models

Documentation

Index

• Variables
• type AccessTokenClaims
• type KeyUsage
• type Permission
• type PermissionsConfig
• type RefreshTokenClaims
• type Role
• type RoleConfig
• type ShortCode
• type ShortCodeUsage

Variables

var ErrUnauthorized = errors.New("unauthorized")

var KnownKeyUsages = []KeyUsage{
	KeyUsageAuth,
	KeyUsageRefresh,
}

var KnownRoles = []Role{
	RoleAnon,
	RoleUser,
}

Types

type AccessTokenClaims

type AccessTokenClaims struct {
	// ID of the user that created the session. Can be empty for anonymous sessions.
	UserID *uuid.UUID `json:"userID,omitempty"`
	// Roles is a list of Role attributed to the session.
	Roles []Role `json:"roles"`
	// The ID of the refresh token that created the session. If the session was created using direct login, this
	// field is empty.
	RefreshTokenID *string `json:"refreshTokenID,omitempty"`
}

AccessTokenClaims is authenticated (signed) information about a session. This data is embed in the access tokens.

type KeyUsage

type KeyUsage string

KeyUsage gives information about the intended usage of a key. Multiple keys with the same usage are grouped together when retrieved.

const (
	// KeyUsageAuth is used to issue signed authentication tokens.
	KeyUsageAuth KeyUsage = "auth"
	// KeyUsageRefresh is used to issue signed refresh tokens.
	KeyUsageRefresh KeyUsage = "refresh"
)

type Permission

type Permission string

Permission is a special attribute that grants a session access to an authenticated resource. Each service may define its own set of authorizations.

type PermissionsConfig

type PermissionsConfig struct {
	Roles map[Role]RoleConfig `yaml:"roles"`
}

PermissionsConfig maps every Role to a set of permissions.

type RefreshTokenClaims

type RefreshTokenClaims struct {
	// ID of the user that created the session. Can be empty for anonymous sessions.
	Jti string `json:"jti"`
	// ID of the user that created the session.
	UserID uuid.UUID `json:"userID,omitempty"`
}

type Role

type Role string

Role is a special attributes that is assigned to a session. It grants said session a given set of Permission.

const (
	// RoleAnon represents an anonymous user.
	RoleAnon Role = "auth:anon"
	// RoleUser represents a regular user.
	RoleUser Role = "auth:user"
)

type RoleConfig

type RoleConfig struct {
	// Inherits the permissions from every listed role. Circular dependencies between roles are not allowed.
	Inherits []Role `yaml:"inherits"`
	// The set of permissions for the current role.
	Permissions []Permission `yaml:"permissions"`
}

RoleConfig manages a set of permissions for a given Role.

type ShortCode

type ShortCode struct {
	ID uuid.UUID

	// Information about the resource the short code grants access to.
	Usage ShortCodeUsage
	// The target that is allowed to access the resource. Only this target can retrieve the short code.
	Target string
	// Data used for the targeted resource. It can contain any information required to perform a specific action.
	Data []byte

	// Time at which the short code was created.
	CreatedAt time.Time
	// Expiration of the short code. Each short code is REQUIRED to expire past a certain time. Once the expiration date
	// is reached, the short code can no longer be used or retrieved.
	ExpiresAt time.Time

	// PlainCode is the clear password sent to the target via a secure channel.
	PlainCode string
}

ShortCode is a temporary password used to grant a user one-time access to a specific resource. Once a resource is accessed using a short code, the short code is expired.

type ShortCodeUsage

type ShortCodeUsage string

ShortCodeUsage gives information about the intended usage of a short code.

const (
	ShortCodeUsageValidateMail    ShortCodeUsage = "validateMail"
	ShortCodeUsageResetPassword   ShortCodeUsage = "resetPassword"
	ShortCodeUsageRequestRegister ShortCodeUsage = "requestRegister"
)