Documentation
¶
Index ¶
- Constants
- Variables
- func ClientStreamInterceptor(token string) ...
- func ClientUnaryInterceptor(token string) ...
- func ComparePasswords(hashedPassword []byte, plainPassword []byte) error
- func DecodeBase64Password(passwordBase64 string) (string, error)
- func DropTokenKeys(username string) bool
- func DropTokenKeysForCtx(ctx context.Context) (bool, error)
- func GenerateToken(user User, database int64, expTime int) (string, error)
- func HasPermissionForMethod(userPermission uint32, method string) bool
- func HashAndSaltPassword(plainPassword []byte) ([]byte, error)
- func IsMaintenanceMethod(method string) bool
- func IsStrongPassword(password string) error
- func NewStringUUID() string
- func NewUUID() xid.ID
- func ServerStreamInterceptor(srv interface{}, ss grpc.ServerStream, info *grpc.StreamServerInfo, ...) error
- func ServerUnaryInterceptor(ctx context.Context, req interface{}, info *grpc.UnaryServerInfo, ...) (interface{}, error)
- type AuthType
- type JSONToken
- type Kind
- type Permission
- type TokenAuthStruct
- type User
- func (u *User) ComparePasswords(plainPassword []byte) error
- func (u *User) GrantPermission(database string, permission uint32) bool
- func (u *User) HasAtLeastOnePermission(permission uint32) bool
- func (u *User) HasPermission(database string, permission uint32) bool
- func (u *User) RevokePermission(database string) bool
- func (u *User) SetPassword(plainPassword []byte) ([]byte, error)
- func (u *User) WhichPermission(database string) uint32
Constants ¶
const ( PermissionNone = iota PermissionR PermissionRW )
Non-admin permissions
const PermissionAdmin = 254
PermissionAdmin the system admin permission byte
const PermissionSysAdmin = 255
PermissionSysAdmin the admin permission byte
Variables ¶
var AuthEnabled bool
AuthEnabled toggles authentication on or off
var DevMode bool
DevMode if set to true, remote client commands (except admin ones) will be accepted even if auth is off
var ErrNoAuthData = errors.New("no authentication data provided").WithCode(errors.CodProtocolViolation)
var ErrNotLoggedIn = errors.New("not logged in").WithCode(errors.CodInvalidAuthorizationSpecification)
var IsTampered bool
IsTampered if set to true then one of the databases is tempered and the user is notified
var IsValidUsername = regexp.MustCompile(`^[a-zA-Z0-9_]+$`).MatchString
IsValidUsername is a regexp function used to check username requirements
var PasswordRequirementsMsg = fmt.Sprintf(
"password must have between %d and %d letters, digits and special characters "+
"of which at least 1 uppercase letter, 1 digit and 1 special character",
minPasswordLen,
maxPasswordLen,
)
PasswordRequirementsMsg message used to inform the user about password strength requirements
var SysAdminPassword = SysAdminUsername
SysAdminPassword the admin password (can be default or from command flags, config or env var)
var SysAdminUsername = "immudb"
SysAdminUsername the system admin username
var UpdateMetrics func(context.Context)
UpdateMetrics callback which will be called to update metrics
var WarnDefaultAdminPassword = "immudb user has the default password: please change it to ensure proper security"
WarnDefaultAdminPassword warning user message for the case when admin uses the default password
Functions ¶
func ClientStreamInterceptor ¶
func ClientStreamInterceptor(token string) func(context.Context, *grpc.StreamDesc, *grpc.ClientConn, string, grpc.Streamer, ...grpc.CallOption) (grpc.ClientStream, error)
ClientStreamInterceptor gRPC client interceptor for streams
func ClientUnaryInterceptor ¶
func ClientUnaryInterceptor(token string) func(context.Context, string, interface{}, interface{}, *grpc.ClientConn, grpc.UnaryInvoker, ...grpc.CallOption) error
ClientUnaryInterceptor gRPC client interceptor for unary methods
func ComparePasswords ¶
ComparePasswords compares the provided plainPassword against the provided hashed password
func DecodeBase64Password ¶ added in v0.6.2
DecodeBase64Password decodes the provided base64-encoded password if it has the "enc:" prefix or returns it with leading and trailing space trimmed otherwise
func DropTokenKeys ¶
DropTokenKeys removes the token keys from the cache, hence invalidating any token that was generated with those keys
func DropTokenKeysForCtx ¶ added in v0.6.1
DropTokenKeysForCtx removes the token keys from the cache for the username of the token that resides in the provided context
func GenerateToken ¶
GenerateToken ...
func HasPermissionForMethod ¶
HasPermissionForMethod checks if userPermission can access method name
func HashAndSaltPassword ¶
HashAndSaltPassword hashes and salts the provided password
func IsMaintenanceMethod ¶ added in v1.0.5
func IsStrongPassword ¶
IsStrongPassword checks if the provided password meets the strength requirements
func NewStringUUID ¶ added in v0.7.0
func NewStringUUID() string
NewStringUUID generate uuid and return as string
func ServerStreamInterceptor ¶
func ServerStreamInterceptor(srv interface{}, ss grpc.ServerStream, info *grpc.StreamServerInfo, handler grpc.StreamHandler) error
ServerStreamInterceptor gRPC server interceptor for streams
func ServerUnaryInterceptor ¶
func ServerUnaryInterceptor(ctx context.Context, req interface{}, info *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (interface{}, error)
ServerUnaryInterceptor gRPC server interceptor for unary methods
Types ¶
type Permission ¶ added in v0.7.0
type Permission struct {
Permission uint32 `json:"permission"` //permission of type auth.PermissionW
Database string `json:"database"` //databases the user has access to
}
Permission per database
type TokenAuthStruct ¶ added in v1.2.0
type TokenAuthStruct struct {
Token string
}
TokenAuthStruct authentication token data structure
func (TokenAuthStruct) GetRequestMetadata ¶ added in v1.2.0
func (t TokenAuthStruct) GetRequestMetadata(ctx context.Context, in ...string) (map[string]string, error)
GetRequestMetadata callback which returns the Bearer token to be set in request metadata
func (TokenAuthStruct) RequireTransportSecurity ¶ added in v1.2.0
func (TokenAuthStruct) RequireTransportSecurity() bool
RequireTransportSecurity callback which returns whether TLS is mandatory or not
type User ¶
type User struct {
Username string `json:"username"`
HashedPassword []byte `json:"hashedpassword"`
Permissions []Permission `json:"permissions"`
Active bool `json:"active"`
IsSysAdmin bool `json:"-"` //for the sysadmin we'll use this instead of adding all db and permissions to Permissions, to save some cpu cycles
CreatedBy string `json:"createdBy"` //user which created this user
CreatedAt time.Time `json:"createdat"` //time in which this user is created/updated
}
User ...
func (*User) ComparePasswords ¶
ComparePasswords ...
func (*User) GrantPermission ¶ added in v0.7.0
GrantPermission add permission to database
func (*User) HasAtLeastOnePermission ¶ added in v0.7.0
HasAtLeastOnePermission checks if user has this permission for at least one database
func (*User) HasPermission ¶ added in v0.7.0
HasPermission checks if user has such permission for this database
func (*User) RevokePermission ¶ added in v0.7.0
RevokePermission revoke database permission from user
func (*User) SetPassword ¶
SetPassword Hashes and salts the password and assigns it to hashedPassword of User
func (*User) WhichPermission ¶ added in v0.7.0
WhichPermission returns the permission that this user has on this database
Source Files