iauth

package
v0.0.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 19, 2021 License: Apache-2.0 Imports: 9 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	RoleNameAdmin   = "admin"
	RoleNameProduct = "product"
	RoleNameInner   = "inner"
)
View Source 
const (
	AuthTypePassword   = "Password"
	AuthTypeSessionKey = "Session"
	AuthTypeSkip       = "Skip"
)

Variables

View Source 
var (
	FA  = NewFeatureAuthorizer
	FAP = NewFeatureAuthorizerWithFactoryWithProduct
)
View Source 
var AllowRoles = map[string]bool{
	RoleNameAdmin:   true,
	RoleNameProduct: true,
	RoleNameInner:   true,
}
View Source 
var Authenticators = map[string]func(ctx context.Context, param *AuthenticateParam, manager *AuthenticateManager) (*User, error){
	AuthTypePassword: authTypePassword,

	AuthTypeSessionKey: func(ctx context.Context, param *AuthenticateParam, manager *AuthenticateManager) (user *User, err error) {
		user, err = manager.storager.FetchUser(ctx, &UserFilter{
			SessionKey: &param.Identify,
		})
		if err != nil {
			return nil, err
		}

		if user == nil {
			return nil, xerror.WrapAuthenticateFailErrorWithMsg("Session Key Wrong")
		}

		if user.SessionCreateAt.AddDate(0, 0, stateful.DefaultConfig.RunTime.SessionExpireDay).Before(time.Now()) {
			return nil, xerror.WrapAuthenticateFailErrorWithMsg("Session Key Expired")
		}

		return user, nil
	},

	AuthTypeSkip: func(ctx context.Context, param *AuthenticateParam, manager *AuthenticateManager) (user *User, err error) {
		if !stateful.DefaultConfig.RunTime.SkipTokenValidate {
			return nil, xerror.WrapAuthenticateFailErrorWithMsg("Bad Authorization Flag")
		}

		return newFakeUser(&Role{
			Name: param.Identify,
		}), nil
	},
}
View Source 
var RoleInner = &Role{
	Name: RoleNameInner,
}

Functions

func Authorizate 

func Authorizate(ctx context.Context, authoriztor Authorizer, user *User) (ok bool, err error)

func Grant 

func Grant(ctx context.Context, authoriztor Authorizer, user *User) (err error)

func NewUserContext 

func NewUserContext(ctx context.Context, user *User) context.Context

func Revoke 

func Revoke(ctx context.Context, authoriztor Authorizer, user *User) (err error)

Types

type Action 

type Action int64
const (
	ActionDeny    Action = 1 << iota // 000001
	ActionRead                       // 000010
	ActionReadAll                    // 000010
	ActionUpdate                     // 000100
	ActionCreate                     // 001000
	ActionDelete                     // 010000
	ActionExport                     // 100000
)

func (Action) Grant 

func (a Action) Grant(b Action) Action

func (Action) IsAllowed 

func (a Action) IsAllowed(b Action) bool

func (Action) Revoke 

func (a Action) Revoke(b Action) Action

type AuthenticateManager 

type AuthenticateManager struct {
	// contains filtered or unexported fields
}

func NewAuthenticateManager 

func NewAuthenticateManager(txn itxn.TxnStorager, storager AuthenticateStorager) *AuthenticateManager

func (*AuthenticateManager) Authenticate 

func (m *AuthenticateManager) Authenticate(ctx context.Context, param *AuthenticateParam) (user *User, err error)

func (*AuthenticateManager) CreateInnerUser 

func (m *AuthenticateManager) CreateInnerUser(ctx context.Context) (user *User, err error)

func (*AuthenticateManager) CreateUser 

func (m *AuthenticateManager) CreateUser(ctx context.Context, param *UserParam) (err error)

func (*AuthenticateManager) DeleteUser 

func (m *AuthenticateManager) DeleteUser(ctx context.Context, userName string) (err error)

func (*AuthenticateManager) DestroySessionKey 

func (m *AuthenticateManager) DestroySessionKey(ctx context.Context, sessionKey string) (err error)

func (*AuthenticateManager) FetchInnerUserList 

func (m *AuthenticateManager) FetchInnerUserList(ctx context.Context) (users []*User, err error)

func (*AuthenticateManager) FetchNormalUserList 

func (m *AuthenticateManager) FetchNormalUserList(ctx context.Context, param *UserParam) (users []*User, err error)

func (*AuthenticateManager) FetchUser 

func (m *AuthenticateManager) FetchUser(ctx context.Context, userName string) (user *User, err error)

func (*AuthenticateManager) UpdateUserPassword 

func (m *AuthenticateManager) UpdateUserPassword(ctx context.Context, pcd *PasswordChangeData) (err error)

type AuthenticateParam 

type AuthenticateParam struct {
	Type     string
	Identify string
	Extend   string
}

type AuthenticateStorager 

type AuthenticateStorager interface {
	FetchUserList(ctx context.Context, param *UserFilter) ([]*User, error)
	FetchUser(ctx context.Context, param *UserFilter) (*User, error)
	UpdateUser(ctx context.Context, user *User, param *UserParam) error
	CreateUser(ctx context.Context, param *UserParam) error
	DeleteUser(ctx context.Context, user *User) error
}

type Authorizer 

type Authorizer interface {
	Authorizate(context.Context, *User) (bool, error)
	Grant(context.Context, *User) error
	Revoke(context.Context, *User) error
}

type Feature 

type Feature string
const (
	// global resource
	FeatureProxyPool  Feature = "ProxyPool"
	FeatureBFECluster Feature = "BFECluster"
	FeatureBFEPool    Feature = "BFEPool"
	FeatureArea       Feature = "Area"
	FeatureDomain     Feature = "Domain"
	FeatureProduct    Feature = "Product"
	FeatureExtraFile  Feature = "ExtraFile"

