups ...Group) ([]Group, error)
// UpdateGroup updates the group identified by the provided ID.
UpdateGroup(ctx context.Context, token string, g Group) (Group, error)
// ViewGroup retrieves data about the group identified by ID.
ViewGroup(ctx context.Context, token, id string) (Group, error)
// ViewGroupInternal retrieves data about the Group identified by ID, without requiring authentication.
ViewGroupInternal(ctx context.Context, id string) (Group, error)
// ListGroups retrieves page of all groups.
ListGroups(ctx context.Context, token string, pm PageMetadata) (GroupPage, error)
// ListGroupsByOrg retrieves page of groups that are assigned to an org identified by ID.
ListGroupsByOrg(ctx context.Context, token, orgID string, pm PageMetadata) (GroupPage, error)
// ListThingsByGroup retrieves page of things that are assigned to a group identified by ID.
ListThingsByGroup(ctx context.Context, token, groupID string, pm PageMetadata) (ThingsPage, error)
// ListProfilesByGroup retrieves page of profiles that are assigned to a group identified by ID.
ListProfilesByGroup(ctx context.Context, token, groupID string, pm PageMetadata) (ProfilesPage, error)
// ViewGroupByThing retrieves group that thing belongs to.
ViewGroupByThing(ctx context.Context, token, thingID string) (Group, error)
// RemoveGroups removes the groups identified with the provided IDs.
RemoveGroups(ctx context.Context, token string, ids ...string) error
// RemoveGroupsByOrg removes groups related to an org identified by org ID.
RemoveGroupsByOrg(ctx context.Context, orgID string) ([]string, error)
// ViewGroupByProfile retrieves group that profile belongs to.
ViewGroupByProfile(ctx context.Context, token, profileID string) (Group, error)
}
type PageMetadata ¶
type PageMetadata struct {
Total uint64 `json:"total,omitempty"`
Offset uint64 `json:"offset,omitempty"`
Limit uint64 `json:"limit,omitempty"`
Order string `json:"order,omitempty"`
Dir string `json:"dir,omitempty"`
Name string `json:"name,omitempty"`
Metadata map[string]any `json:"metadata,omitempty"`
Email string `json:"email,omitempty"`
}
PageMetadata contains page metadata that helps navigation.
func (PageMetadata) Validate ¶ added in v0.39.0
func (pm PageMetadata) Validate(maxLimitSize, maxNameSize int) error
Validate validates the page metadata.
type ProfileCache ¶ added in v0.24.0
type ProfileCache interface {
// SaveGroup stores group ID by given profile ID.
SaveGroup(context.Context, string, string) error
// RemoveGroup removes group ID by given profile ID.
RemoveGroup(context.Context, string) error
// ViewGroup returns group ID by given profile ID.
ViewGroup(context.Context, string) (string, error)
}
ProfileCache contains profile caching interface.
type ProfileRepository ¶ added in v0.24.0
type ProfileRepository interface {
// Save persists multiple profiles. Profiles are saved using a transaction. If one profile
// fails then none will be saved. Successful operation is indicated by non-nil
// error response.
Save(ctx context.Context, prs ...Profile) ([]Profile, error)
// Update performs an update to the existing profile. A non-nil error is
// returned to indicate operation failure.
Update(ctx context.Context, c Profile) error
// RetrieveByID retrieves the profile having the provided identifier, that is owned
// by the specified user.
RetrieveByID(ctx context.Context, id string) (Profile, error)
// RetrieveByThing retrieves the profile connected to the given thing id.
RetrieveByThing(ctx context.Context, thID string) (Profile, error)
// Remove removes the profiles having the provided identifiers, that is owned
// by the specified user.
Remove(ctx context.Context, id ...string) error
// BackupAll retrieves all profiles for all users.
BackupAll(ctx context.Context) ([]Profile, error)
// RetrieveAll retrieves all profiles for all users with pagination.
RetrieveAll(ctx context.Context, pm PageMetadata) (ProfilesPage, error)
// RetrieveByGroups retrieves the subset of profiles specified by given group ids.
RetrieveByGroups(ctx context.Context, groupIDs []string, pm PageMetadata) (ProfilesPage, error)
}
ProfileRepository specifies a profile persistence API.
type Service ¶
type Service interface {
// CreateThings adds things to the user identified by the token.
// The group ID for each thing is assigned based on the provided profile ID.
CreateThings(ctx context.Context, token, profileID string, things ...Thing) ([]Thing, error)
// UpdateThing updates the Thing identified by the provided ID, as the user authenticated by 'token',
// who must possess required permissions in the Thing's belonging Group.
UpdateThing(ctx context.Context, token string, thing Thing) error
// UpdateThingGroupAndProfile updates the Thing's belonging Profile or Group.
UpdateThingGroupAndProfile(ctx context.Context, token string, thing Thing) error
// UpdateThingsMetadata updates the things metadata identified by the provided IDs, that
// belongs to the user identified by the provided token.
UpdateThingsMetadata(ctx context.Context, token string, things ...Thing) error
// ViewThing retrieves data about the thing identified with the provided
// ID, that belongs to the user identified by the provided key.
ViewThing(ctx context.Context, token, id string) (Thing, error)
// ListThings retrieves data about subset of things that belongs to the
// user identified by the provided key.
ListThings(ctx context.Context, token string, pm PageMetadata) (ThingsPage, error)
// ListThingsByOrg retrieves page of things that belong to an org identified by ID.
ListThingsByOrg(ctx context.Context, token string, orgID string, pm PageMetadata) (ThingsPage, error)
// ListThingsByProfile retrieves data about subset of things that are
// connected or not connected to specified profile and belong to the user identified by
// the provided key.
ListThingsByProfile(ctx context.Context, token, prID string, pm PageMetadata) (ThingsPage, error)
// RemoveThings removes the things identified with the provided IDs, that
// belongs to the user identified by the provided key.
RemoveThings(ctx context.Context, token string, id ...string) error
// CreateProfiles adds profiles to the user identified by the token.
// The group ID is assigned to each profile.
CreateProfiles(ctx context.Context, token, groupID string, profiles ...Profile) ([]Profile, error)
// UpdateProfile updates the profile identified by the provided ID, that
// belongs to the user identified by the provided key.
UpdateProfile(ctx context.Context, token string, profile Profile) error
// ViewProfile retrieves data about the profile identified by the provided
// ID, that belongs to the user identified by the provided key.
ViewProfile(ctx context.Context, token, id string) (Profile, error)
// ListProfiles retrieves data about subset of profiles that belongs to the
// user identified by the provided key.
ListProfiles(ctx context.Context, token string, pm PageMetadata) (ProfilesPage, error)
// ListProfilesByOrg retrieves page of profiles that belong to an org identified by ID.
ListProfilesByOrg(ctx context.Context, token string, orgID string, pm PageMetadata) (ProfilesPage, error)
// ViewProfileByThing retrieves data about profile that have
// specified thing connected or not connected to it and belong to the user identified by
// the provided key.
ViewProfileByThing(ctx context.Context, token, thID string) (Profile, error)
// ViewMetadataByKey retrieves metadata about the thing identified by the given key.
ViewMetadataByKey(ctx context.Context, key ThingKey) (Metadata, error)
// RemoveProfiles removes the things identified by the provided IDs, that
// belongs to the user identified by the provided key.
RemoveProfiles(ctx context.Context, token string, ids ...string) error
// GetPubConfigByKey retrieves the thing ID and its corresponding profile config
// associated with the provided key.
GetPubConfigByKey(ctx context.Context, key ThingKey) (PubConfigInfo, error)
// GetConfigByThing returns profile config for given thing ID.
GetConfigByThing(ctx context.Context, thingID string) (map[string]any, error)
// CanUserAccessThing determines whether a user has access to a thing.
CanUserAccessThing(ctx context.Context, req UserAccessReq) error
// CanUserAccessProfile determines whether a user has access to a profile.
CanUserAccessProfile(ctx context.Context, req UserAccessReq) error
// CanUserAccessGroup determines whether a user has access to a group.
CanUserAccessGroup(ctx context.Context, req UserAccessReq) error
// CanThingAccessGroup determines whether a given thing has access to a group with a key.
CanThingAccessGroup(ctx context.Context, req ThingAccessReq) error
// CanThingCommand determines whether a given thing is allowed to send a command to another thing.
CanThingCommand(ctx context.Context, req ThingCommandReq) error
// CanThingGroupCommand determines whether a given thing may issue commands to an entire group.
CanThingGroupCommand(ctx context.Context, req ThingGroupCommandReq) error
// Identify returns thing ID for given thing key.
Identify(ctx context.Context, key ThingKey) (string, error)
// GetKeyByThingID returns a thing's key for given thing ID.
GetKeyByThingID(ctx context.Context, thingID string) (ThingKey, error)
// GetGroupIDByThing returns a thing's group ID for given thing ID.
GetGroupIDByThing(ctx context.Context, thingID string) (string, error)
// GetGroupIDByProfile returns a profile's group ID for given profile ID.
GetGroupIDByProfile(ctx context.Context, profileID string) (string, error)
// GetGroupIDsByOrg returns all group IDs belonging to an org.
GetGroupIDsByOrg(ctx context.Context, orgID string, token string) ([]string, error)
// UpdateExternalKey updates the external key of the Thing identified by `thingID`. The authenticated user must have Editor rights within the Thing's belonging Group.
UpdateExternalKey(ctx context.Context, token, key, thingID string) error
// RemoveExternalKey removes the external thing key of the Thing identified by `thingID`.
// The authenticated user must have Editor rights within the Thing's belonging Group.
RemoveExternalKey(ctx context.Context, token, thingID string) error
// Backup retrieves all things, profiles, groups, and groups memberships for all users. Only accessible by admin.
Backup(ctx context.Context, token string) (Backup, error)
// Restore adds things, profiles, groups, and groups memberships from a backup. Only accessible by admin.
Restore(ctx context.Context, token string, backup Backup) error
// GetThingIDsByProfile returns the IDs of all things associated with the given profile ID.
