auth

package
v0.1.13 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 28, 2021 License: MIT Imports: 5 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	ErrAffiliationNameEmpty           = errors.New("auth: affiliation name is empty")
	ErrAffiliationOwnerUserIDEmpty    = errors.New("auth: affiliation owner user id is empty")
	ErrAffiliationSharedWalletIDEmpty = errors.New("auth: affiliation shared wallet id is empty")
	ErrAffiliationStreetAddressEmpty  = errors.New("auth: affiliation street address is empty")
	ErrAffiliationCityEmpty           = errors.New("auth: affiliation city is empty")
	ErrAffiliationStateEmpty          = errors.New("auth: affiliation state is empty")
	ErrAffiliationCountryISOEmpty     = errors.New("auth: affiliation country iso is empty")
	ErrAffiliationZipCodeEmpty        = errors.New("auth: affiliation zip code is empty")
	ErrAffiliationContactEmailEmpty   = errors.New("auth: affiliation contact email is empty")
)
View Source 
var (
	ErrMFAInstanceUnknown = errors.New("auth: Unknown MFA instance")
)

*************** Aggregator ***************

Functions

func AnyMFARegistered added in v0.1.9 

func AnyMFARegistered(userID uint64) bool

func CheckoutMFA 

func CheckoutMFA(userID uint64, extentionType string) (string, error)

Read

func ClearMFA 

func ClearMFA(userID uint64, extentionType string) error

Delete

func ConfirmMFA 

func ConfirmMFA(userID uint64, extentionType string) error

Update

func CreateAffiliation 

func CreateAffiliation(affiliation *Affiliation) error

func DeleteTmpEntry 

func DeleteTmpEntry(userID uint64, extentionType, indexKey string) error

Delete

func EnabledMFA 

func EnabledMFA(userID uint64) ([]string, error)

func InitMFA 

func InitMFA(userID uint64, extentionType, extentionData string) error

Create

func InsertTmpEntry 

func InsertTmpEntry(userID uint64, extentionType, indexKey, storedValue string) error

*********** Temporary Database *********** Create

func ListUserID added in v0.1.7 

func ListUserID() ([]uint64, error)

func ListUserIDByAffiliationID added in v0.1.7 

func ListUserIDByAffiliationID(affiliationID uint64) ([]uint64, error)

func MFACompleteSignUp added in v0.1.7 

func MFACompleteSignUp(MFAType string, userID uint64, mfaConf map[string]string) error

func MFAEnabled 

func MFAEnabled(userID uint64, extentionType string) (bool, error)

Read

func MFAInitSignUp added in v0.1.8 

func MFAInitSignUp(MFAType string, userID uint64, username string) (map[string]interface{}, error)

func MFANewChallenge added in v0.1.7 

func MFANewChallenge(MFAType string, userID uint64) (map[string]interface{}, error)

func MFARegistered added in v0.1.7 

func MFARegistered(MFAType string, userID uint64) bool

func MFARemove added in v0.1.7 

func MFARemove(MFAType string, userID uint64) error

func MFASubmitChallenge added in v0.1.7 

func MFASubmitChallenge(MFAType string, userID uint64, challengeResponse map[string]string) error

func PurgeExpiredTmpEntry added in v0.1.6 

func PurgeExpiredTmpEntry() error

func ReadTmpEntry 

func ReadTmpEntry(userID uint64, extentionType, indexKey string) (string, error)

Read

func RegMFAInstance added in v0.1.7 

func RegMFAInstance(MFAType string, instance MultiFactorAuthentication)

func Setup 

func Setup(dbConn *sql.DB, tblPrefixOverride string)

func UpdateMFA 

func UpdateMFA(userID uint64, extentionType, extentionData string) error

Update

func UpdateTmpEntry 

func UpdateTmpEntry(userID uint64, extentionType, indexKey, storedValue string) error

Update

Types

type Affiliation 

type Affiliation struct {
	Name           string
	ParentID       uint64
	OwnerUserID    uint64 // must be a valid user id with a wallet (to be shared among users with permission)
	SharedWalletID uint64 // must be a valid wallet id
	StreetAddress  string
	Suite          string
	City           string
	State          string
	CountryISO     string
	ZipCode        string
	ContactEmail   string
	// contains filtered or unexported fields
}

func GetAffiliationByID 

func GetAffiliationByID(id uint64) (*Affiliation, error)

func (*Affiliation) ParentAffiliation added in v0.1.7 

func (affiliation *Affiliation) ParentAffiliation() (*Affiliation, error)

func (*Affiliation) UpdateAffiliation 

func (affiliation *Affiliation) UpdateAffiliation() error

type MultiFactorAuthentication 

type MultiFactorAuthentication interface {
	Registered(userID uint64) bool

	// Register associate a MFA credential to user
	InitSignUp(userID uint64, username string) (map[string]interface{}, error)
	CompleteSignUp(userID uint64, mfaConf map[string]string) error

