Documentation ¶
Index ¶
- func GenerateAPIKey(ctx context.Context, name string, rights ...ttnpb.Right) (key *ttnpb.APIKey, token string, err error)
- type Config
- type IdentityServer
- func (is *IdentityServer) ApplicationRights(ctx context.Context, appIDs ttnpb.ApplicationIdentifiers) (*ttnpb.Rights, error)
- func (is *IdentityServer) AuthInfo(ctx context.Context) (*ttnpb.AuthInfoResponse, error)
- func (is *IdentityServer) ClientRights(ctx context.Context, cliIDs ttnpb.ClientIdentifiers) (*ttnpb.Rights, error)
- func (is *IdentityServer) Context() context.Context
- func (is *IdentityServer) GatewayRights(ctx context.Context, gtwIDs ttnpb.GatewayIdentifiers) (*ttnpb.Rights, error)
- func (is *IdentityServer) GetConfiguration(ctx context.Context, _ *ttnpb.GetIsConfigurationRequest) (*ttnpb.GetIsConfigurationResponse, error)
- func (is *IdentityServer) IsAdmin(ctx context.Context) bool
- func (is *IdentityServer) OrganizationRights(ctx context.Context, orgIDs ttnpb.OrganizationIdentifiers) (*ttnpb.Rights, error)
- func (is *IdentityServer) RegisterHandlers(s *runtime.ServeMux, conn *grpc.ClientConn)
- func (is *IdentityServer) RegisterServices(s *grpc.Server)
- func (is *IdentityServer) RequireAdmin(ctx context.Context) error
- func (is *IdentityServer) RequireAuthenticated(ctx context.Context) error
- func (is *IdentityServer) Roles() []ttnpb.ClusterRole
- func (is *IdentityServer) SendAdminsEmail(ctx context.Context, makeMessage func(emails.Data) email.MessageData) error
- func (is *IdentityServer) SendContactsEmail(ctx context.Context, ids *ttnpb.EntityIdentifiers, ...) error
- func (is *IdentityServer) SendEmail(ctx context.Context, f func(emails.Data) email.MessageData) (err error)
- func (is *IdentityServer) SendUserEmail(ctx context.Context, userIDs *ttnpb.UserIdentifiers, ...) error
- func (is *IdentityServer) SetRedisCache(redis *redis.Client)
- func (is *IdentityServer) UniversalRights(ctx context.Context) *ttnpb.Rights
- func (is *IdentityServer) UserRights(ctx context.Context, userIDs ttnpb.UserIdentifiers) (*ttnpb.Rights, error)
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
Types ¶
type Config ¶
type Config struct { DatabaseURI string `name:"database-uri" description:"Database connection URI"` UserRegistration struct { Enabled bool `name:"enabled" description:"Enable user registration"` Invitation struct { Required bool `name:"required" description:"Require invitations for new users"` TokenTTL time.Duration `name:"token-ttl" description:"TTL of user invitation tokens"` } `name:"invitation"` ContactInfoValidation struct { Required bool `name:"required" description:"Require contact info validation for new users"` TokenTTL time.Duration `name:"token-ttl" description:"TTL of contact info validation tokens"` } `name:"contact-info-validation"` AdminApproval struct { Required bool `name:"required" description:"Require admin approval for new users"` } `name:"admin-approval"` PasswordRequirements struct { MinLength int `name:"min-length" description:"Minimum password length"` MaxLength int `name:"max-length" description:"Maximum password length"` MinUppercase int `name:"min-uppercase" description:"Minimum number of uppercase letters"` MinDigits int `name:"min-digits" description:"Minimum number of digits"` MinSpecial int `name:"min-special" description:"Minimum number of special characters"` } `name:"password-requirements"` } `name:"user-registration"` AuthCache struct { MembershipTTL time.Duration `name:"membership-ttl" description:"TTL of membership caches"` } `name:"auth-cache"` OAuth oauth.Config `name:"oauth"` ProfilePicture struct { DisableUpload bool `name:"disable-upload" description:"Disable uploading profile pictures"` UseGravatar bool `name:"use-gravatar" description:"Use Gravatar fallback for users without profile picture"` Bucket string `name:"bucket" description:"Bucket used for storing profile pictures"` BucketURL string `name:"bucket-url" description:"Base URL for public bucket access"` } `name:"profile-picture"` EndDevicePicture struct { DisableUpload bool `name:"disable-upload" description:"Disable uploading end device pictures"` Bucket string `name:"bucket" description:"Bucket used for storing end device pictures"` BucketURL string `name:"bucket-url" description:"Base URL for public bucket access"` } `name:"end-device-picture"` UserRights struct { CreateApplications bool `name:"create-applications" description:"Allow non-admin users to create applications in their user account"` CreateClients bool `name:"create-clients" description:"Allow non-admin users to create OAuth clients in their user account"` CreateGateways bool `name:"create-gateways" description:"Allow non-admin users to create gateways in their user account"` CreateOrganizations bool `name:"create-organizations" description:"Allow non-admin users to create organizations in their user account"` } `name:"user-rights"` AdminRights struct { All bool `name:"all" description:"Grant all rights to admins, including _KEYS and _ALL"` } `name:"admin-rights"` LoginTokens struct { Enabled bool `name:"enabled" description:"enable users requesting login tokens"` TokenTTL time.Duration `name:"token-ttl" description:"TTL of login tokens"` } `name:"login-tokens"` Email struct { email.Config `name:",squash"` SendGrid sendgrid.Config `name:"sendgrid"` SMTP smtp.Config `name:"smtp"` Templates emailTemplatesConfig `name:"templates"` } `name:"email"` Gateways struct { EncryptionKeyID string `name:"encryption-key-id" description:"ID of the key used to encrypt gateway secrets at rest"` } `name:"gateways"` Delete struct { Restore time.Duration `name:"restore" description:"How long after soft-deletion an entity can be restored"` } `name:"delete"` }
Config for the Identity Server
type IdentityServer ¶
IdentityServer implements the Identity Server component.