GetThingIDsByProfile(ctx context.Context, profileID string) ([]string, error)
Groups
GroupMemberships
}
Service specifies an API that must be fulfilled by the domain service implementation, and all of its decorators (e.g. logging & metrics).
func New ¶
func New(auth protomfx.AuthServiceClient, users protomfx.UsersServiceClient, things ThingRepository, profiles ProfileRepository, groups GroupRepository, groupMemberships GroupMembershipsRepository, pcache ProfileCache, tcache ThingCache, gcache GroupCache, idp uuid.IDProvider, emailer Emailer) Service
New instantiates the things service implementation.
type ThingAccessReq ¶ added in v0.25.0
type ThingAccessReq = domain.ThingAccessReq
Domain type aliases
type ThingCache ¶
type ThingCache interface {
// Save stores the pair (thing key, thing id).
Save(ctx context.Context, key ThingKey, thingID string) error
// ID returns thing ID for a given thing key.
ID(ctx context.Context, key ThingKey) (string, error)
// RemoveThing removes thing from cache.
RemoveThing(context.Context, string) error
// RemoveKey removes a specific thing key from the cache.
RemoveKey(ctx context.Context, key ThingKey) error
// SaveGroup stores group ID by given thing ID.
SaveGroup(context.Context, string, string) error
// ViewGroup returns group ID by given thing ID.
ViewGroup(context.Context, string) (string, error)
// RemoveGroup removes group ID by given thing ID.
RemoveGroup(context.Context, string) error
// SaveType stores thing type by given thing ID.
SaveType(context.Context, string, string) error
// ViewType returns thing type by given thing ID.
ViewType(context.Context, string) (string, error)
// RemoveType removes thing type by given thing ID.
RemoveType(context.Context, string) error
}
ThingCache contains thing caching interface.
type ThingCommandReq ¶ added in v0.39.0
type ThingCommandReq = domain.ThingCommandReq
Domain type aliases
type ThingGroupCommandReq ¶ added in v0.39.0
type ThingGroupCommandReq = domain.ThingGroupCommandReq
Domain type aliases
type ThingRepository ¶
type ThingRepository interface {
// Save persists multiple things. Things are saved using a transaction. If one thing
// fails then none will be saved. Successful operation is indicated by non-nil
// error response.
Save(ctx context.Context, ths ...Thing) ([]Thing, error)
// Update performs an update to the existing thing. A non-nil error is
// returned to indicate operation failure.
Update(ctx context.Context, t Thing) error
// UpdateGroupAndProfile performs a an update of an existing Thing's Profile and/or Group. A non-nil error is
// returned to indicate operation failure.
UpdateGroupAndProfile(ctx context.Context, t Thing) error
// RetrieveByID retrieves the thing having the provided identifier, that is owned
// by the specified user.
RetrieveByID(ctx context.Context, id string) (Thing, error)
// RetrieveByKey returns thing ID for given thing key based on its type.
RetrieveByKey(ctx context.Context, key ThingKey) (string, error)
// RetrieveByGroups retrieves the subset of things specified by given group ids.
RetrieveByGroups(ctx context.Context, groupIDs []string, pm PageMetadata) (ThingsPage, error)
// RetrieveByProfile retrieves the subset of things assigned to the specified profile.
RetrieveByProfile(ctx context.Context, prID string, pm PageMetadata) (ThingsPage, error)
// Remove removes the things having the provided identifiers, that is owned
// by the specified user.
Remove(ctx context.Context, ids ...string) error
// BackupAll retrieves all things for all users.
BackupAll(ctx context.Context) ([]Thing, error)
// RetrieveAll retrieves all things for all users with pagination.
RetrieveAll(ctx context.Context, pm PageMetadata) (ThingsPage, error)
// UpdateExternalKey sets/updates the external key of the Thing identified by `thingID`.
UpdateExternalKey(ctx context.Context, key, thingID string) error
// RemoveExternalKey removes an external key from the thing identified by `thingID`.
RemoveExternalKey(ctx context.Context, thingID string) error
}
ThingRepository specifies a thing persistence API.
Source Files
¶
Directories
¶
| Path | Synopsis |
|---|---|
|
Package api contains API-related concerns: endpoint definitions, middlewares and all resource representations.
|
Package api contains API-related concerns: endpoint definitions, middlewares and all resource representations. |
|
grpc
Package grpc contains implementation of things service gRPC API.
|
Package grpc contains implementation of things service gRPC API. |
|
http
Package http contains implementation of things service HTTP API.
|
Package http contains implementation of things service HTTP API. |
|
Package postgres contains repository implementations using PostgreSQL as the underlying database.
|
Package postgres contains repository implementations using PostgreSQL as the underlying database. |
|
Package redis contains cache implementations using Redis as the underlying database.
|
Package redis contains cache implementations using Redis as the underlying database. |
|
Package standalone contains implementation for auth service in single-user scenario.
|
Package standalone contains implementation for auth service in single-user scenario. |
|
Package tracing contains middlewares that will add spans to existing traces.
|
Package tracing contains middlewares that will add spans to existing traces. |
Click to show internal directories.
Click to hide internal directories.