identityserver

package
v3.35.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 30, 2026 License: Apache-2.0 Imports: 71 Imported by: 0

Documentation

Overview

Package identityserver handles the database operations for The Things Stack.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func GenerateAPIKey added in v3.10.6 

func GenerateAPIKey(ctx context.Context, name string, expiresAt *time.Time, rights ...ttnpb.Right) (key *ttnpb.APIKey, token string, err error)

GenerateAPIKey generates a new API key with the given name for the set of rights

func GenerateCSPString added in v3.15.2 

func GenerateCSPString(config *oauth.Config, nonce string) string

GenerateCSPString returns a Content-Security-Policy header value for OAuth and Account app template.

Types

type Config 

type Config struct {
	DatabaseURI      string `name:"database-uri" description:"Database connection URI"`
	UserRegistration struct {
		Enabled    bool `name:"enabled" description:"Enable user registration"`
		Invitation struct {
			Required bool          `name:"required" description:"Require invitations for new users"`
			TokenTTL time.Duration `name:"token-ttl" description:"TTL of user invitation tokens"`
		} `name:"invitation"`
		ContactInfoValidation struct {
			Required      bool          `name:"required" description:"Require contact info validation for new users"`
			TokenTTL      time.Duration `name:"token-ttl" description:"TTL of contact info validation tokens"`
			RetryInterval time.Duration `name:"retry-interval" description:"Minimum interval for resending contact info validation emails"` // nolint:lll
		} `name:"contact-info-validation"`
		AdminApproval struct {
			Required bool `name:"required" description:"Require admin approval for new users"`
		} `name:"admin-approval"`
		PasswordRequirements struct {
			MinLength    int  `name:"min-length" description:"Minimum password length"`
			MaxLength    int  `name:"max-length" description:"Maximum password length"`
			MinUppercase int  `name:"min-uppercase" description:"Minimum number of uppercase letters"`
			MinDigits    int  `name:"min-digits" description:"Minimum number of digits"`
			MinSpecial   int  `name:"min-special" description:"Minimum number of special characters"`
			RejectUserID bool `name:"reject-user-id" description:"Reject passwords that contain user ID"`
			RejectCommon bool `name:"reject-common" description:"Reject common passwords"`
		} `name:"password-requirements"`
	} `name:"user-registration"`
	AuthCache struct {
		MembershipTTL time.Duration `name:"membership-ttl" description:"TTL of membership caches"`
	} `name:"auth-cache"`
	OAuth          oauth.Config `name:"oauth"`
	ProfilePicture struct {
		DisableUpload bool   `name:"disable-upload" description:"Disable uploading profile pictures"`
		UseGravatar   bool   `name:"use-gravatar" description:"Use Gravatar fallback for users without profile picture"`
		Bucket        string `name:"bucket" description:"Bucket used for storing profile pictures"`
		BucketURL     string `name:"bucket-url" description:"Base URL for public bucket access"`
	} `name:"profile-picture"`
	EndDevicePicture struct {
		DisableUpload bool   `name:"disable-upload" description:"Disable uploading end device pictures"`
		Bucket        string `name:"bucket" description:"Bucket used for storing end device pictures"`
		BucketURL     string `name:"bucket-url" description:"Base URL for public bucket access"`
	} `name:"end-device-picture"`
	UserRights struct {
		CreateApplications  bool `name:"create-applications" description:"Allow non-admin users to create applications in their user account"`
		CreateClients       bool `name:"create-clients" description:"Allow non-admin users to create OAuth clients in their user account"`
		CreateGateways      bool `name:"create-gateways" description:"Allow non-admin users to create gateways in their user account"`
		CreateOrganizations bool `name:"create-organizations" description:"Allow non-admin users to create organizations in their user account"`
	} `name:"user-rights"`
	AdminRights struct {
		All bool `name:"all" description:"Grant all rights to admins, including _KEYS and _ALL"`
	} `name:"admin-rights"`
	CollaboratorRights struct {
		SetOthersAsContacts bool `name:"set-others-as-contacts" description:"Allow users to set other users as entity contacts"` // nolint:lll
	} `name:"collaborator-rights"`
	LoginTokens struct {
		Enabled  bool          `name:"enabled" description:"enable users requesting login tokens"`
		TokenTTL time.Duration `name:"token-ttl" description:"TTL of login tokens"`
	} `name:"login-tokens"`
	Email struct {
		email.Config `name:",squash"`
		Provider     string               `name:"provider" description:"Email provider to use"`
		Dir          string               `name:"dir" description:"Directory to write emails to if the dir provider is used (development only)"` // nolint:lll
		SendGrid     sendgrid.Config      `name:"sendgrid"`
		SMTP         smtp.Config          `name:"smtp"`
		Templates    emailTemplatesConfig `name:"templates"`
	} `name:"email"`
	EndDevices struct {
		EncryptionKeyID string `name:"encryption-key-id" description:"ID of the key used to encrypt end device secrets at rest"` //nolint:lll
	} `name:"end-devices"`
	Gateways struct {
		EncryptionKeyID string        `name:"encryption-key-id" description:"ID of the key used to encrypt gateway secrets at rest"`
		TokenValidity   time.Duration `name:"token-validity" description:"Time in seconds after creation when a gateway token is valid"` //nolint:lll
	} `name:"gateways"`
	Delete struct {
		Restore time.Duration `name:"restore" description:"How long after soft-deletion an entity can be restored"`
	} `name:"delete"`
	DevEUIBlock struct {
		Enabled          bool                 `name:"enabled" description:"Enable DevEUI address issuing from IEEE MAC block"`
		ApplicationLimit int                  `name:"application-limit" description:"Maximum DevEUI addresses to be issued per application"`
		Prefix           ttntypes.EUI64Prefix `name:"prefix" description:"DevEUI block prefix"`
		InitCounter      int64                `name:"init-counter" description:"Initial counter value for the addresses to be issued (default 0)"`
	} `name:"dev-eui-block" description:"IEEE MAC block used to issue DevEUIs to devices that are not yet programmed"`
	Network struct {
		NetID    ttntypes.NetID  `name:"net-id" description:"NetID of this network"`
		NSID     *ttntypes.EUI64 `name:"ns-id" description:"NSID of this network (EUI)"`
		TenantID string          `name:"tenant-id" description:"Tenant ID"`
	} `name:"network"`
	TelemetryQueue telemetry.TaskQueue `name:"-"`
	Pagination     struct {
		DefaultLimit uint32 `name:"default-limit" description:"The default limit applied to paginated requests if not specified"` // nolint:lll
	} `name:"pagination" description:"Pagination settings"`
}