	// product resource
	FeatureProductPool       Feature = "ProductPool"
	FeatureRoute             Feature = "Route"
	FeatureSubCluster        Feature = "SubCluster"
	FeatureProductCluster    Feature = "ProductCluster"
	FeatureTraffic           Feature = "Traffic"
	FeatureCert              Feature = "Cert"
	FeatureActiveHealthCheck Feature = "ActiveHealthCheck"

	// product resource, module
	FeatureModHeader  Feature = "mod.header"
	FeatureModRewrite Feature = "mod.rewrite"

	// auth
	FeatureProductUser Feature = "AuthProductUser"
	FeatureUser        Feature = "User"

	// nlb resource
	FeatureNLBPool    Feature = "NLBPool"
	FeatureNLBCluster Feature = "NLBCluster"
)

type FeatureAuthorizer 

type FeatureAuthorizer struct {
	Feature Feature
	Action  Action
}

func NewFeatureAuthorizer 

func NewFeatureAuthorizer(f Feature, a Action) *FeatureAuthorizer

func (*FeatureAuthorizer) Authorizate 

func (pa *FeatureAuthorizer) Authorizate(ctx context.Context, user *User) (bool, error)

func (*FeatureAuthorizer) Grant 

func (pa *FeatureAuthorizer) Grant(ctx context.Context, user *User) error

func (*FeatureAuthorizer) Revoke 

func (pa *FeatureAuthorizer) Revoke(ctx context.Context, user *User) error

type MultiAuthorizer 

type MultiAuthorizer struct {
	// contains filtered or unexported fields
}

func NewFeatureAuthorizerWithFactoryWithProduct 

func NewFeatureAuthorizerWithFactoryWithProduct(f Feature, a Action) *MultiAuthorizer

func NewMultiAuthorizer 

func NewMultiAuthorizer(as []Authorizer, op Op) *MultiAuthorizer

func NewMultiAuthorizerWithFactory 

func NewMultiAuthorizerWithFactory(asFactories []func() Authorizer, op Op) *MultiAuthorizer

func (*MultiAuthorizer) Authorizate 

func (a *MultiAuthorizer) Authorizate(ctx context.Context, user *User) (ok bool, err error)

func (*MultiAuthorizer) Grant 

func (a *MultiAuthorizer) Grant(ctx context.Context, user *User) (err error)

func (*MultiAuthorizer) Revoke 

func (a *MultiAuthorizer) Revoke(ctx context.Context, user *User) (err error)

type Op 

type Op string
const (
	OpAnd Op = "&&"
)

type PasswordChangeData 

type PasswordChangeData struct {
	UserName    string
	OldPassword string
	Password    string
}

type ProductAuthorizateManager 

type ProductAuthorizateManager struct {
	// contains filtered or unexported fields
}
var DefaultProductAuthorizateManager *ProductAuthorizateManager

func NewProductAuthorizateManager 

func NewProductAuthorizateManager(storager ProductAuthorizateStorager) *ProductAuthorizateManager

func (*ProductAuthorizateManager) Authorizate 

func (pa *ProductAuthorizateManager) Authorizate(ctx context.Context, user *User) (bool, error)

func (*ProductAuthorizateManager) FetchProducts 

func (pa *ProductAuthorizateManager) FetchProducts(ctx context.Context, user *User) ([]int64, error)

func (*ProductAuthorizateManager) Grant 

func (pa *ProductAuthorizateManager) Grant(ctx context.Context, user *User) error

func (*ProductAuthorizateManager) GrantedUsers 

func (pa *ProductAuthorizateManager) GrantedUsers(ctx context.Context) ([]*User, error)

func (*ProductAuthorizateManager) Revoke 

func (pa *ProductAuthorizateManager) Revoke(ctx context.Context, user *User) error

type ProductAuthorizateStorager 

type ProductAuthorizateStorager interface {
	FetchGrantedUsers(context.Context, *ibasic.Product) ([]*User, error)
	FetchUser(context.Context, *ibasic.Product, *User) (*User, error)
	FetchProducts(context.Context, *User) ([]int64, error)
	Grant(context.Context, *ibasic.Product, *User) error
	Revoke(context.Context, *ibasic.Product, *User) error
}

type Role 

type Role struct {
	Name string
}

func RoleList 

func RoleList(rs []string) ([]*Role, error)

type User 

type User struct {
	ID              int64
	Name            string
	Password        string
	SessionKey      string
	SessionCreateAt time.Time

	Roles []*Role
}

func MustGetUser 

func MustGetUser(ctx context.Context) (*User, error)

func (*User) IsAdmin 

func (u *User) IsAdmin() bool

func (*User) IsInner 

func (u *User) IsInner() bool

type UserFilter 

type UserFilter struct {
	Name       *string
	SessionKey *string
}

type UserParam 

type UserParam struct {
	Name            *string
	SessionKey      *string
	Password        *string
	Roles           []*Role
	SessionCreateAt *time.Time
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.