auth

package
v1.0.0-rc.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 15, 2023 License: MIT Imports: 21 Imported by: 0

Documentation

Overview

Copyright (C) 2022 NHR@FAU, University Erlangen-Nuremberg. All rights reserved. Use of this source code is governed by a MIT-style license that can be found in the LICENSE file.

Copyright (C) 2022 NHR@FAU, University Erlangen-Nuremberg. All rights reserved. Use of this source code is governed by a MIT-style license that can be found in the LICENSE file.

Copyright (C) 2022 NHR@FAU, University Erlangen-Nuremberg. All rights reserved. Use of this source code is governed by a MIT-style license that can be found in the LICENSE file.

Copyright (C) 2022 NHR@FAU, University Erlangen-Nuremberg. All rights reserved. Use of this source code is governed by a MIT-style license that can be found in the LICENSE file.

Copyright (C) 2022 NHR@FAU, University Erlangen-Nuremberg. All rights reserved. Use of this source code is governed by a MIT-style license that can be found in the LICENSE file.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func FetchUser 

func FetchUser(ctx context.Context, db *sqlx.DB, username string) (*model.User, error)

func GetRoleString 

func GetRoleString(roleInt Role) string

func GetValidRoles 

func GetValidRoles(user *User) ([]string, error)

Called by API endpoint '/roles/' from frontend: Only required for admin config -> Check Admin Role

func GetValidRolesMap 

func GetValidRolesMap(user *User) (map[string]Role, error)

Called by routerConfig web.page setup in backend: Only requires known user and/or not API user

Types

type AuthSource 

type AuthSource int
const (
	AuthViaLocalPassword AuthSource = iota
	AuthViaLDAP
	AuthViaToken
)

type Authentication 

type Authentication struct {
	SessionMaxAge time.Duration

	LdapAuth  *LdapAuthenticator
	JwtAuth   *JWTAuthenticator
	LocalAuth *LocalAuthenticator
	// contains filtered or unexported fields
}

func Init 

func Init(db *sqlx.DB,
	configs map[string]interface{}) (*Authentication, error)

func (*Authentication) AddProject 

func (auth *Authentication) AddProject(
	ctx context.Context,
	username string,
	project string) error

func (*Authentication) AddRole 

func (auth *Authentication) AddRole(
	ctx context.Context,
	username string,
	queryrole string) error

func (*Authentication) AddUser 

func (auth *Authentication) AddUser(user *User) error

func (*Authentication) Auth 

func (auth *Authentication) Auth(
	onsuccess http.Handler,
	onfailure func(rw http.ResponseWriter, r *http.Request, authErr error)) http.Handler

Authenticate the user and put a User object in the context of the request. If authentication fails, do not continue but send client to the login screen.

func (*Authentication) AuthViaSession 

func (auth *Authentication) AuthViaSession(
	rw http.ResponseWriter,
	r *http.Request) (*User, error)

func (*Authentication) DelUser 

func (auth *Authentication) DelUser(username string) error

func (*Authentication) GetUser 

func (auth *Authentication) GetUser(username string) (*User, error)

func (*Authentication) ListUsers 

func (auth *Authentication) ListUsers(specialsOnly bool) ([]*User, error)

func (*Authentication) Login 

func (auth *Authentication) Login(
	onsuccess http.Handler,
	onfailure func(rw http.ResponseWriter, r *http.Request, loginErr error)) http.Handler

Handle a POST request that should log the user in, starting a new session.

func (*Authentication) Logout 

func (auth *Authentication) Logout(onsuccess http.Handler) http.Handler

Clears the session cookie

func (*Authentication) RemoveProject 

func (auth *Authentication) RemoveProject(ctx context.Context, username string, project string) error

func (*Authentication) RemoveRole 

func (auth *Authentication) RemoveRole(ctx context.Context, username string, queryrole string) error

type Authenticator 

type Authenticator interface {
	Init(auth *Authentication, config interface{}) error
	CanLogin(user *User, rw http.ResponseWriter, r *http.Request) bool
	Login(user *User, rw http.ResponseWriter, r *http.Request) (*User, error)
	Auth(rw http.ResponseWriter, r *http.Request) (*User, error)
}