Config for the Identity Server.

type IdentityServer 

type IdentityServer struct {
	ttnpb.UnimplementedIsServer

	*component.Component
	// contains filtered or unexported fields
}

IdentityServer implements the Identity Server component.

The Identity Server exposes the Registry and Access services for Applications, OAuth clients, Gateways, Organizations and Users.

func New 

func New(c *component.Component, config *Config) (is *IdentityServer, err error)

New returns new *IdentityServer.

func (*IdentityServer) ApplicationRights 

func (is *IdentityServer) ApplicationRights(ctx context.Context, appIDs *ttnpb.ApplicationIdentifiers) (*ttnpb.Rights, error)

ApplicationRights returns the rights the caller has on the given application.

func (*IdentityServer) AuthInfo added in v3.12.0 

func (is *IdentityServer) AuthInfo(ctx context.Context) (*ttnpb.AuthInfoResponse, error)

AuthInfo implements rights.AuthInfoFetcher.

func (*IdentityServer) ClientRights 

func (is *IdentityServer) ClientRights(ctx context.Context, cliIDs *ttnpb.ClientIdentifiers) (*ttnpb.Rights, error)

ClientRights returns the rights the caller has on the given client.

func (*IdentityServer) Close added in v3.19.0 

func (is *IdentityServer) Close()

Close closes the Identity Server database connections and the underlying component.

func (*IdentityServer) Context 

func (is *IdentityServer) Context() context.Context

Context returns the context of the Identity Server.

func (*IdentityServer) GatewayRights 

func (is *IdentityServer) GatewayRights(ctx context.Context, gtwIDs *ttnpb.GatewayIdentifiers) (*ttnpb.Rights, error)

GatewayRights returns the rights the caller has on the given gateway. The query for the gateway only considers the Gateway ID and not the EUI (if provided).

func (*IdentityServer) GetConfiguration added in v3.9.0 

func (is *IdentityServer) GetConfiguration(ctx context.Context, _ *ttnpb.GetIsConfigurationRequest) (*ttnpb.GetIsConfigurationResponse, error)

GetConfiguration implements the RPC that returns the configuration of the Identity Server.

func (*IdentityServer) IsAdmin 

func (is *IdentityServer) IsAdmin(ctx context.Context) bool

IsAdmin returns whether the caller is an admin.

