users

package
v0.23.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 3, 2024 License: Apache-2.0 Imports: 8 Imported by: 0

README

Users service

Users service provides an HTTP API for managing users. Through this API clients are able to do the following actions:

  • register new accounts
  • obtain access tokens
  • verify access tokens

For in-depth explanation of the aforementioned scenarios, as well as thorough understanding of Mainflux, please check out the official documentation.

Configuration

The service is configured using the environment variables presented in the following table. Note that any unset variables will be replaced with their default values.

Variable Description Default
MF_USERS_LOG_LEVEL Log level for Users (debug, info, warn, error) error
MF_USERS_DB_HOST Database host address localhost
MF_USERS_DB_PORT Database host port 5432
MF_USERS_DB_USER Database user mainflux
MF_USERS_DB_PASSWORD Database password mainflux
MF_USERS_DB Name of the database used by the service users
MF_USERS_DB_SSL_MODE Database connection SSL mode (disable, require, verify-ca, verify-full) disable
MF_USERS_DB_SSL_CERT Path to the PEM encoded certificate file
MF_USERS_DB_SSL_KEY Path to the PEM encoded key file
MF_USERS_DB_SSL_ROOT_CERT Path to the PEM encoded root certificate file
MF_USERS_HTTP_PORT Users service HTTP port 8180
MF_USERS_SERVER_CERT Path to server certificate in pem format
MF_USERS_SERVER_KEY Path to server key in pem format
MF_USERS_ADMIN_EMAIL Default user, created on startup
MF_USERS_ADMIN_PASSWORD Default user password, created on startup
MF_JAEGER_URL Jaeger server URL localhost:6831
MF_EMAIL_HOST Mail server host localhost
MF_EMAIL_PORT Mail server port 25
MF_EMAIL_USERNAME Mail server username
MF_EMAIL_PASSWORD Mail server password
MF_EMAIL_FROM_ADDRESS Email "from" address
MF_EMAIL_FROM_NAME Email "from" name
MF_EMAIL_TEMPLATE Email template for sending emails with password reset link email.tmpl
MF_TOKEN_RESET_ENDPOINT Password request reset endpoint, for constructing link /reset-request

Deployment

The service itself is distributed as Docker container. Check the users service section in docker-compose to see how service is deployed.

To start the service outside of the container, execute the following shell script:

# download the latest version of the service
git clone https://github.com/MainfluxLabs/mainflux

cd mainflux

# compile the service
make users

# copy binary to bin
make install

# set the environment variables and run the service
MF_USERS_LOG_LEVEL=[Users log level] \
MF_USERS_DB_HOST=[Database host address] \
MF_USERS_DB_PORT=[Database host port] \
MF_USERS_DB_USER=[Database user] \
MF_USERS_DB_PASS=[Database password] \
MF_USERS_DB=[Name of the database used by the service] \
MF_USERS_DB_SSL_MODE=[SSL mode to connect to the database with] \
MF_USERS_DB_SSL_CERT=[Path to the PEM encoded certificate file] \
MF_USERS_DB_SSL_KEY=[Path to the PEM encoded key file] \
MF_USERS_DB_SSL_ROOT_CERT=[Path to the PEM encoded root certificate file] \
MF_USERS_HTTP_PORT=[Service HTTP port] \
MF_USERS_SERVER_CERT=[Path to server certificate] \
MF_USERS_SERVER_KEY=[Path to server key] \
MF_JAEGER_URL=[Jaeger server URL] \
MF_EMAIL_HOST=[Mail server host] \
MF_EMAIL_PORT=[Mail server port] \
MF_EMAIL_USERNAME=[Mail server username] \
MF_EMAIL_PASSWORD=[Mail server password] \
MF_EMAIL_FROM_ADDRESS=[Email from address] \
MF_EMAIL_FROM_NAME=[Email from name] \
MF_EMAIL_TEMPLATE=[Email template file] \
MF_TOKEN_RESET_ENDPOINT=[Password reset token endpoint] \
$GOBIN/mainfluxlabs-users

If MF_EMAIL_TEMPLATE doesn't point to any file service will function but password reset functionality will not work.

Usage

For more information about service capabilities and its usage, please check out the API documentation.

Documentation

Index

Constants

View Source
const (
	EnabledStatusKey  = "enabled"
	DisabledStatusKey = "disabled"
	AllStatusKey      = "all"
)

Variables

View Source
var (
	// ErrRecoveryToken indicates error in generating password recovery token.
	ErrRecoveryToken = errors.New("failed to generate password recovery token")

	// ErrPasswordFormat indicates weak password.
	ErrPasswordFormat = errors.New("password does not meet the requirements")

	// ErrAlreadyEnabledUser indicates the user is already enabled.
	ErrAlreadyEnabledUser = errors.New("the user is already enabled")

	// ErrAlreadyDisabledUser indicates the user is already disabled.
	ErrAlreadyDisabledUser = errors.New("the user is already disabled")
)

Functions

This section is empty.

