The highest tagged major version is
Documentation
¶
Index ¶
- Constants
- Variables
- func ClientStreamInterceptor(token string) ...
- func ClientUnaryInterceptor(token string) ...
- func ComparePasswords(hashedPassword []byte, plainPassword []byte) error
- func DecodeBase64Password(passwordBase64 string) (string, error)
- func DropTokenKeys(username string) bool
- func DropTokenKeysForCtx(ctx context.Context) (bool, error)
- func GenerateToken(user User) (string, error)
- func HashAndSaltPassword(plainPassword string) ([]byte, error)
- func IsStrongPassword(password string) error
- func ServerStreamInterceptor(srv interface{}, ss grpc.ServerStream, info *grpc.StreamServerInfo, ...) error
- func ServerUnaryInterceptor(ctx context.Context, req interface{}, info *grpc.UnaryServerInfo, ...) (interface{}, error)
- type JSONToken
- type Kind
- type TokenAuth
- type User
- type WrappedClientStream
- type WrappedServerStream
Constants ¶
const ( PermissionNone = iota PermissionR PermissionW PermissionRW )
Non-admin permissions
const PermissionAdmin = 255
PermissionAdmin the admin permission byte
Variables ¶
var AdminDefaultPassword = "immu"
AdminDefaultPassword the default admin password
var AdminPassword = AdminDefaultPassword
AdminPassword the admin password (can be default or from command flags, config or env var)
var AdminUsername = "immu"
AdminUsername the admin username
var AuthEnabled bool
AuthEnabled toggles authentication on or off
var DevMode bool
DevMode if set to true, remote client commands (except admin ones) will be accepted even if auth is off
var IsValidUsername = regexp.MustCompile(`^[a-zA-Z0-9_]+$`).MatchString
IsValidUsername is a regexp function used to check username requirements
var PasswordRequirementsMsg = fmt.Sprintf(
"password must have between %d and %d letters, digits and special characters "+
"of which at least 1 uppercase letter, 1 digit and 1 special character",
minPasswordLen,
maxPasswordLen,
)
PasswordRequirementsMsg message used to inform the user about password strength requirements
var UpdateMetrics func(context.Context)
UpdateMetrics callback which will be called to update metrics
var WarnDefaultAdminPassword = "admin user has the default password: please change it to ensure proper security"
WarnDefaultAdminPassword warning user message for the case when admin uses the default password
Functions ¶
func ClientStreamInterceptor ¶
func ClientStreamInterceptor(token string) func(context.Context, *grpc.StreamDesc, *grpc.ClientConn, string, grpc.Streamer, ...grpc.CallOption) (grpc.ClientStream, error)
ClientStreamInterceptor gRPC client interceptor for streams
func ClientUnaryInterceptor ¶
func ClientUnaryInterceptor(token string) func(context.Context, string, interface{}, interface{}, *grpc.ClientConn, grpc.UnaryInvoker, ...grpc.CallOption) error
ClientUnaryInterceptor gRPC client interceptor for unary methods
func ComparePasswords ¶
ComparePasswords compares the provided plainPassword against the provided hashed password
func DecodeBase64Password ¶ added in v0.6.2
DecodeBase64Password decodes the provided base64-encoded password if it has the "enc:" prefix or returns it with leading and trailing space trimmed otherwise
func DropTokenKeys ¶
DropTokenKeys removes the token keys from the cache, hence invalidating any token that was generated with those keys
func DropTokenKeysForCtx ¶ added in v0.6.1
DropTokenKeysForCtx removes the token keys from the cache for the username of the token that resides in the provided context
func HashAndSaltPassword ¶
HashAndSaltPassword hashes and salts the provided password
func IsStrongPassword ¶
IsStrongPassword checks if the provided password meets the strength requirements
func ServerStreamInterceptor ¶
func ServerStreamInterceptor(srv interface{}, ss grpc.ServerStream, info *grpc.StreamServerInfo, handler grpc.StreamHandler) error
ServerStreamInterceptor gRPC server interceptor for streams
func ServerUnaryInterceptor ¶
func ServerUnaryInterceptor(ctx context.Context, req interface{}, info *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (interface{}, error)
ServerUnaryInterceptor gRPC server interceptor for unary methods
Types ¶
type TokenAuth ¶
type TokenAuth struct {
Token string
}
TokenAuth authentication token data structure
func (TokenAuth) GetRequestMetadata ¶
GetRequestMetadata callback which returns the Bearer token to be set in request metadata
func (TokenAuth) RequireTransportSecurity ¶
RequireTransportSecurity callback which returns whether TLS is mandatory or not
type User ¶
type User struct {
Username string `json:"username"`
HashedPassword []byte `json:"-"`
Permissions byte `json:"permissions"`
}
User ...
func (*User) ComparePasswords ¶
ComparePasswords ...
type WrappedClientStream ¶
type WrappedClientStream struct {
grpc.ClientStream
}
WrappedClientStream ...
func (*WrappedClientStream) RecvMsg ¶
func (w *WrappedClientStream) RecvMsg(m interface{}) error
RecvMsg ...
func (*WrappedClientStream) SendMsg ¶
func (w *WrappedClientStream) SendMsg(m interface{}) error
SendMsg ...
type WrappedServerStream ¶
type WrappedServerStream struct {
grpc.ServerStream
}
WrappedServerStream ...
func (*WrappedServerStream) RecvMsg ¶
func (w *WrappedServerStream) RecvMsg(m interface{}) error
RecvMsg ...
func (*WrappedServerStream) SendMsg ¶
func (w *WrappedServerStream) SendMsg(m interface{}) error
SendMsg ...
Source Files