config

package
v0.0.0-...-66acf6f Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 18, 2024 License: BSD-3-Clause, BSD-3-Clause Imports: 15 Imported by: 0

Documentation

Index

Constants

View Source
const (
	// VersionUnknownStr is the string representation of VUnknown.
	VersionUnknownStr string = "unknown"
	// Version1Str is the string representation of Version1.
	Version1Str string = "v1"
	// Version2Str is the string representation of Version2.
	Version2Str string = "v2"
)
View Source
const (
	// PermRead is the read permission.
	PermRead = "read"
	// PermList is the list permission.
	PermList = "list"
	// PermReadAndList allows both read and list.
	PermReadAndList = "read,list"
)
View Source
const DefaultConfigFilename = ".kbp_config"

DefaultConfigFilename is the default filename for Keybase Pages config file.

View Source
const DefaultConfigFilepath = "/.kbp_config"

DefaultConfigFilepath is the default path for Keybase Pages config file under the site root, and is what's used in kbpagesd.

Variables

This section is empty.

Functions

func GenerateSHA256PasswordHash

func GenerateSHA256PasswordHash(cleartext string) (string, error)

GenerateSHA256PasswordHash generates a SHA256 based password hash.

Types

type Common

type Common struct {
	// Version specifies the version of the config.
	Version string `json:"version"`
}

Common includes common fields that should appear in all versions of configs.

type Config

type Config interface {
	Version() Version
	Authenticate(ctx context.Context, username, password string) bool
	// GetPermissions returns permission info. If username is nil, anonymous
	// permissions are returned. Otherwise, permissions for *username is
	// returned. Additionally, "maximum possible permissions" are returned,
	// which indicates whether a permission (read or list) is possible to be
	// granted on the path if proper authentication is provided.
	GetPermissions(path string, username *string) (
		read, list bool,
		possibleRead, possibleList bool,
		realm string, err error)
	// GetAccessControlAllowOrigin returns a string that, if non-empty, should
	// be set as Access-Control-Allow-Origin header.
	GetAccessControlAllowOrigin(path string) (setting string, err error)

	Encode(w io.Writer, prettify bool) error
}

Config is a collection of methods for getting different configuration parameters.

func ParseConfig

func ParseConfig(reader io.Reader) (config Config, err error)

ParseConfig parses a config from reader, and initializes internal checker(s) in the config.

type ErrACLsPerPathConfigsBothPresent

type ErrACLsPerPathConfigsBothPresent struct{}

ErrACLsPerPathConfigsBothPresent is returned when we are parsing a ConfigV1 that has both ACLs and PerPathConfigs defined.

func (ErrACLsPerPathConfigsBothPresent) Error

Error implements the error interface.

type ErrDuplicatePerPathConfigPath

type ErrDuplicatePerPathConfigPath struct {
	// contains filtered or unexported fields
}

ErrDuplicatePerPathConfigPath is returned when multiple per-user configs are defined for the same path in config.

func (ErrDuplicatePerPathConfigPath) Error

Error implements the error interface.

type ErrInvalidConfig

type ErrInvalidConfig struct {
	// contains filtered or unexported fields
}

ErrInvalidConfig is returned when an invalid config is provided.

func (ErrInvalidConfig) Error

func (e ErrInvalidConfig) Error() string

Error implements the error interface.

type ErrInvalidPermissions

type ErrInvalidPermissions struct {
	// contains filtered or unexported fields
}

ErrInvalidPermissions is returned when an invalid permissions string appears in the config.

func (ErrInvalidPermissions) Error

func (e ErrInvalidPermissions) Error() string

Error implements the error interface.

type ErrInvalidVersion

type ErrInvalidVersion struct {
	// contains filtered or unexported fields
}

ErrInvalidVersion is returned when Version field of the config is invalid.

func (ErrInvalidVersion) Error

func (e ErrInvalidVersion) Error() string

Error implements the error interface.

type ErrUndefinedUsername

type ErrUndefinedUsername struct {
	// contains filtered or unexported fields
}

ErrUndefinedUsername is returned when a username appears in a per-path config but it's not defined in the config's Users section.

func (ErrUndefinedUsername) Error

func (e ErrUndefinedUsername) Error() string

Error implements the error interface.

type InvalidPasswordHash

type InvalidPasswordHash struct{}

InvalidPasswordHash is the error that happens when there's an invalid password hash in the config.

func (InvalidPasswordHash) Error

func (InvalidPasswordHash) Error() string

Error implements the error interface.

