security

package

v0.1.2 Latest Latest Go to latest Published: Feb 6, 2025 License: Apache-2.0 Imports: 14 Imported by: 0

Documentation ¶

Index ¶

Constants
Variables
type AuthenticationDB
- func CreateDefaultAuthDB(cost int) AuthenticationDB
type AuthenticatorAPI
- func NewAuthenticator(opt *Settings, log logging.Logger) AuthenticatorAPI
type Settings
type User

Constants ¶

const (

	// AuthHeaderKey helps to obtain authorization header matching the field in a request
	AuthHeaderKey = "authorization"
)

Variables ¶

View Source

var (
	ErrPermissionDenied          = errors.New("auth: permission denied")
	ErrInvalidAuthToken          = errors.New("auth: invalid auth token")
	ErrInvalidUsernameOrPassword = errors.New("auth: invalid username or password")
)

Functions ¶

This section is empty.

Types ¶

type AuthenticationDB ¶

type AuthenticationDB interface {
	// AddUser adds new user with name, password and permission groups. Password should be already hashed.
	AddUser(name, password string, permissions []string) error
	// GetUser returns user data according to name, or nil of not found
	GetUser(name string) (*User, error)
	// Authenticate authenticates user with password.
	Authenticate(name, password string) error
	// SetLoginTime writes last login time for specific user
	SetLoginTime(name string)
	// SetLogoutTime writes last logout time for specific user
	SetLogoutTime(name string)
	// IsLoggedOut uses login/logout timestamps to evaluate whether the user was logged out
	IsLoggedOut(name string) (bool, error)
}

AuthenticationDB is common interface to access user database/permissions

func CreateDefaultAuthDB ¶

func CreateDefaultAuthDB(cost int) AuthenticationDB

CreateDefaultAuthDB builds new default storage

type AuthenticatorAPI ¶

type AuthenticatorAPI interface {
	// RegisterHandlers registers authenticator handlers to router.
	RegisterHandlers(router *mux.Router)

	// AddPermissionGroup adds new permission group. PG is defined by name and
	// a set of URL keys. User with permission group enabled has access to that
	// set of keys. PGs with duplicated names are skipped.
	AddPermissionGroup(group ...*access.PermissionGroup)

	// Validate provides middleware used while registering new HTTP handler.
	// For every request, token and permission group is validated.
	Validate(h http.Handler) http.Handler

	// AuthorizeRequest tries to authorize user from request.
	AuthorizeRequest(r *http.Request) (user string, err error)

	// IsPermitted checks if user is permitted to access URL from request.
	IsPermitted(user string, r *http.Request) error
}

AuthenticatorAPI provides methods for handling permissions

func NewAuthenticator ¶

func NewAuthenticator(opt *Settings, log logging.Logger) AuthenticatorAPI

NewAuthenticator prepares new instance of authenticator.

type Settings ¶

type Settings struct {
	// Router
	Router *mux.Router
	// Authentication database, default implementation is used if not set
	AuthStore AuthenticationDB
	// List of registered users
	Users []access.User
	// Expiration time (token claim). If not set, default value of 1 hour will be used.
	ExpTime time.Duration
	// Cost value used to hash user passwords
	Cost int
	// Custom token sign key. If not set, default value will be used.
	SignKey string
}

Settings defines fields required to instantiate authenticator

type User ¶

type User struct {
	access.User
	// contains filtered or unexported fields
}

User stores credentials, permissions and tracks last login/logout

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
model
access-security
password-hasher

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL