auth

Documentation

Index

• type Auth
  • func New(log logging.Logger, endpoint, pw string) (Auth, error)
  • func NewFromHash(log logging.Logger, endpoint string, pw password.Hash) Auth
• type ChangePasswordArgs
• type NewTokenArgs
• type Password
• type RevokeTokenArgs
• type Service
  • func (s *Service) ChangePassword(_ *http.Request, args *ChangePasswordArgs, reply *api.SuccessResponse) error
  • func (s *Service) NewToken(_ *http.Request, args *NewTokenArgs, reply *Token) error
  • func (s *Service) RevokeToken(_ *http.Request, args *RevokeTokenArgs, reply *api.SuccessResponse) error
• type Token

Types

type Auth

type Auth interface {
	// Create and return a new token that allows access to each API endpoint for
	// [duration] such that the API's path ends with an element of [endpoints].
	// If one of the elements of [endpoints] is "*", all APIs are accessible.
	NewToken(pw string, duration time.Duration, endpoints []string) (string, error)

	// Revokes [token]; it will not be accepted as authorization for future API
	// calls. If the token is invalid, this is a no-op.  If a token is revoked
	// and then the password is changed, and then changed back to the current
	// password, the token will be un-revoked. Therefore, passwords shouldn't be
	// re-used before previously revoked tokens have expired.
	RevokeToken(pw, token string) error

	// Authenticates [token] for access to [url].
	AuthenticateToken(token, url string) error

	// Change the password required to create and revoke tokens.
	// [oldPW] is the current password.
	// [newPW] is the new password. It can't be the empty string and it can't be
	//         unreasonably long.
	// Changing the password makes tokens issued under a previous password
	// invalid.
	ChangePassword(oldPW, newPW string) error

	// Create the API endpoint for this auth handler.
	CreateHandler() (http.Handler, error)

	// WrapHandler wraps an http.Handler. Before passing a request to the
	// provided handler, the auth token is authenticated.
	WrapHandler(h http.Handler) http.Handler
}

func New

func New(log logging.Logger, endpoint, pw string) (Auth, error)

func NewFromHash

func NewFromHash(log logging.Logger, endpoint string, pw password.Hash) Auth

type ChangePasswordArgs

type ChangePasswordArgs struct {
	OldPassword string `json:"oldPassword"` // Current authorization password
	NewPassword string `json:"newPassword"` // New authorization password
}

type NewTokenArgs

type NewTokenArgs struct {
	Password
	// Endpoints that may be accessed with this token e.g. if endpoints is
	// ["/ext/bc/X", "/ext/admin"] then the token holder can hit the X-Chain API
	// and the admin API. If [Endpoints] contains an element "*" then the token
	// allows access to all API endpoints. [Endpoints] must have between 1 and
	// [maxEndpoints] elements
	Endpoints []string `json:"endpoints"`
}

type Password

type Password struct {
	Password string `json:"password"` // The authorization password
}

type RevokeTokenArgs

type RevokeTokenArgs struct {
	Password
	Token
}

type Service

type Service struct {
	// contains filtered or unexported fields
}

Service that serves the Auth API functionality.

func (*Service) ChangePassword

func (s *Service) ChangePassword(_ *http.Request, args *ChangePasswordArgs, reply *api.SuccessResponse) error

func (*Service) NewToken

func (s *Service) NewToken(_ *http.Request, args *NewTokenArgs, reply *Token) error

func (*Service) RevokeToken

func (s *Service) RevokeToken(_ *http.Request, args *RevokeTokenArgs, reply *api.SuccessResponse) error

type Token

type Token struct {
	Token string `json:"token"` // The new token. Expires in [TokenLifespan].
}