type PerPathConfigV1

type PerPathConfigV1 struct {
	// WhitelistAdditionalPermissions is a map of username -> permissions that
	// defines a list of additional permissions that authenticated users have
	// in addition to AnonymousPermissions.
	WhitelistAdditionalPermissions map[string]string `json:"whitelist_additional_permissions"`
	// AnonymousPermissions is the permissions for
	// unauthenticated/anonymous requests.
	AnonymousPermissions string `json:"anonymous_permissions"`

	// AccessControlAllowOrigin, if set, causes the setting of the
	// Access-Control-Allow-Origin header when serving requests under the
	// corresponding path.
	AccessControlAllowOrigin string `json:"Access-Control-Allow-Origin,omitempty"`
	// Custom403Forbidden specifies a path (relative to site root) to a html
	// file to be served when 403 errors happen.
	Custom403Forbidden string `json:"custom_403_forbidden,omitempty"`
	// Custom404NotFound specifies a path (relative to site root) to a html
	// file to be served when 404 errors happen.
	Custom404NotFound string `json:"custom_404_not_found,omitempty"`
}

PerPathConfigV1 defines a per-path configuration structure, including an access control list (ACL) for the V1 config.

type V1

type V1 struct {
	Common

	// Users is a [username -> bcrypt-hashed password] map that defines how
	// users should be authenticated.
	Users map[string]string `json:"users"`

	// ACLs is deprecated, and kept around for back-compability. Now it serves
	// as an alias to PerPathConfigs. If both ACLs and PerPathConfigs are
	// present, it's a parsing error.
	ACLs map[string]PerPathConfigV1 `json:"acls,omitempty"`

	// PerPathConfigs is a path -> PerPathConfig map to configure parameters
	// for individual paths. Configured paths apply to their sub paths too.
	PerPathConfigs map[string]PerPathConfigV1 `json:"per_path_configs"`
	// contains filtered or unexported fields
}

V1 defines a V1 config. Public fields are accessible by `json` encoders and decoder.

On first call to GetPermission* methods, it initializes an internal per-path config reader. If the object is constructed from ParseConfig, its internal per-path config reader is initialized automatically. Any changes to the PerPathConfigs fields afterwards have no effect.

func DefaultV1

func DefaultV1() *V1

DefaultV1 returns a default V1 config, which allows anonymous read to everything.

func (*V1) Authenticate

func (c *V1) Authenticate(ctx context.Context, username, cleartextPassword string) bool

Authenticate implements the Config interface.

func (*V1) Encode

func (c *V1) Encode(w io.Writer, prettify bool) error

Encode implements the Config interface.

func (*V1) EnsureInit

func (c *V1) EnsureInit() error

EnsureInit initializes c, and returns any error encountered during the initialization. Additionally, it also moves ACLs into PerPathConfigs if needed.

It is not necessary to call EnsureInit. Methods that need it do it automatically.

func (*V1) GetAccessControlAllowOrigin

func (c *V1) GetAccessControlAllowOrigin(path string) (setting string, err error)

GetAccessControlAllowOrigin implements the Config interface.

func (*V1) GetPermissions

func (c *V1) GetPermissions(path string, username *string) (
	read, list bool,
	possibleRead, possibleList bool,
	realm string, err error)

GetPermissions implements the Config interface.

func (*V1) HasBcryptPasswords

func (c *V1) HasBcryptPasswords() (bool, error)

HasBcryptPasswords checks if any password hash in the config is a bcrypt hash. This method is temporary for migration and will go away.

func (*V1) Validate

func (c *V1) Validate() (err error)

Validate checks all public fields of c, and returns an error if any of them is invalid, or a nil-error if they are all valid.

Although changes to per-path config fields have no effect on per-path config checkings once the internal per-path config reader is intialized (see comment on V1), this method still checks the updated per-path config fields. So it's OK to use Validate directly on a *V1 that has been modified since it was initialized.

As a result, unlike other methods on the type, this method is not goroutine safe against changes to the public fields.

func (*V1) Version

func (c *V1) Version() Version

Version implements the Config interface.

type Version

type Version int

Version specifies the version of a config.

const (
	// VersionUnknown defines an unknown config version.
	VersionUnknown Version = iota
	// Version1 is version 1.
	Version1
	// Version2 is version 2.
	//
	// Currently the only difference between V1 and V2 is that V2 uses
	// sha-based password hash instead of bcrypt in V1. V2 still uses the ACL
	// definition and checker from V1.
	Version2
)

func (Version) String

func (v Version) String() string

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL