Documentation
¶
Index ¶
- Variables
- func ApplicationValidator() map[string]interface{}
- func BuildValidator(properties map[string]interface{}, required []string) map[string]interface{}
- func DomainValidator() map[string]interface{}
- func FullUsername(domainID, userID string) string
- func FunctionValidator() map[string]interface{}
- func GroupValidator() map[string]interface{}
- func MembershipValidator() map[string]interface{}
- func RBACValidator() map[string]interface{}
- func RelationValidator() map[string]interface{}
- func SchemalessValidator() map[string]interface{}
- func UserValidator() map[string]interface{}
- type Application
- type Domain
- type DomainType
- type Function
- type Group
- type Index
- type Membership
- type Metadata
- type RBAC
- type Relation
- type Session
- type SessionRequest
- type SessionResponse
- type User
Constants ¶
This section is empty.
Variables ¶
View Source
var ( ApplicationIndexes = []Index{ { Fields: map[string]interface{}{"_id": 1}, Unique: true, }, } )
Indexes
View Source
var ( DomainIndexes = []Index{ { Fields: map[string]interface{}{"_id": 1}, Unique: true, }, } )
Indexes
View Source
var ( FunctionIndexes = []Index{ { Fields: map[string]interface{}{"_id": 1}, Unique: true, }, { Fields: map[string]interface{}{"name": 1}, Unique: true, }, } )
Indexes
View Source
var ( GroupIndexes = []Index{ { Fields: map[string]interface{}{"_id": 1}, Unique: true, }, { Fields: map[string]interface{}{"name": 1}, Unique: true, }, } )
Indexes
View Source
var ( MembershipIndexes = []Index{ { Fields: map[string]interface{}{ "user_id": 1, "group_id": 1, }, Unique: true, }, { Fields: map[string]interface{}{"user_id": 1}, Unique: false, }, { Fields: map[string]interface{}{"group_id": 1}, Unique: false, }, } )
Indexes
View Source
var ( RBACIndexes = []Index{ { Fields: map[string]interface{}{"_id": 1}, Unique: true, }, { Fields: map[string]interface{}{ "domain_id": 1, "identity_id": 1, "collection": 1, "collection_id": 1, "perm": 1, }, Unique: false, }, { Fields: map[string]interface{}{ "domain_id": 1, "identity_id": 1, "collection": 1, "perm": 1, }, Unique: false, }, } )
Indexes
View Source
var ( RelationIndexes = []Index{ { Fields: map[string]interface{}{"_id": 1}, Unique: true, }, { Fields: map[string]interface{}{ "src": 1, "sid": 1, "rel": 1, }, Unique: false, }, { Fields: map[string]interface{}{ "dst": 1, "did": 1, "rel": 1, }, Unique: false, }, } )
Indexes
View Source
var ( UserIndexes = []Index{ { Fields: map[string]interface{}{"_id": 1}, Unique: true, }, { Fields: map[string]interface{}{"username": 1}, Unique: true, }, } )
Indexes
Functions ¶
func ApplicationValidator ¶
func ApplicationValidator() map[string]interface{}
ApplicationValidator is the JSON schema validation for the applications collection
func BuildValidator ¶
BuildValidator is a helper to join required validations from each collection plus metadata
func DomainValidator ¶
func DomainValidator() map[string]interface{}
DomainValidator is the JSON schema validation for the domains collection
func FullUsername ¶
FullUsername returns the <domain_id>/<user_id> representation that ensures uniqueness
func FunctionValidator ¶
func FunctionValidator() map[string]interface{}
FunctionValidator is the JSON schema validation for the functions collection
func GroupValidator ¶
func GroupValidator() map[string]interface{}
GroupValidator is the JSON schema validation for the groups collection
func MembershipValidator ¶
func MembershipValidator() map[string]interface{}
MembershipValidator is a schema for the membership collections
func RBACValidator ¶
func RBACValidator() map[string]interface{}
RBACValidator is the JSON schema validation for the domains collection
func RelationValidator ¶
func RelationValidator() map[string]interface{}
RelationValidator is the JSON schema validation for the domains collection
func SchemalessValidator ¶
func SchemalessValidator() map[string]interface{}
SchemalessValidator is the validator for a collection without schema validation
func UserValidator ¶
func UserValidator() map[string]interface{}
UserValidator is the JSON schema validation for the applications collection
Types ¶
type Application ¶
type Application struct {
ID string `json:"_id" bson:"_id"`
Name string `json:"name" bson:"name"`
Description string `json:"desc" bson:"desc"`
Metadata `json:"meta" bson:"meta"`
}
Application is the reference of the application and its configuration.
This lives inside the main 'backd' application on _applications collection.
type Domain ¶
type Domain struct {
ID string `json:"_id" bson:"_id"`
Description string `json:"desc" bson:"desc"`
Type DomainType `json:"type" bson:"type"`
Config map[string]interface{} `json:"config,omitempty" bson:"config"`
Metadata `json:"meta" bson:"meta"`
}
Domain is a struct that describes the information related to a security domain
This information is stored on the `backd` application and defines the database that holds the information
type DomainType ¶
type DomainType string
DomainType defines the behavior to build a session
const ( // DomainTypeBackd when set the domain will use natively only the backd users/groups DomainTypeBackd DomainType = "b" // DomainTypeActiveDirectory when set the domain will inherit the groups from the users // on logon. So user membership will be updated from the ones received when the user // creates a session. DomainTypeActiveDirectory DomainType = "ad" )
type Function ¶
type Function struct {
ID string `json:"_id" bson:"_id"` // xid.ID
Name string `json:"name" bson:"name"` // function friendly name (regexp: ^[a-zA-Z0-9]{2,32}$)
API bool `json:"api" bson:"api"` // usable from functions API?