	// Challenge is called when user try to verify identity using the selected MFA.
	NewChallenge(userID uint64) (map[string]interface{}, error)
	SubmitChallenge(userID uint64, challengeResponse map[string]string) error

	// Remove the MFA credential from the database
	Remove(userID uint64) error
}

*************** Interface ***************

type Role 

type Role uint32
const (
	ROLELESS Role = 0

	/************ Global Role ************/
	GLOBAL_EVALUATION_USER Role = 1 << (iota - 1) // EVALUATION_USER is a global role. In principle it is mutual exclusive against PRODUCTION_USER.
	GLOBAL_PRODUCTION_USER                        // PRODUCTION_USER is a global role. In principle it is mutual exclusive against EVALUATION_USER.
	GLOBAL_INTERNAL_USER                          // INTERNAL_USER may order products free of charge
	GLOBAL_ADMIN                                  // ADMIN owns all access to management interface

	/************ Exemptional Role ************/
	EXEMPT_MARKETING_CONTACT // User won't be contacted for marketing purposes
	EXEMPT_BILLING_CONTACT   // User won't be notified for billing updates
	EXEMPT_SUPPORT_CONTACT   // User won't be notified for supporting case updates

	/************ Affiliation Role ************/
	// Affiliations (enterprises) may purchase products and set them
	// to be shared by users
	AFFILIATION_ACCOUNT_USER  // ACCOUNT_USER is a user belong to an enterprise
	AFFILIATION_ACCOUNT_ADMIN // ACCOUNT_ADMIN may create users and manage users (assigning roles, etc)

	AFFILIATION_PRODUCT_USER  // PRODUCT_USER may only view(and use) products
	AFFILIATION_PRODUCT_ADMIN // PRODUCT_ADMIN may create and edit shared products

	AFFILIATION_BILLING_USER  // BILLING_USER may purchase products with Affiliation-owned wallet
	AFFILIATION_BILLING_ADMIN // BILLING_ADMIN may deposit funds into Affiliation-owned wallet and view/manage associated products
)

Known roles as unambiguous binary flags allowing cascading

func Roles 

func Roles(roles ...Role) Role

Roles() merge input roles into one single role. repeated entry will be ignored.

func (Role) AddRole 

func (r Role) AddRole(role Role) Role

AddRole() add a role to the current role. repeated entry will be ignored.

func (Role) Includes 

func (r Role) Includes(other Role) bool

Includes() checks if the input role is included in current role.

func (Role) RemoveRole 

func (r Role) RemoveRole(role Role) Role

RemoveRole() remove a role from the current role.

type User 

type User struct {
	Email         string `json:"email"`
	PublicKey     string `json:"public_key"` // ed25519.PublicKey in BASE64 representation
	Role          Role   `json:"role"`
	AffiliationID uint64 `json:"affiliation"`
	// contains filtered or unexported fields
}

func GetUserByEmail added in v0.1.13 

func GetUserByEmail(email string) (*User, error)

GetUserByEmail should be called for user login return nil, err when error/mismatch

func GetUserByID 

func GetUserByID(id uint64) (*User, error)

GetUserByID should be called only after the user has been authenticated (Token validated)

func GetUsersByAffiliationID 

func GetUsersByAffiliationID(affiliationID uint64) ([]*User, error)

func (*User) Create added in v0.1.7 

func (user *User) Create() error

CreateUser should be called when registering a new user

func (*User) CreateInfo added in v0.1.7 

func (user *User) CreateInfo(info *UserInfo) error

func (*User) EmailExists added in v0.1.7 

func (user *User) EmailExists() (bool, error)

UserEmailExists should be called before submitting user creation form.

func (*User) ID added in v0.1.3 

func (user *User) ID() uint64

func (*User) Info 

func (user *User) Info() (*UserInfo, error)

func (*User) Update added in v0.1.7 

func (user *User) Update() error

UpdateUser

func (*User) UpdateInfo 

func (user *User) UpdateInfo(info *UserInfo) error

func (*User) Verify added in v0.1.13 

func (user *User) Verify(msg, signature string) error

func (*User) Wipe added in v0.1.7 

func (user *User) Wipe() error

Wipe User Data

type UserInfo 

type UserInfo struct {
	// Personal Info - Mandatory
	FirstName string `json:"first_name"` // Preferred First Name
	LastName  string `json:"last_name"`  // Preferred Last Name

	// Billing Info - Optional
	StreetAddress string `json:"street_address"`
	Suite         string `json:"suite"`
	City          string `json:"city"`
	State         string `json:"state"`
	CountryISO    string `json:"country_iso"`
	ZipCode       string `json:"zip_code"`
}

Source Files

View all Source files

Directories

Path Synopsis
examples
totp command
webauthn command
mfa
totp
webauthn

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.