func (*IdentityServer) OrganizationRights 

func (is *IdentityServer) OrganizationRights(ctx context.Context, orgIDs *ttnpb.OrganizationIdentifiers) (*ttnpb.Rights, error)

OrganizationRights returns the rights the caller has on the given organization.

func (*IdentityServer) RegisterHandlers 

func (is *IdentityServer) RegisterHandlers(s *runtime.ServeMux, conn *grpc.ClientConn)

RegisterHandlers registers gRPC handlers.

func (*IdentityServer) RegisterInterop added in v3.15.2 

func (is *IdentityServer) RegisterInterop(srv *interop.Server)

RegisterInterop registers the LoRaWAN Backend Interfaces interoperability services.

func (*IdentityServer) RegisterServices 

func (is *IdentityServer) RegisterServices(s *grpc.Server)

RegisterServices registers services provided by is at s.

func (*IdentityServer) RequireAdmin 

func (is *IdentityServer) RequireAdmin(ctx context.Context) error

RequireAdmin returns an error when the caller is not an admin.

func (*IdentityServer) RequireAdminForFieldUpdate added in v3.21.0 

func (is *IdentityServer) RequireAdminForFieldUpdate(ctx context.Context, fields, adminFields []string) error

RequireAdminForFieldUpdate returns an error when the caller tries to update an admin-only field.

func (*IdentityServer) RequireAuthenticated 

func (is *IdentityServer) RequireAuthenticated(ctx context.Context) error

RequireAuthenticated checks the request context for authentication presence and returns an error if there is none.

func (*IdentityServer) Roles 

func (*IdentityServer) Roles() []ttnpb.ClusterRole

Roles returns the roles that the Identity Server fulfills.

func (*IdentityServer) SendEmail 

func (is *IdentityServer) SendEmail(ctx context.Context, message *email.Message) (err error)

SendEmail sends an email.

func (*IdentityServer) SendNotificationEmailToUserIDs added in v3.19.2 

func (is *IdentityServer) SendNotificationEmailToUserIDs(ctx context.Context, notification *ttnpb.Notification, receiverIDs ...*ttnpb.UserIdentifiers) error

SendNotificationEmailToUserIDs looks up the users and sends them a notification email.

func (*IdentityServer) SendNotificationEmailToUsers added in v3.19.2 

func (is *IdentityServer) SendNotificationEmailToUsers(ctx context.Context, notification *ttnpb.Notification, receivers ...*ttnpb.User) error

SendNotificationEmailToUsers sends a notification email to users.

func (*IdentityServer) SendTemplateEmailToUserIDs added in v3.19.2 

func (is *IdentityServer) SendTemplateEmailToUserIDs(
	ctx context.Context,
	templateName string,
	dataBuilder email.TemplateDataBuilder,
	receiverIDs ...*ttnpb.UserIdentifiers,
) error

SendTemplateEmailToUserIDs looks up the users and sends them an email.

func (*IdentityServer) SendTemplateEmailToUsers added in v3.19.2 

func (is *IdentityServer) SendTemplateEmailToUsers(
	ctx context.Context,
	templateName string,
	dataBuilder email.TemplateDataBuilder,
	receivers ...*ttnpb.User,
) error

SendTemplateEmailToUsers sends an email to users.

func (*IdentityServer) SetRedisCache 

func (is *IdentityServer) SetRedisCache(redis *redis.Client)

SetRedisCache configures the given redis instance for caching.

func (*IdentityServer) UniversalRights 

func (is *IdentityServer) UniversalRights(ctx context.Context) *ttnpb.Rights

UniversalRights returns the universal rights (that apply to any entity or outside entity scope) contained in the request context. This is used to determine admin rights.

func (*IdentityServer) UserRights 

func (is *IdentityServer) UserRights(ctx context.Context, userIDs *ttnpb.UserIdentifiers) (*ttnpb.Rights, error)

UserRights returns the rights the caller has on the given user.

Source Files

View all Source files

Directories

Path Synopsis
Package blocklist implements a list of forbidden IDs.
 Package blocklist implements a list of forbidden IDs.
Package store implements the Identity Server store interfaces using the bun library.
 Package store implements the Identity Server store interfaces using the bun library.
Package mockis provides a mock structure to the Identity Server.
 Package mockis provides a mock structure to the Identity Server.
Package store defines the interfaces implemented by Identity Server store implementations.
 Package store defines the interfaces implemented by Identity Server store implementations.
migrations
Package migrations contains Identity Server store migrations.
 Package migrations contains Identity Server store migrations.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.