Documentation
¶
Index ¶
- Constants
- func SameAccess(acc1, acc2 EnvAccess) bool
- type AccessLevel
- type AdminUser
- type EnvAccess
- type TokenClaims
- type UserAccess
- type UserManager
- func (m *UserManager) All() ([]AdminUser, error)
- func (m *UserManager) AllNonService() ([]AdminUser, error)
- func (m *UserManager) AllService() ([]AdminUser, error)
- func (m *UserManager) ChangeAccess(username, environment string, access EnvAccess) error
- func (m *UserManager) ChangeAdmin(username string, admin bool) error
- func (m *UserManager) ChangeEmail(username, email string) error
- func (m *UserManager) ChangeFullname(username, fullname string) error
- func (m *UserManager) ChangePassword(username, password string) error
- func (m *UserManager) ChangePermission(username, environment string, perm UserPermission) error
- func (m *UserManager) ChangePermissions(username, environment string, permissions []UserPermission) error
- func (m *UserManager) ChangeService(username string, service bool) error
- func (m *UserManager) CheckLoginCredentials(username, password string) (bool, AdminUser)
- func (m *UserManager) CheckPermissions(username string, level AccessLevel, environment string) bool
- func (m *UserManager) CheckToken(jwtSecret, tokenStr string) (TokenClaims, bool)
- func (m *UserManager) Create(user AdminUser) error
- func (m *UserManager) CreatePermission(permission UserPermission) error
- func (m *UserManager) CreatePermissions(permissions []UserPermission) error
- func (m *UserManager) CreateToken(username, issuer string, expHours int) (string, time.Time, error)
- func (m *UserManager) Delete(username string) error
- func (m *UserManager) DeleteAllPermissions(username string) error
- func (m *UserManager) DeleteEnvPermissions(username, environment string) error
- func (m *UserManager) Exists(username string) bool
- func (m *UserManager) ExistsGet(username string) (bool, AdminUser)
- func (m *UserManager) GenEnvUserAccess(envs []string, user, query, carve, admin bool) UserAccess
- func (m *UserManager) GenPermissions(username, granted string, access UserAccess) []UserPermission
- func (m *UserManager) GenUserAccess(env environments.TLSEnvironment, envAccess EnvAccess) UserAccess
- func (m *UserManager) GenUserPermission(username, granted, env string, aType int, aValue bool) UserPermission
- func (m *UserManager) GenericAllService(service bool) ([]AdminUser, error)
- func (m *UserManager) Get(username string) (AdminUser, error)
- func (m *UserManager) GetAccess(username string) (UserAccess, error)
- func (m *UserManager) GetAllPermissions(username string) ([]UserPermission, error)
- func (m *UserManager) GetByEnvID(username string, envID uint) (AdminUser, error)
- func (m *UserManager) GetEnvAccess(username, env string) (EnvAccess, error)
- func (m *UserManager) GetEnvPermissions(username, environment string) ([]UserPermission, error)
- func (m *UserManager) GetPermission(username, environment string, aType AccessLevel) (UserPermission, error)
- func (m *UserManager) GetWithService(username string, service bool) (AdminUser, error)
- func (m *UserManager) GetWithServiceByEnvID(username string, service bool, envID uint) (AdminUser, error)
- func (m *UserManager) HashPasswordWithSalt(password string) (string, error)
- func (m *UserManager) HashTextWithSalt(text string) (string, error)
- func (m *UserManager) IsAdmin(username string) bool
- func (m *UserManager) New(username, password, email, fullname string, admin, service bool) (AdminUser, error)
- func (m *UserManager) SetEnvAdmin(username, environment string, admin bool) error
- func (m *UserManager) SetEnvCarve(username, environment string, carve bool) error
- func (m *UserManager) SetEnvLevel(username, environment string, level AccessLevel, value bool) error
- func (m *UserManager) SetEnvQuery(username, environment string, query bool) error
- func (m *UserManager) SetEnvUser(username, environment string, user bool) error
- func (m *UserManager) UpdateMetadata(ipaddress, useragent, username, csrftoken string) error
- func (m *UserManager) UpdateToken(username, token string, exp time.Time) error
- func (m *UserManager) UpdateTokenIPAddress(ipaddress, username string) error
- type UserPermission
Constants ¶
const ( DefaultTokenIssuer = "osctrl" // ActionAdd as action to add a user ActionAdd string = "add" // ActionEdit as action to edit a user ActionEdit string = "edit" // ActionRemove as action to remove a user ActionRemove string = "remove" )
Variables ¶
This section is empty.
