anthropoi

package module
v0.11.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 17, 2020 License: MIT Imports: 13 Imported by: 0

README

Anthropoi

A simple accounts package and management tool.

What is it

This package sets up and manages user accounts with multi-site support and per-site groups.

Requirements

This package was made for use with PostgreSQL. CockroachDB probably won't work because of triggers.

Installing

Run this command to get the package:

go get -u github.com/Urethramancer/anthropoi

And run this to compile and install the management command:

go get -u github.com/Urethramancer/anthropoi/cmd/anthro

Using the package

(See built-in documentation for parameter information.)

  • New() creates a DBM structure to use for all further calls.
  • ConnectionString() rebuilds and returns a string based on the internally stored parameters.
  • Connect() opens the connection to the specified host, or localhost.
  • DatabaseExists() checks if there is a database of the specified name.
  • Create() creates a new account database with the specified name.
  • InitDatabase() sets up a new database with tables and triggers.

New() will use reasonable defaults for its connection string:

  • host: localhost
  • port: 5432
  • user: postgres
  • password: unused if blank
  • name: unused if blank
  • mode: enable if set to "enable", disable otherwise

Using the CLI tool

The command line tool, anthro, can be used to manage users, profiles, groups and permissions, saving you from having to write your own manager.

init

Running anthro init will set up the initial database. If you want to drop the current database, supply the -D flag. For more advanced features, such as dumping a backup of the database, use the pgsql command from the relevant PostgreSQL package.

user

The usercommand has subcommands for user account management. A user account has just the bare minimum details about a user, such as a display username, primary e-mail, login password, name and special data for some sites. There are two JSON fields, data and tokens, available to use for whatever you need. Methods to make use of them aren't currently implemented, but using PostgreSQL's JSON lookup is fairly straightforward.

user add

The user add subcommand takes a username at minimum. A password and salt will be generated and stored, and the password will be displayed in the terminal. Write it down or lose it!

Optional arguments are e-mail, first and last name and a cost, which is the complexity to use for hashing the password. The current minimum amount is 10, which gives a decent amount for testing. 11+ is recommended for production use, especially on very fast server hardware. The time roughly doubles for each increase by 1.

user remove

The user remove (or user rm) subcommand removes a user by ID or name.

user edit

Line by line editing of user fields, except password.

user list

This lists all users. More flags to filter on will be added in the near future.

profile

The profile command has subcommands for per-site profiles. Profiles are useful when you want one system to handle many domains with different profiles, containing different access rights, but which should share common logins. This is useful for blogging systems where different subdomains are used for different subjects, or to create a domain admin system for e-mail, for example.

profile add

The profile add subcommand adds a profile to a user. Permissions and groups are handled separately.

profile remove

Removes a profile, effectively removing access to a domain for a user.

profile setgroups

This manages groups for a profile, i.e. per-site permissions. Access rights are handled via groups, while profiles can contain collections of groups.

profile copy

This allows you to copy the non-personal parts of a profile from one user to another to quickly set permissions.

profile list

Lists profiles in the database, with optional filtering by site and by user.

Documentation

Index

Constants

View Source 
const DefaultName = "accounts"

Variables

This section is empty.

Functions

func Base6424 added in v0.4.0 

func Base6424(src string) string

Base6424 used by some password hashing algorithms.

func GenString 

func GenString(size int) string

GenString generates a random string, usable for passwords.

func GenerateDovecotPassword added in v0.4.0 

func GenerateDovecotPassword(password, salt string, rounds int) string

GenerateDovecotPassword creates a Dovecot-compatible password with the SHA512-CRYPT algorithm prefix.

Types

type Alias added in v0.6.0 

type Alias struct {
	Alias  string `json:"alias"`
	Target string `json:"target"`
}

Alias object.

type Aliases added in v0.6.0 

type Aliases struct {
	List []Alias `json:"aliases"`
}

Aliases container.

type DBM 

type DBM struct {
	*sql.DB
	// contains filtered or unexported fields
}

DBM is a DB manager for user accounts and groups.

func New 

func New(host, port, user, password, mode string) *DBM

New DBM setup.

func (*DBM) AddResetToken added in v0.9.4 

func (db *DBM) AddResetToken(user *User, duration time.Duration) (string, error)

AddResetToken creates a reset token with an expiry for an account, then returns the human-readable hash.

func (*DBM) AddSite added in v0.8.0 

func (db *DBM) AddSite(name string) (int64, error)

AddSite to enable users being associated.

func (*DBM) AddUser 

func (db *DBM) AddUser(username, password, email, first, last, data, tokens string, cost int) (*User, error)

AddUser creates a new User. This may fail.

func (*DBM) ClearFlag added in v0.6.0 

func (db *DBM) ClearFlag(key string) error

ClearFlag removes an entry in the flags table.

func (*DBM) Connect 

func (db *DBM) Connect(name string) error

OpenDB and set the pointer in the DBM struct.

func (*DBM) ConnectionString 

func (db *DBM) ConnectionString() string

func (*DBM) Create 

func (db *DBM) Create(name string) error

Create the database and retain the name.

func (*DBM) DatabaseExists 

func (db *DBM) DatabaseExists(name string) bool

DatabaseExists checks for the existence of the actual database.

func (*DBM) DeleteResetToken added in v0.9.4 

func (db *DBM) DeleteResetToken(key string) error

DeleteResetToken invalidates a reset token. Call when resetting a password.

func (*DBM) Drop 

func (db *DBM) Drop(name string) error

Drop a named database.

func (*DBM) GetAlias added in v0.6.0 

func (db *DBM) GetAlias(alias string) (string, error)

GetAlias returns the target for an alias.

func (*DBM) GetAliasesForUser added in v0.9.4 

func (db *DBM) GetAliasesForUser(u *User) (*Aliases, error)

GetAliasesForUser returns all addresses pointing to this user's address. This call is specific to mail mode.

func (*DBM) GetFlag added in v0.6.0 

func (db *DBM) GetFlag(key string) bool

GetFlag gets a string from the flags table.

func (*DBM) GetSitesForUser added in v0.4.0 

func (db *DBM) GetSitesForUser(u *User) error

GetSitesForUser fills the Sites field in the User struct.

func (*DBM) GetUser 

func (db *DBM) GetUser(id int64) (*User, error)

GetUser returns a User based on an ID.

func (*DBM) GetUserByName 

func (db *DBM) GetUserByName(name string) (*User, error)

GetUserByName for when you don't have an ID.

func (*DBM) GetUserForReset added in v0.9.4 

func (db *DBM) GetUserForReset(key string) (*User, error)

GetUserForReset returns a User if the token is valid.

func (*DBM) GetUsers added in v0.2.0 

func (db *DBM) GetUsers(match string) (*Users, error)

GetUsers retrieves users, sorted by ID, optionally containing a keyword.

func (*DBM) GetVar added in v0.6.0 

func (db *DBM) GetVar(key string) string

GetVar gets a string from the variables table.

func (*DBM) InitDatabase 

func (db *DBM) InitDatabase() error

InitDatabase creates the tables, functions and triggers required for the full account system.

func (*DBM) InitMailTables added in v0.6.0 

func (db *DBM) InitMailTables() error

InitMailTables for mail mode.

func (*DBM) PurgeResetTokens added in v0.9.4 

func (db *DBM) PurgeResetTokens() error

PurgeResetTokens deletes the oldest unused and expired tokens.

func (*DBM) RemoveAlias added in v0.6.0 

func (db *DBM) RemoveAlias(alias string) error

RemoveAlias deletes an alias.

func (*DBM) RemoveAliases added in v0.6.0 

func (db *DBM) RemoveAliases(target string) error

RemoveAliases deletes all aliases with the same target.

func (*DBM) RemoveSite added in v0.8.0 

func (db *DBM) RemoveSite(id int64) error

RemoveSite by ID.

func (*DBM) RemoveSiteByName added in v0.8.0 

func (db *DBM) RemoveSiteByName(name string) error

RemoveSiteByName for when that's more convenient.

func (*DBM) RemoveUser added in v0.8.0 

func (db *DBM) RemoveUser(id int64) error

RemoveUser by ID.

func (*DBM) RemoveUserByName added in v0.8.0 

func (db *DBM) RemoveUserByName(name string) error

RemoveUserByName for when that's needed.

func (*DBM) RemoveVar added in v0.6.0 

func (db *DBM) RemoveVar(key string) error

RemoveVar deletes an entry in the variables table.

func (*DBM) SaveUser 

func (db *DBM) SaveUser(u *User) error

UpdateUser saves an existing user by ID. Potentially slower than updating individual columns, and needs changing if the schema changes.

func (*DBM) SearchAliases added in v0.6.0 

func (db *DBM) SearchAliases(match string) (*Aliases, error)

SearchAliases finds aliases or targets containing the match string. Leave blank to list everything.

func (*DBM) SearchSites added in v0.8.0 

func (db *DBM) SearchSites(match string) (*Sites, error)

SearchSites finds sites containing the match string. Leave blank to list everything.

func (*DBM) SetAlias added in v0.6.0 

func (db *DBM) SetAlias(alias, target string) error

SetAlias creates or updates a new alias pointing to an existing target address (which may itself be an alias).

func (*DBM) SetEmail added in v0.11.0 

func (db *DBM) SetEmail(u *User) error

SetEmail updates the recovery e-mail for a user.

func (*DBM) SetFlag added in v0.6.0 

func (db *DBM) SetFlag(key string, flag bool) error

SetFlag sets a string in the flags table.

func (*DBM) SetVar added in v0.6.0 

func (db *DBM) SetVar(key, value string) error

SetVar sets a string in the variables table.

type Group 

type Group struct {
	ID   int64  `json:"id"`
	Name string `json:"name"`
}

Group for a site.

type Site added in v0.4.0 

type Site struct {
	ID      int64            `json:"id"`
	Name    string           `json:"name"`
	Created time.Time        `json:"created"`
	Groups  map[string]Group `json:"groups"`
}

Site or domain.

type Sites added in v0.8.0 

type Sites struct {
	List []*Site `json:"sites"`
}

Sites container.

type User 

type User struct {

	// ID of user in the database.
	ID int64 `json:"id"`
	// Username to log in with.
	Username string `json:"username"`
	// Password for user account.
	Password string `json:"password"`
	// Salt for the password.
	Salt string `json:"salt"`
	// Email to verify account or reset password.
	Email string `json:"email"`
	// Created timestamp.
	Created time.Time `json:"created"`

	// First name of user (optional).
	First string `json:"first"`
	// Last name of user (optional).
	Last string `json:"last"`
	// Data for the account. JSON field for all the customising you need.
	Data string `json:"data"`
	// Tokens is meant to store any authentication tokens required for external sites.
	Tokens string `json:"token"`

	// Sites the user is a member of.
	Sites []string

	// Locked accounts can't log in.
	Locked bool `json:"locked"`
	// Admin for the whole system if true.
	Admin bool `json:"admin"`
}

User account structure holds basic login and personal information.

func (*User) AcceptablePassword added in v0.9.1 

func (u *User) AcceptablePassword(password string) bool

AcceptablePassword does some superficial checking of a potential password. It will fail the test if it's too short, contains user details or is all numbers. Further policies have to be applied outside of this function.

func (*User) CheckPassword 

func (u *User) CheckPassword(password string) bool

CheckPassword against the account's hash.

func (*User) CompareDovecotHashAndPassword added in v0.4.0 

func (u *User) CompareDovecotHashAndPassword(password string) bool

CompareDovecotHashAndPassword for systems where getting bcrypt support in Dovecot is a pain.

func (*User) GetCost added in v0.9.1 

func (u *User) GetCost() int

GetCost for bcrypt hashes.

func (*User) GetRounds added in v0.9.1 

func (u *User) GetRounds() int

GetRounds for Dovecot hashes.

func (*User) SetDovecotPassword added in v0.4.0 

func (u *User) SetDovecotPassword(password string, rounds int)

SetDovecotPassword sets a Dovecot-compatible password for the user.

func (*User) SetPassword 

func (u *User) SetPassword(password string, cost int) error

SetPassword generates a new salt and sets the password.

func (*User) SplitPasswordElements added in v0.9.1 

func (u *User) SplitPasswordElements() []string

SplitPasswordElements splits the stored password hash and returns it if it fits any supported pattern (4 elements for bcrypt, 5 for Dovecot).

type Users added in v0.9.0 

type Users struct {
	List []*User `json:"users"`
}

Users container.

Source Files

View all Source files

Directories

Path Synopsis
cmd
acctsrv
anthro

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.