Types

type Emailer

type Emailer interface {
	SendPasswordReset(To []string, host, token string) error
}

Emailer wrapper around the email

type Hasher

type Hasher interface {
	// Hash generates the hashed string from plain-text.
	Hash(string) (string, error)

	// Compare compares plain-text version to the hashed one. An error should
	// indicate failed comparison.
	Compare(string, string) error
}

Hasher specifies an API for generating hashes of an arbitrary textual content.

type Metadata

type Metadata map[string]interface{}

Metadata to be used for Mainflux thing or channel for customized describing of particular thing or channel.

type PageMetadata

type PageMetadata struct {
	Total    uint64
	Offset   uint64
	Limit    uint64
	Email    string
	Status   string
	Metadata Metadata
}

PageMetadata contains page metadata that helps navigation.

type Service

type Service interface {
	// Register creates new user account. In case of the failed registration, a
	// non-nil error value is returned. The user registration is only allowed
	// for admin.
	SelfRegister(ctx context.Context, user User) (string, error)

	// Register creates new user account. In case of the failed registration, a
	// non-nil error value is returned. The user registration is only allowed
	// for admin.
	Register(ctx context.Context, token string, user User) (string, error)

	// RegisterAdmin creates new root admin account. In case of the failed registration, a
	// non-nil error value is returned. The user registration is only allowed
	// for root admin.
	RegisterAdmin(ctx context.Context, user User) error

	// Login authenticates the user given its credentials. Successful
	// authentication generates new access token. Failed invocations are
	// identified by the non-nil error values in the response.
	Login(ctx context.Context, user User) (string, error)

	// ViewUser retrieves user info for a given user ID and an authorized token.
	ViewUser(ctx context.Context, token, id string) (User, error)

	// ViewProfile retrieves user info for a given token.
	ViewProfile(ctx context.Context, token string) (User, error)

	// ListUsers retrieves users list for a valid admin token.
	ListUsers(ctx context.Context, token string, pm PageMetadata) (UserPage, error)

	// ListUsersByIDs retrieves users list for the given IDs.
	ListUsersByIDs(ctx context.Context, ids []string) (UserPage, error)

	// ListUsersByEmails retrieves users list for the given emails.
	ListUsersByEmails(ctx context.Context, emails []string) ([]User, error)

	// UpdateUser updates the user metadata.
	UpdateUser(ctx context.Context, token string, user User) error

	// GenerateResetToken email where mail will be sent.
	// host is used for generating reset link.
	GenerateResetToken(ctx context.Context, email, host string) error

	// ChangePassword change users password for authenticated user.
	ChangePassword(ctx context.Context, authToken, password, oldPassword string) error

	// ResetPassword change users password in reset flow.
	// token can be authentication token or password reset token.
	ResetPassword(ctx context.Context, resetToken, password string) error

	// SendPasswordReset sends reset password link to email.
	SendPasswordReset(ctx context.Context, host, email, token string) error

	// EnableUser logically enableds the user identified with the provided ID
	EnableUser(ctx context.Context, token, id string) error

	// DisableUser logically disables the user identified with the provided ID
	DisableUser(ctx context.Context, token, id string) error

	// Backup returns admin and all users. Only accessible by admin.
	Backup(ctx context.Context, token string) (User, []User, error)

	// Restore restores users from backup. Only accessible by admin.
	Restore(ctx context.Context, token string, admin User, users []User) error
}

Service specifies an API that must be fullfiled by the domain service implementation, and all of its decorators (e.g. logging & metrics).

func New

func New(users UserRepository, hasher Hasher, auth protomfx.AuthServiceClient, e Emailer, idp uuid.IDProvider, passRegex *regexp.Regexp) Service

New instantiates the users service implementation

type User

type User struct {
	ID       string
	Email    string
	Password string
	Metadata Metadata
	Status   string
	Role     string
}

User represents a Mainflux user account. Each user is identified given its email and password.

func (User) Validate

func (u User) Validate() error

Validate returns an error if user representation is invalid.

type UserPage

type UserPage struct {
	PageMetadata
	Users []User
}

UserPage contains a page of users.

type UserRepository

type UserRepository interface {
	// Save persists the user account. A non-nil error is returned to indicate
	// operation failure.
	Save(ctx context.Context, u User) (string, error)

	// UpdateUser updates the user metadata.
	UpdateUser(ctx context.Context, u User) error

	// RetrieveByEmail retrieves user by its unique identifier (i.e. email).
	RetrieveByEmail(ctx context.Context, email string) (User, error)

	// RetrieveByID retrieves user by its unique identifier ID.
	RetrieveByID(ctx context.Context, id string) (User, error)

	// RetrieveByIDs retrieves all users for given array of userIDs.
	RetrieveByIDs(ctx context.Context, userIDs []string, pm PageMetadata) (UserPage, error)

	// UpdatePassword updates password for user with given email
	UpdatePassword(ctx context.Context, email, password string) error

	// ChangeStatus changes users status to enabled or disabled
	ChangeStatus(ctx context.Context, id, status string) error

	// RetrieveAll retrieves all users.
	RetrieveAll(ctx context.Context) ([]User, error)
}

UserRepository specifies an account persistence API.

Directories

Path Synopsis
api
grpc
Package grpc contains implementation of users service gRPC API.
Package grpc contains implementation of users service gRPC API.
http
Package api contains API-related concerns: endpoint definitions, middlewares and all resource representations.
Package api contains API-related concerns: endpoint definitions, middlewares and all resource representations.
Package bcrypt provides a hasher implementation utilizing bcrypt.
Package bcrypt provides a hasher implementation utilizing bcrypt.
Package postgres contains repository implementations using PostgreSQL as the underlying database.
Package postgres contains repository implementations using PostgreSQL as the underlying database.
Package tracing contains middlewares that will add spans to existing traces.
Package tracing contains middlewares that will add spans to existing traces.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL