myirmaserver

package
v0.0.0-...-685a438 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 2, 2024 License: Apache-2.0 Imports: 22 Imported by: 0

README

This server provides the primary end points for the myirma web interface. 

Although this server permits the user to delete his account, and change email address associations, for security reasons, deletion of account logs and email addresses is delayed. Deleting an email address marks it as to be deleted, but only does so after 30 days to stop someone who has stolen a phone from making it impossible to disable the IRMA account. Similarly, when deleting an account, logs remain stored and accessible through email login for 30 days, to stop attackers from erasing their tracks.

This server exposes the following endpoints:

-- SESSION STATUS --
POST /checksession
Arguments:   none
Description: Check session status, fetching any pending errors from operations following IRMA sessions
Returns:     - `expired` if user is not logged in
             - `ok` if user is logged in
             - error text if an error occurred during IRMA session processing

-- IRMA LOGIN --
POST /login/irma
Arguments:   none
Description: Start IRMA login session. After session, checksession needs to be called to check for errors
Returns:     session pointer

-- EMAIL LOGIN --
POST /login/email
Arguments:   Emailaddress as request body
Description: Send login email
Returns:     success with 204, or 403 if user not registered

POST /login/token/candidates
Arguments:   token as request body
Description: Get account candidates for loging in with email address token
Returns:     list of account candidates with json structure:
             [{username: "username", last_active: "unix timestamp (utc) of last activity on account"},...]

POST /login/token
Arguments:   Login request as json:
             {token: "login token", username: "username of specific account to login to"}
Description: Login using a token into a specific user account
Returns:     success with 204, or error otherwise

-- LOGOUT --
POST /logout
Arguments:   none
Description: Log out of current session
Returns:     success with 204, should not error

-- USER DATA --
GET /user
Arguments:   none
Description: Returns user account information for currently logged in user
Returns:     structure as json:
             { username: "username",
               emails: [{email: "emailaddress",
                         delete_in_progress: "email address is currently waiting to be deleted"}, ...],
               delete_in_progress: "account is currently disabled and waiting to be deleted" }

GET /user/logs/{offset}
Arguments:   none outside url
Description: Retrieve log entries
Returns:     11 of user"s logs, starting from log entry with index {offset}. Logs are ordered
             chronologically, newest first.

-- EMAIL MANAGEMENT --
POST /email/add
Arguments:   none
Description: Starts session in which user can disclose the email address to be added.
             After session, checksession needs to be called to check for potential errors
Returns:     session pointer

POST /email/remove
Arguments:   none
Description: emailaddress to remove as request body
Returns:     204 on success, errors otherwise

POST /verify
Arguments:   token as request body
Description: Verifies the user's email address entered during registration of the IRMA app. A link
             containing a token is sent to this email address. The frontend invokes this endpoint to
             verify the token.
Returns:     204 on success, errors otherwise

-- ACCOUNT REMOVAL --
POST /user/delete
Arguments:   none
Description: Start deletion process for currently logged in user
Returns:     204 on success, errors otherwise (also if user deletion already in progress)

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Configuration

type Configuration struct {
	// IRMA server configuration. If not given, this will be populated using information here
	*server.Configuration `mapstructure:",squash"`

	CORSAllowedOrigins []string `json:"cors_allowed_origins" mapstructure:"cors_allowed_origins"`

	// Path to static content to serve (for testing)
	StaticPath   string `json:"static_path" mapstructure:"static_path"`
	StaticPrefix string `json:"static_prefix" mapstructure:"static_prefix"`

	// Database configuration (ignored when database is provided)
	DBType            DBType `json:"db_type" mapstructure:"db_type"`
	DBConnStr         string `json:"db_str" mapstructure:"db_str"`
	DBConnMaxIdle     int    `json:"db_max_idle" mapstructure:"db_max_idle"`
	DBConnMaxOpen     int    `json:"db_max_open" mapstructure:"db_max_open"`
	DBConnMaxIdleTime int    `json:"db_max_idle_time" mapstructure:"db_max_idle_time"`
	DBConnMaxOpenTime int    `json:"db_max_open_time" mapstructure:"db_max_open_time"`
	// DeleteDelay is the delay in days before a user or email address deletion becomes effective.
	DeleteDelay int `json:"delete_delay" mapstructure:"delete_delay"`
	// Provide a prepared database (useful for testing)
	DB db `json:"-"`

	// Session lifetime in seconds
	SessionLifetime int `json:"session_lifetime" mapstructure:"session_lifetime"`

	// Keyshare attributes to use for login
	KeyshareAttributes []irma.AttributeTypeIdentifier `json:"keyshare_attributes" mapstructure:"keyshare_attributes"`
	EmailAttributes    []irma.AttributeTypeIdentifier `json:"email_attributes" mapstructure:"email_attributes"`

	// Configuration for email sending during login (email address use will be disabled if not present)
	keyshare.EmailConfiguration `mapstructure:",squash"`

	LoginURL map[string]string `json:"login_url" mapstructure:"login_url"`

	LoginEmailFiles       map[string]string `json:"login_email_files" mapstructure:"login_email_files"`
	LoginEmailSubjects    map[string]string `json:"login_email_subjects" mapstructure:"login_email_subjects"`
	DeleteEmailFiles      map[string]string `json:"delete_email_files" mapstructure:"delete_email_files"`
	DeleteEmailSubjects   map[string]string `json:"delete_email_subjects" mapstructure:"delete_email_subjects"`
	DeleteAccountFiles    map[string]string `json:"delete_account_files" mapstructure:"delete_account_files"`
	DeleteAccountSubjects map[string]string `json:"delete_account_subjects" mapstructure:"delete_account_subjects"`
	// contains filtered or unexported fields
}

Configuration contains configuration for the irmaserver library and irmad.

type DBType

type DBType string
const (
	DBTypeMemory   DBType = "memory"
	DBTypePostgres DBType = "postgres"

	SessionLifetimeDefault = 15 * 60 // seconds
)

type Server

type Server struct {
	// contains filtered or unexported fields
}

func New

func New(conf *Configuration) (*Server, error)

func (*Server) Handler

func (s *Server) Handler() http.Handler

func (*Server) Stop

func (s *Server) Stop()

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL