Documentation
¶
Overview ¶
Package authz provides authorization and signature-verification helpers for the registry server (R3.1 of the registry decomposition plan).
Checker holds the admin/dashboard token configuration and exposes gate-checking methods that were previously inline on Server. Functions that need network or node data accept narrow reader interfaces rather than coupling to Server internals, keeping authz free of circular imports.
Index ¶
- func VerifyHeartbeatSignature(pubKey []byte, adminToken string, msg map[string]interface{}, challenge string) error
- func VerifyNodeSignature(pubKey []byte, adminToken string, msg map[string]interface{}, challenge string) error
- type Checker
- func (c *Checker) AdminToken() string
- func (c *Checker) CheckAdminToken(msg map[string]interface{}) bool
- func (c *Checker) DashboardToken() string
- func (c *Checker) IsEnterpriseNode(nodeID uint32, nodes NodeReader, nr NetworkReader) bool
- func (c *Checker) RequireAdminToken(msg map[string]interface{}) error
- func (c *Checker) RequireAdminTokenWith(msg map[string]interface{}, adminToken string) error
- func (c *Checker) RequireEnterprise(netID uint16, nr NetworkReader) error
- func (c *Checker) RequireNetworkRole(msg map[string]interface{}, netID uint16, nr NetworkReader, ...) error
- func (c *Checker) SetAdminToken(t string)
- func (c *Checker) SetDashboardToken(t string)
- type NetworkReader
- type NodeReader
- type Role
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func VerifyHeartbeatSignature ¶
func VerifyHeartbeatSignature(pubKey []byte, adminToken string, msg map[string]interface{}, challenge string) error
VerifyHeartbeatSignature is an alias for VerifyNodeSignature with a caller-supplied adminToken (copied before releasing a read lock). This is the variant hot-path heartbeat handlers use when they have already snapshot-copied node fields.
func VerifyNodeSignature ¶
func VerifyNodeSignature(pubKey []byte, adminToken string, msg map[string]interface{}, challenge string) error
VerifyNodeSignature verifies a registry write operation signature. pubKey is the node's stored Ed25519 public key; adminToken is a pre-copied value of the global admin token (copy it before releasing the server mutex). msg must contain a "signature" field (base64). challenge is the pre-image string that was signed.
Types ¶
type Checker ¶
type Checker struct {
// contains filtered or unexported fields
}
Checker holds token configuration and exposes authorization gate methods.
func NewChecker ¶
NewChecker returns a Checker configured with the given tokens. Either token may be empty to disable the corresponding gate.
func (*Checker) AdminToken ¶
AdminToken returns the admin token stored in this Checker. Used by callers that need to copy it before releasing a lock (e.g. Server.requireAdminToken).
func (*Checker) CheckAdminToken ¶
CheckAdminToken returns nil when msg carries a valid admin token, or a descriptive error otherwise. It is the core helper used by both RequireAdminToken and RequireAdminTokenWith.
func (*Checker) DashboardToken ¶
DashboardToken returns the dashboard token stored in this Checker.
func (*Checker) IsEnterpriseNode ¶
func (c *Checker) IsEnterpriseNode(nodeID uint32, nodes NodeReader, nr NetworkReader) bool
IsEnterpriseNode returns true when nodeID belongs to at least one enterprise network. Both nr (NetworkReader) and nodes (NodeReader) must not be nil.
func (*Checker) RequireAdminToken ¶
RequireAdminToken validates the "admin_token" field in msg against the stored admin token. Returns a non-nil error when the token is absent, incorrect, or the checker has no admin token configured.
The caller should copy c.AdminToken() under the server mutex before calling if concurrent updates to the token are possible.
func (*Checker) RequireAdminTokenWith ¶
RequireAdminTokenWith is like RequireAdminToken but uses the supplied pre-copied token value. Use this variant when the caller already holds a read lock and has copied the token, avoiding a second lock acquisition.
func (*Checker) RequireEnterprise ¶
func (c *Checker) RequireEnterprise(netID uint16, nr NetworkReader) error
RequireEnterprise returns nil when netID is an enterprise network, or a clear error otherwise. nr must not be nil.
func (*Checker) RequireNetworkRole ¶
func (c *Checker) RequireNetworkRole(msg map[string]interface{}, netID uint16, nr NetworkReader, allowedRoles ...Role) error
RequireNetworkRole checks whether the request is authorized to act in netID with one of allowedRoles. Authorization succeeds when any of the following holds:
- The global admin token in msg is valid.
- The per-network admin token in msg matches the network's AdminToken.
- The requesting node (identified by msg["node_id"]) has one of allowedRoles in netID according to nr.
nr must not be nil.
func (*Checker) SetAdminToken ¶
SetAdminToken replaces the admin token. Not safe for concurrent use; call only at configuration time before the server is serving requests.
func (*Checker) SetDashboardToken ¶
SetDashboardToken replaces the dashboard token.
type NetworkReader ¶
type NetworkReader interface {
// GetNetworkAdminToken returns the per-network admin token and whether
// the network exists.
GetNetworkAdminToken(netID uint16) (adminToken string, ok bool)
// GetMemberRole returns the role for nodeID in netID and whether it exists.
GetMemberRole(netID uint16, nodeID uint32) (role Role, ok bool)
// IsEnterpriseNetwork returns true when netID is an enterprise network.
IsEnterpriseNetwork(netID uint16) (enterprise bool, ok bool)
}
NetworkReader is the minimal read-only view over network state that the authorization helpers need. Server implements this directly; tests can supply a lightweight stub.
type NodeReader ¶
type NodeReader interface {
// GetNodeNetworks returns the network IDs the node belongs to and
// whether the node exists.
GetNodeNetworks(nodeID uint32) (netIDs []uint16, ok bool)
}
NodeReader is the minimal read-only view over node state that IsEnterpriseNode needs.
Source Files