RunAs string `json:"run_as" bson:"run_as"` // domain and userID that will run the function
Code string `json:"code" bson:"code"` // source code
Metadata `json:"meta" bson:"meta"`
}
Function defines a function to be called from other places API, scheduler, etc
type Group ¶
type Group struct {
ID string `json:"_id" bson:"_id"` // (required - autogenerated)
Name string `json:"name,omitempty" bson:"name"` // (required) Name of the group
Description string `json:"desc,omitempty" bson:"desc"` // (optional) Description
Metadata `json:"meta" bson:"meta"`
}
Group is the struct that sets the `group` entity on the domain
for domains type `backd`:
- group
for domains type `active directory`:
- group can be a reference to an Active Directory group
if group is created with the same name that already exists
on the remote domain
type Membership ¶
type Membership struct {
ID primitive.ObjectID `json:"_id" bson:"_id"`
UserID string `json:"user_id" bson:"user_id"`
GroupID string `json:"group_id" bson:"group_id"`
}
Membership is the relation between users and groups
While users can have an array of groups or a group can have an array of users it can be degraded if grow Too relation but effective
type Metadata ¶
type Metadata struct {
CreatedBy string `json:"cby" bson:"cby" mapstructure:"cby"`
UpdatedBy string `json:"uby" bson:"uby" mapstructure:"uby"`
CreatedAt int64 `json:"cat" bson:"cat" mapstructure:"cat"`
UpdatedAt int64 `json:"uat" bson:"uat" mapstructure:"uat"`
}
Metadata is the struct that represents a metadata information of an struct
func (*Metadata) FromInterface ¶
FromInterface sets metadata value from a map using mapstructure
type RBAC ¶
type RBAC struct {
ID string `json:"_id" bson:"_id"`
DomainID string `json:"domain_id" bson:"domain_id"`
IdentityID string `json:"identity_id" bson:"identity_id"`
Collection string `json:"collection" bson:"collection"`
CollectionID string `json:"collection_id" bson:"collection_id"`
Permission string `json:"perm" bson:"perm"`
}
RBAC is the struct that defines how the role permissions are set on the db
type Relation ¶
type Relation struct {
ID string `json:"_id" bson:"_id"`
Source string `json:"src" bson:"src"`
SourceID string `json:"sid" bson:"sid"`
Destination string `json:"dst" bson:"dst"`
DestinationID string `json:"did" bson:"did"`
Relation string `json:"rel" bson:"rel"`
Metadata `json:"meta" bson:"meta"`
}
Relation is the representation of linked data on the DB.
type Session ¶
type Session struct {
ID string `json:"_id"`
DomainID string `json:"did"`
User User `json:"uid"`
ExpiresAt int64 `json:"eat"`
CreatedAt int64 `json:"cat"`
Groups []string `json:"g"`
}
Session is the struct that reflects the information of the user
currently logged into the domain
type SessionRequest ¶
type SessionRequest struct {
Username string `json:"username"`
Password string `json:"password"`
DomainID string `json:"domain"`
}
SessionRequest is the struct that defines how an user creates a session
on the auth service.
type SessionResponse ¶
SessionResponse is the struct that will be returned to the client
when a session has been established
type User ¶
type User struct {
ID string `json:"_id" bson:"_id"` // (required - autogenerated)
Username string `json:"username" bson:"username"` // (required) Username is the entity that will be used for logon. If email will be used as username then both must match
Name string `json:"name" bson:"name"` // (required) Name of the user (optional, gets filled from the authorizators that returns it)
Email string `json:"email" bson:"email"` // (required) Email of the user (the one used to notify by mail)
Description string `json:"desc,omitempty" bson:"desc"` // (optional) Description
Password string `json:"password,omitempty" bson:"-"` // (optional) Password is only used to get the initial password on user POST
GeneratedPassword string `json:"generated_password,omitempty" bson:"-"` // GeneratedPassword will be filled only when password creation was ramdom
PasswordKey []byte `json:"-" bson:"pk"` // PasswordKey can not be retrieved by using an API
PasswordSalt string `json:"-" bson:"ps"` // PasswordSalt can not be retrieved by using an API
Active bool `json:"active,omitempty" bson:"active"` // (required) Active defines when the user can interact with the APIs (some authorizations can leave it as active if the authentication system will allow or restrict the user)
Validated bool `json:"validated,omitempty" bson:"validated"` // (required) Validated shows if the user needs to make any action to active its email (and probably its account too)
Data map[string]interface{} `json:"data,omitempty" bson:"data,omitempty"` // (optional) Data is the arbitrary information that can be stored for the user
Groups []string `json:"groups,omitempty" bson:"-"` // Groups is a commodity to include all the groups on the session
Metadata `json:"meta" bson:"meta"`
}
User is the struct that sets the `user` entity on the domain
for domains type `backd`: - passwords are required, but if not set on creation it will return a random one - activate and validated must be take in account for domains type `active directory`: - passwords, active and validated are meaningless
func (*User) PasswordMatch ¶
PasswordMatch verifies if password match with the stored one
func (*User) SetPassword ¶
SetPassword sets the passwordy on the user struct
func (*User) SetRandomPassword ¶
SetRandomPassword creates a random password for the user
(16 alphanumeric characters)
Source Files
Click to show internal directories.
Click to hide internal directories.