Functions ¶
func SameAccess ¶
Helper to compare two set of permissions
Types ¶
type AccessLevel ¶
type AccessLevel int
AccessLevel as abstraction of level of access for a user
const ( // AdminLevel for admin privileges AdminLevel AccessLevel = iota // QueryLevel for query privileges QueryLevel // CarveLevel for carve privileges CarveLevel // UserLevel for regular user privileges UserLevel // NoEnvironment to be explicit when used NoEnvironment = "" )
type AdminUser ¶
type AdminUser struct {
gorm.Model
Username string `gorm:"index"`
Email string
Fullname string
PassHash string `json:"-"`
APIToken string `json:"-"`
TokenExpire time.Time
Admin bool
Service bool
UUID string
CSRFToken string `json:"-"`
LastIPAddress string
LastUserAgent string
LastAccess time.Time
LastTokenUse time.Time
EnvironmentID uint
}
AdminUser to hold all users
type EnvAccess ¶
type EnvAccess struct {
User bool `json:"user"`
Query bool `json:"query"`
Carve bool `json:"carve"`
Admin bool `json:"admin"`
}
UserPermissions to abstract the permissions for a user
func GenEnvAccess ¶
Helper to convert received permissions into struct
type TokenClaims ¶
type TokenClaims struct {
Username string `json:"username"`
jwt.RegisteredClaims
}
TokenClaims to hold user claims when using JWT
type UserAccess ¶
UserAccess to provide an abstraction for user access between environment and permissions
type UserManager ¶
type UserManager struct {
DB *gorm.DB
JWTConfig *config.JSONConfigurationJWT
}
UserManager have all users of the system
func CreateUserManager ¶
func CreateUserManager(backend *gorm.DB, jwtconfig *config.JSONConfigurationJWT) *UserManager
CreateUserManager to initialize the users struct and tables
func (*UserManager) AllNonService ¶ added in v0.4.5
func (m *UserManager) AllNonService() ([]AdminUser, error)
AllNonService get all non-service users
func (*UserManager) AllService ¶ added in v0.4.5
func (m *UserManager) AllService() ([]AdminUser, error)
AllService get all service users
func (*UserManager) ChangeAccess ¶
func (m *UserManager) ChangeAccess(username, environment string, access EnvAccess) error
ChangeAccess for setting user access by username and environment
func (*UserManager) ChangeAdmin ¶
func (m *UserManager) ChangeAdmin(username string, admin bool) error
ChangeAdmin to modify the admin setting for a user
func (*UserManager) ChangeEmail ¶
func (m *UserManager) ChangeEmail(username, email string) error
ChangeEmail for user by username
func (*UserManager) ChangeFullname ¶
func (m *UserManager) ChangeFullname(username, fullname string) error
ChangeFullname for user by username
func (*UserManager) ChangePassword ¶
func (m *UserManager) ChangePassword(username, password string) error
ChangePassword for user by username
func (*UserManager) ChangePermission ¶
func (m *UserManager) ChangePermission(username, environment string, perm UserPermission) error
ChangePermissions for setting user permissions by username
func (*UserManager) ChangePermissions ¶
func (m *UserManager) ChangePermissions(username, environment string, permissions []UserPermission) error
ChangePermissions for setting user permissions by username
func (*UserManager) ChangeService ¶ added in v0.4.5
func (m *UserManager) ChangeService(username string, service bool) error
ChangeService to modify the service setting for a user
func (*UserManager) CheckLoginCredentials ¶
func (m *UserManager) CheckLoginCredentials(username, password string) (bool, AdminUser)
CheckLoginCredentials to check provided login credentials by matching hashes
func (*UserManager) CheckPermissions ¶
func (m *UserManager) CheckPermissions(username string, level AccessLevel, environment string) bool
CheckPermissions to verify access for a username
func (*UserManager) CheckToken ¶
func (m *UserManager) CheckToken(jwtSecret, tokenStr string) (TokenClaims, bool)
CheckToken to verify if a token used is valid
func (*UserManager) CreatePermission ¶
func (m *UserManager) CreatePermission(permission UserPermission) error
CreatePermission new permission
func (*UserManager) CreatePermissions ¶
func (m *UserManager) CreatePermissions(permissions []UserPermission) error
CreatePermissions to iterate through a slice of permissions
func (*UserManager) CreateToken ¶
CreateToken to create a new JWT token for a given user
func (*UserManager) Delete ¶
func (m *UserManager) Delete(username string) error
Delete user by username
func (*UserManager) DeleteAllPermissions ¶
func (m *UserManager) DeleteAllPermissions(username string) error
DeleteAllPermissions to delete all permissions by username
func (*UserManager) DeleteEnvPermissions ¶
func (m *UserManager) DeleteEnvPermissions(username, environment string) error
DeleteEnvPermissions to delete all permissions by username and environment
func (*UserManager) Exists ¶
func (m *UserManager) Exists(username string) bool
Exists checks if user exists
