Documentation
¶
Index ¶
- Constants
- type AccessControlV1
- type Common
- type Config
- type ErrDuplicateAccessControlPath
- type ErrInvalidPermissions
- type ErrInvalidVersion
- type ErrUndefinedUsername
- type V1
- func (c *V1) Authenticate(ctx context.Context, username, cleartextPassword string) bool
- func (c *V1) Encode(w io.Writer, prettify bool) error
- func (c *V1) EnsureInit() error
- func (c *V1) GetPermissions(path string, username *string) (read, list bool, possibleRead, possibleList bool, realm string, err error)
- func (c *V1) Validate() error
- func (c *V1) Version() Version
- type Version
Constants ¶
const ( // VersionUnknown defines an unknown config version. VersionUnknown = iota // Version1 is version 1. Version1 )
const ( // VersionUnknownStr is the string representation of VUnknown. VersionUnknownStr string = "unknown" // Version1Str is the string representation of Version1. Version1Str string = "v1" )
const ( // PermRead is the read permission. PermRead = "read" // PermList is the list permission. PermList = "list" // PermReadAndList allows both read and list. PermReadAndList = "read,list" )
const DefaultConfigFilename = ".kbp_config"
DefaultConfigFilename is the default filename for Keybase Pages config file.
const DefaultConfigFilepath = "/.kbp_config"
DefaultConfigFilepath is the default path for Keybase Pages config file under the site root, and is what's used in kbpagesd.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AccessControlV1 ¶
type AccessControlV1 struct {
// WhitelistAdditionalPermissions is a map of username -> permissions that
// defines a list of additional permissions that authenticated users have
// in addition to AnonymousPermissions.
WhitelistAdditionalPermissions map[string]string `json:"whitelist_additional_permissions"`
// AnonymousPermissions is the permissions for
// unauthenticated/anonymous requests.
AnonymousPermissions string `json:"anonymous_permissions"`
}
AccessControlV1 defines an access control list (ACL) for the V1 config.
type Common ¶
type Common struct {
// Version specifies the version of the config.
Version string `json:"version"`
}
Common includes common fields that should appear in all versions of configs.
type Config ¶
type Config interface {
Version() Version
Authenticate(ctx context.Context, username, password string) bool
// GetPermissions returns permission info. If username is nil, anonymous
// permissions are returned. Otherwise, permissions for *username is
// returned. Additionally, "maximum possible permissions" are returned,
// which indicates whether a permission (read or list) is possible to be
// granted on the path if proper authentication is provided.
GetPermissions(path string, username *string) (
read, list bool,
possibleRead, possibleList bool,
realm string, err error)
Encode(w io.Writer, prettify bool) error
}
Config is a collection of methods for getting different configuration parameters.
type ErrDuplicateAccessControlPath ¶
type ErrDuplicateAccessControlPath struct {
// contains filtered or unexported fields
}
ErrDuplicateAccessControlPath is returned when multiple ACLs are defined for the same path in config.
func (ErrDuplicateAccessControlPath) Error ¶
func (e ErrDuplicateAccessControlPath) Error() string
Error implements the error interface.
type ErrInvalidPermissions ¶
type ErrInvalidPermissions struct {
// contains filtered or unexported fields
}
ErrInvalidPermissions is returned when an invalid permissions string appears in the config.
func (ErrInvalidPermissions) Error ¶
func (e ErrInvalidPermissions) Error() string
Error implements the error interface.
type ErrInvalidVersion ¶
type ErrInvalidVersion struct {
// contains filtered or unexported fields
}
ErrInvalidVersion is returned when Version field of the config is invalid.
func (ErrInvalidVersion) Error ¶
func (e ErrInvalidVersion) Error() string
Error implements the error interface.
type ErrUndefinedUsername ¶
type ErrUndefinedUsername struct {
// contains filtered or unexported fields
}
ErrUndefinedUsername is returned when a username appears in a ACL but it's not defined in the config's Users section.
func (ErrUndefinedUsername) Error ¶
func (e ErrUndefinedUsername) Error() string
Error implements the error interface.
type V1 ¶
type V1 struct {
Common
// Users is a [username -> bcrypt-hashed password] map that defines how
// users should be authenticated.
Users map[string]string `json:"users"`
// ACLs is a path -> AccessControlV1 map that defines ACLs for different
// paths.
ACLs map[string]AccessControlV1 `json:"acls"`
// contains filtered or unexported fields
}
V1 defines a V1 config. Public fields are accessible by `json` encoders and decoder.
On first call to GetPermission* methods, it initializes an internal ACL checker. If the object is constructed from ParseConfig, its internal ACL checker is initialized automatically. Any changes to the ACL fields afterwards have no effect.
func DefaultV1 ¶
func DefaultV1() *V1
DefaultV1 returns a default V1 config, which allows anonymous read to everything.
func (*V1) Authenticate ¶
Authenticate implements the Config interface.
func (*V1) EnsureInit ¶
EnsureInit initializes c, and returns any error encountered during the initialization. It is not necessary to call EnsureInit. Methods that need it does it automatically.
func (*V1) GetPermissions ¶
func (c *V1) GetPermissions(path string, username *string) ( read, list bool, possibleRead, possibleList bool, realm string, err error)
GetPermissions implements the Config interface.
func (*V1) Validate ¶
Validate checks all public fields of c, and returns an error if any of them is invalid, or a nil-error if they are all valid.
Although changes to ACL fields have no effect to ACL checkings once the internal ACL checker is intialized (see comment on V1), this method still checks the updated ACL feilds. So it's OK to use Validate directly on a *V1 that has been modified since it was initialized.
As a result, unlike other methods on the type, this method is not goroutine safe against changes to the public fields.
Source Files