acl

Documentation

Index

• Constants
• Variables
• type Entry
  • func (a *Entry) ToEvent() (ev *event.T)
• type Role
• type T
  • func (ae *T) AddEntry(entry *Entry) (err error)
  • func (ae *T) DeleteEntry(pub string) (err error)
  • func (ae *T) Find(pub string) (e *Entry)
  • func (ae *T) FromEvent(ev *event.T) (e *Entry, err error)

Constants

const (
	Kind        = kind.ACLEvent
	ReplacesTag = "replaces"
	ExpiryTag   = "expiry"
)

Variables

var RoleStrings = []string{
	"owner",
	"admin",
	"writer",
	"reader",
	"denied",
	"none",
}

RoleStrings are the human readable form of the role enums.

Types

type Entry

type Entry struct {
	// EventID is the event ID that creates the Entry.
	EventID eventid.T
	// Role is the role now in force for the pubkey for this Entry.
	Role Role
	// Pubkey is the public key that associates with the Role.
	Pubkey string
	// AuthKey is the public key of the user with Admin or Owner
	// that requested the change.
	AuthKey string
	// Replaces specifies the event ID (if any) that this entry replaces.
	Replaces eventid.T
	// Created is the created_at field of the event ID of this pubkey being
	// first added to the ACL
	Created timestamp.T
	// LastModified is the created at of the most recent event that altered
	// this Entry.
	LastModified timestamp.T
	// Expires is the unix timestamp after which this entry is no longer in
	// force and in effect reverts to None.
	Expires timestamp.T
}

Entry is

func (*Entry) ToEvent

func (a *Entry) ToEvent() (ev *event.T)

ToEvent converts an Entry into a raw ACL event.T.

note that these are always generated by the ACL configuration interface in the relay, after first finding any existing entry to replace.

The ACL control will generate the entry after scanning the existing acl.T and then this event will be saved in the database after processing it through FromEvent.

type Role

type Role int

const (
	// Owner is the role of a user who has all privileges except for
	// altering others with the same role.
	Owner Role = iota
	// Admin is the role that can change all lower roles except for adding
	// and removing administrators.
	Admin
	// Writer is a user who has the right to add events to the relay.
	Writer
	// Reader is a user who may search and retrieve events from the relay.
	Reader
	// Denied is a blacklisted user who may not read from or write to the
	// relay.
	Denied
	// None is the tombstone event that puts the user in the same role as an
	// unauthenticated user (which may mean the same as Denied in effect).
	None
)

ACL roles

type T

type T struct {
	sync.Mutex
	// contains filtered or unexported fields
}

T is the state information of the relay's Access Control List (ACL).

func (*T) AddEntry

func (ae *T) AddEntry(entry *Entry) (err error)

AddEntry adds or modifies an entry in the acl.T.

func (*T) DeleteEntry

func (ae *T) DeleteEntry(pub string) (err error)

DeleteEntry removes a record from the acl.T.

It is not possible to modify or delete an entry with the Owner role.

This will generally be run in response to an event that reverts a user role to None, to contain the size of the database as the number of formerly privileged users grows in the database. Old records that exceed storage limits can be later garbage collected and the events removed eliminating the record from the initial process of populating the acl.T from Kind events.

func (*T) Find

func (ae *T) Find(pub string) (e *Entry)

Find an Entry in the acl.T that has the matching public key.

func (*T) FromEvent

func (ae *T) FromEvent(ev *event.T) (e *Entry, err error)

FromEvent processes an event.T and imports it into the acl.T.

The ACL control system will in fact generate an Entry first, run Entry.ToEvent to derive a properly formatted event, sign it, and then run FromEvent to validate it after which it will then sign it and store the event into the database so it is available for searches and for initializing the acl.T at startup to configure the ACL.