The Identity Server exposes the Registry and Access services for Applications, OAuth clients, Gateways, Organizations and Users.
func New ¶
func New(c *component.Component, config *Config) (is *IdentityServer, err error)
New returns new *IdentityServer.
func (*IdentityServer) ApplicationRights ¶
func (is *IdentityServer) ApplicationRights(ctx context.Context, appIDs ttnpb.ApplicationIdentifiers) (*ttnpb.Rights, error)
ApplicationRights returns the rights the caller has on the given application.
func (*IdentityServer) AuthInfo ¶
func (is *IdentityServer) AuthInfo(ctx context.Context) (*ttnpb.AuthInfoResponse, error)
AuthInfo implements rights.AuthInfoFetcher.
func (*IdentityServer) ClientRights ¶
func (is *IdentityServer) ClientRights(ctx context.Context, cliIDs ttnpb.ClientIdentifiers) (*ttnpb.Rights, error)
ClientRights returns the rights the caller has on the given client.
func (*IdentityServer) Context ¶
func (is *IdentityServer) Context() context.Context
Context returns the context of the Identity Server.
func (*IdentityServer) GatewayRights ¶
func (is *IdentityServer) GatewayRights(ctx context.Context, gtwIDs ttnpb.GatewayIdentifiers) (*ttnpb.Rights, error)
GatewayRights returns the rights the caller has on the given gateway.
func (*IdentityServer) GetConfiguration ¶
func (is *IdentityServer) GetConfiguration(ctx context.Context, _ *ttnpb.GetIsConfigurationRequest) (*ttnpb.GetIsConfigurationResponse, error)
GetConfiguration implements the RPC that returns the configuration of the Identity Server.
func (*IdentityServer) IsAdmin ¶
func (is *IdentityServer) IsAdmin(ctx context.Context) bool
IsAdmin returns whether the caller is an admin.
func (*IdentityServer) OrganizationRights ¶
func (is *IdentityServer) OrganizationRights(ctx context.Context, orgIDs ttnpb.OrganizationIdentifiers) (*ttnpb.Rights, error)
OrganizationRights returns the rights the caller has on the given organization.
func (*IdentityServer) RegisterHandlers ¶
func (is *IdentityServer) RegisterHandlers(s *runtime.ServeMux, conn *grpc.ClientConn)
RegisterHandlers registers gRPC handlers.
func (*IdentityServer) RegisterServices ¶
func (is *IdentityServer) RegisterServices(s *grpc.Server)
RegisterServices registers services provided by is at s.
func (*IdentityServer) RequireAdmin ¶
func (is *IdentityServer) RequireAdmin(ctx context.Context) error
RequireAdmin returns an error when the caller is not an admin.
func (*IdentityServer) RequireAuthenticated ¶
func (is *IdentityServer) RequireAuthenticated(ctx context.Context) error
RequireAuthenticated checks the request context for authentication presence and returns an error if there is none.
func (*IdentityServer) Roles ¶
func (is *IdentityServer) Roles() []ttnpb.ClusterRole
Roles returns the roles that the Identity Server fulfills.
func (*IdentityServer) SendAdminsEmail ¶
func (is *IdentityServer) SendAdminsEmail(ctx context.Context, makeMessage func(emails.Data) email.MessageData) error
SendAdminsEmail sends an email to the admins of the network.
func (*IdentityServer) SendContactsEmail ¶
func (is *IdentityServer) SendContactsEmail(ctx context.Context, ids *ttnpb.EntityIdentifiers, makeMessage func(emails.Data) email.MessageData) error
SendContactsEmail sends an email to the contacts of the given entity.
func (*IdentityServer) SendEmail ¶
func (is *IdentityServer) SendEmail(ctx context.Context, f func(emails.Data) email.MessageData) (err error)
SendEmail sends an email.
func (*IdentityServer) SendUserEmail ¶
func (is *IdentityServer) SendUserEmail(ctx context.Context, userIDs *ttnpb.UserIdentifiers, makeMessage func(emails.Data) email.MessageData) error
SendUserEmail sends an email to the given user.
func (*IdentityServer) SetRedisCache ¶
func (is *IdentityServer) SetRedisCache(redis *redis.Client)
SetRedisCache configures the given redis instance for caching.
func (*IdentityServer) UniversalRights ¶
func (is *IdentityServer) UniversalRights(ctx context.Context) *ttnpb.Rights
UniversalRights returns the universal rights (that apply to any entity or outside entity scope) contained in the request context. This is used to determine admin rights.
func (*IdentityServer) UserRights ¶
func (is *IdentityServer) UserRights(ctx context.Context, userIDs ttnpb.UserIdentifiers) (*ttnpb.Rights, error)
UserRights returns the rights the caller has on the given user.
Source Files ¶
- api_key_utils.go
- application_access.go
- application_registry.go
- client_access.go
- client_registry.go
- config.go
- contact_info_registry.go
- email.go
- end_device_registry.go
- entity_access.go
- gateway_access.go
- gateway_registry.go
- identityserver.go
- invitation_registry.go
- oauth_registry.go
- organization_access.go
- organization_registry.go
- picture.go
- registry_search.go
- rights.go
- user_access.go
- user_registry.go
- utils.go