func (*UserManager) ExistsGet ¶
func (m *UserManager) ExistsGet(username string) (bool, AdminUser)
ExistsGet checks if user exists and returns the user
func (*UserManager) GenEnvUserAccess ¶
func (m *UserManager) GenEnvUserAccess(envs []string, user, query, carve, admin bool) UserAccess
GenEnvUserAccess to generate the struct with empty access
func (*UserManager) GenPermissions ¶
func (m *UserManager) GenPermissions(username, granted string, access UserAccess) []UserPermission
GenPermission to generate the struct with empty permissions FIXME this probably can be implemented in a better way
func (*UserManager) GenUserAccess ¶
func (m *UserManager) GenUserAccess(env environments.TLSEnvironment, envAccess EnvAccess) UserAccess
GenUserAccess to generate the struct with empty access
func (*UserManager) GenUserPermission ¶
func (m *UserManager) GenUserPermission(username, granted, env string, aType int, aValue bool) UserPermission
GenUserPermission Helper to generate struct
func (*UserManager) GenericAllService ¶ added in v0.4.5
func (m *UserManager) GenericAllService(service bool) ([]AdminUser, error)
GenericAllService get all users with a specific service
func (*UserManager) Get ¶
func (m *UserManager) Get(username string) (AdminUser, error)
Get user by username including service users
func (*UserManager) GetAccess ¶
func (m *UserManager) GetAccess(username string) (UserAccess, error)
GetAccess to extract all access by username
func (*UserManager) GetAllPermissions ¶
func (m *UserManager) GetAllPermissions(username string) ([]UserPermission, error)
GetAllPermissions to extract permissions by username
func (*UserManager) GetByEnvID ¶ added in v0.4.6
func (m *UserManager) GetByEnvID(username string, envID uint) (AdminUser, error)
Get user by username and by environment ID, including service users
func (*UserManager) GetEnvAccess ¶
func (m *UserManager) GetEnvAccess(username, env string) (EnvAccess, error)
GetEnvAccess to get the access for a user and a specific environment
func (*UserManager) GetEnvPermissions ¶
func (m *UserManager) GetEnvPermissions(username, environment string) ([]UserPermission, error)
GetPermissions to extract permissions by username and environment
func (*UserManager) GetPermission ¶
func (m *UserManager) GetPermission(username, environment string, aType AccessLevel) (UserPermission, error)
GetPermission to extract permission by username and environment
func (*UserManager) GetWithService ¶ added in v0.4.5
func (m *UserManager) GetWithService(username string, service bool) (AdminUser, error)
Get user by username and service
func (*UserManager) GetWithServiceByEnvID ¶ added in v0.4.6
func (m *UserManager) GetWithServiceByEnvID(username string, service bool, envID uint) (AdminUser, error)
Get user by username, service and environment ID
func (*UserManager) HashPasswordWithSalt ¶
func (m *UserManager) HashPasswordWithSalt(password string) (string, error)
HashPasswordWithSalt to hash a password before store it
func (*UserManager) HashTextWithSalt ¶
func (m *UserManager) HashTextWithSalt(text string) (string, error)
HashTextWithSalt to hash text before store it
func (*UserManager) IsAdmin ¶
func (m *UserManager) IsAdmin(username string) bool
IsAdmin checks if user is an admin
func (*UserManager) New ¶
func (m *UserManager) New(username, password, email, fullname string, admin, service bool) (AdminUser, error)
New empty user
func (*UserManager) SetEnvAdmin ¶
func (m *UserManager) SetEnvAdmin(username, environment string, admin bool) error
SetEnvAdmin to change the admin access for a user and environment
func (*UserManager) SetEnvCarve ¶
func (m *UserManager) SetEnvCarve(username, environment string, carve bool) error
SetEnvCarve to change the carve access for a user and environment
func (*UserManager) SetEnvLevel ¶
func (m *UserManager) SetEnvLevel(username, environment string, level AccessLevel, value bool) error
SetEnvLevel to change the access for a user
func (*UserManager) SetEnvQuery ¶
func (m *UserManager) SetEnvQuery(username, environment string, query bool) error
SetEnvQuery to change the query access for a user and environment
func (*UserManager) SetEnvUser ¶
func (m *UserManager) SetEnvUser(username, environment string, user bool) error
SetEnvUser to change the user access for a user and environment
func (*UserManager) UpdateMetadata ¶
func (m *UserManager) UpdateMetadata(ipaddress, useragent, username, csrftoken string) error
UpdateMetadata updates IP, User Agent and Last Access for a given user
func (*UserManager) UpdateToken ¶
func (m *UserManager) UpdateToken(username, token string, exp time.Time) error
UpdateToken for user by username
func (*UserManager) UpdateTokenIPAddress ¶
func (m *UserManager) UpdateTokenIPAddress(ipaddress, username string) error
UpdateTokenIPAddress updates IP and Last Access for a user's token
Source Files