type ContextKey 

type ContextKey string
const ContextUserKey ContextKey = "user"

type JWTAuthenticator 

type JWTAuthenticator struct {
	// contains filtered or unexported fields
}

func (*JWTAuthenticator) Auth 

func (ja *JWTAuthenticator) Auth(
	rw http.ResponseWriter,
	r *http.Request) (*User, error)

func (*JWTAuthenticator) CanLogin 

func (ja *JWTAuthenticator) CanLogin(
	user *User,
	rw http.ResponseWriter,
	r *http.Request) bool

func (*JWTAuthenticator) Init 

func (ja *JWTAuthenticator) Init(auth *Authentication, conf interface{}) error

func (*JWTAuthenticator) Login 

func (ja *JWTAuthenticator) Login(
	user *User,
	rw http.ResponseWriter,
	r *http.Request) (*User, error)

func (*JWTAuthenticator) ProvideJWT 

func (ja *JWTAuthenticator) ProvideJWT(user *User) (string, error)

Generate a new JWT that can be used for authentication

type LdapAuthenticator 

type LdapAuthenticator struct {
	// contains filtered or unexported fields
}

func (*LdapAuthenticator) Auth 

func (la *LdapAuthenticator) Auth(
	rw http.ResponseWriter,
	r *http.Request) (*User, error)

func (*LdapAuthenticator) CanLogin 

func (la *LdapAuthenticator) CanLogin(
	user *User,
	rw http.ResponseWriter,
	r *http.Request) bool

func (*LdapAuthenticator) Init 

func (la *LdapAuthenticator) Init(
	auth *Authentication,
	conf interface{}) error

func (*LdapAuthenticator) Login 

func (la *LdapAuthenticator) Login(
	user *User,
	rw http.ResponseWriter,
	r *http.Request) (*User, error)

func (*LdapAuthenticator) Sync 

func (la *LdapAuthenticator) Sync() error

type LocalAuthenticator 

type LocalAuthenticator struct {
	// contains filtered or unexported fields
}

func (*LocalAuthenticator) Auth 

func (la *LocalAuthenticator) Auth(
	rw http.ResponseWriter,
	r *http.Request) (*User, error)

func (*LocalAuthenticator) CanLogin 

func (la *LocalAuthenticator) CanLogin(
	user *User,
	rw http.ResponseWriter,
	r *http.Request) bool

func (*LocalAuthenticator) Init 

func (la *LocalAuthenticator) Init(
	auth *Authentication,
	_ interface{}) error

func (*LocalAuthenticator) Login 

func (la *LocalAuthenticator) Login(
	user *User,
	rw http.ResponseWriter,
	r *http.Request) (*User, error)

type Role 

type Role int
const (
	RoleAnonymous Role = iota
	RoleApi
	RoleUser
	RoleManager
	RoleSupport
	RoleAdmin
	RoleError
)

type User 

type User struct {
	Username   string     `json:"username"`
	Password   string     `json:"-"`
	Name       string     `json:"name"`
	Roles      []string   `json:"roles"`
	AuthSource AuthSource `json:"via"`
	Email      string     `json:"email"`
	Projects   []string   `json:"projects"`
	Expiration time.Time
}

func GetUser 

func GetUser(ctx context.Context) *User

func (*User) GetAuthLevel 

func (u *User) GetAuthLevel() Role

Find highest role

func (*User) HasAllRoles 

func (u *User) HasAllRoles(queryroles []Role) bool

Role-Arrays are short: performance not impacted by nested loop

func (*User) HasAnyRole 

func (u *User) HasAnyRole(queryroles []Role) bool

Role-Arrays are short: performance not impacted by nested loop

func (*User) HasNotRoles 

func (u *User) HasNotRoles(queryroles []Role) bool

Role-Arrays are short: performance not impacted by nested loop

func (*User) HasProject 

func (u *User) HasProject(project string) bool

func (*User) HasRole 

func (u *User) HasRole(role Role) bool

func (*User) HasValidRole 

func (u *User) HasValidRole(role string) (hasRole bool, isValid bool)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.