token

package
v0.38.0-rc0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 28, 2024 License: Apache-2.0 Imports: 14 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var AuthZProvider authz.AuthZProviderType[TokenAuthZ]

AuthZProvider is the authz registry for `token` package.

Functions

func CreateAccessToken 

func CreateAccessToken(
	ctx context.Context,
	userID model.UserID,
	opts ...AccessTokenOption,
) (string, model.TokenID, error)

CreateAccessToken creates a new access token and store in user_sessions db.

func GetUserIDFromTokenID 

func GetUserIDFromTokenID(ctx context.Context, tokenID int32) (*model.UserID, error)

GetUserIDFromTokenID retrieves the userID associated with the provided tokenID.

func UpdateAccessToken 

func UpdateAccessToken(
	ctx context.Context, tokenID model.TokenID, options AccessTokenUpdateOptions,
) (*model.UserSession, error)

UpdateAccessToken updates the description and revocation status of the access token.

Types

type AccessTokenOption 

type AccessTokenOption func(f *model.UserSession)

AccessTokenOption modifies a model.UserSession to apply optional settings to the AccessToken object.

func WithTokenDescription 

func WithTokenDescription(description string) AccessTokenOption

WithTokenDescription function will add specified description (if any) to the access token table.

func WithTokenExpiry 

func WithTokenExpiry(expiry *time.Duration) AccessTokenOption

WithTokenExpiry adds specified expiresAt (if any) to the access token table.

type AccessTokenUpdateOptions 

type AccessTokenUpdateOptions struct {
	Description *string
	SetRevoked  bool
}

AccessTokenUpdateOptions is the set of mutable fields for an Access Token record.

type TokenAuthZ 

type TokenAuthZ interface {
	// POST /api/v1/users/:user_id/token
	CanCreateAccessToken(ctx context.Context, curUser, targetUser model.User) error
	// GET /api/v1/user/tokens
	CanGetAccessTokens(ctx context.Context, curUser model.User, query *bun.SelectQuery,
		targetUserID *model.UserID) (*bun.SelectQuery, error)
	// PATCH /api/v1/users/token/:token_id
	CanUpdateAccessToken(ctx context.Context, curUser model.User, targetTokenUserID model.UserID) error
}

TokenAuthZ describes authz methods for `accesstoken` package.

type TokenAuthZBasic 

type TokenAuthZBasic struct{}

TokenAuthZBasic is basic OSS controls.

func (*TokenAuthZBasic) CanCreateAccessToken 

func (a *TokenAuthZBasic) CanCreateAccessToken(
	ctx context.Context, curUser, targetUser model.User,
) error

CanCreateAccessToken returns an error if the user is not an admin.

func (*TokenAuthZBasic) CanGetAccessTokens 

func (a *TokenAuthZBasic) CanGetAccessTokens(
	ctx context.Context, curUser model.User, query *bun.SelectQuery, targetUserID *model.UserID,
) (selectQuery *bun.SelectQuery, err error)

CanGetAccessTokens returns an error if the user does not have permission to view own or another user's token based on own role.

func (*TokenAuthZBasic) CanUpdateAccessToken 

func (a *TokenAuthZBasic) CanUpdateAccessToken(
	ctx context.Context,
	curUser model.User,
	targetTokenUserID model.UserID,
) error

CanUpdateAccessToken returns an error if the user is not an admin when attempting to update another user's token; otherwise, it returns nil.

type TokenAuthZPermissive 

type TokenAuthZPermissive struct{}

TokenAuthZPermissive is an authz provider that calls RBAC for side effects.

func (*TokenAuthZPermissive) CanCreateAccessToken 

func (p *TokenAuthZPermissive) CanCreateAccessToken(
	ctx context.Context, curUser, targetUser model.User,
) error

CanCreateAccessToken calls RBAC authz but enforces basic authz.

func (*TokenAuthZPermissive) CanGetAccessTokens 

func (p *TokenAuthZPermissive) CanGetAccessTokens(
	ctx context.Context, curUser model.User, query *bun.SelectQuery, targetUserID *model.UserID,
) (*bun.SelectQuery, error)

CanGetAccessTokens calls RBAC authz but enforces basic authz.

func (*TokenAuthZPermissive) CanUpdateAccessToken 

func (p *TokenAuthZPermissive) CanUpdateAccessToken(
	ctx context.Context,
	curUser model.User,
	targetTokenUserID model.UserID,
) error

CanUpdateAccessToken calls RBAC authz but enforces basic authz.

type TokenAuthZRBAC 

type TokenAuthZRBAC struct{}

TokenAuthZRBAC is the RBAC implementation of user authorization.

func (*TokenAuthZRBAC) CanCreateAccessToken 

func (a *TokenAuthZRBAC) CanCreateAccessToken(
	ctx context.Context, curUser, targetUser model.User,
) (err error)

CanCreateAccessToken returns an error if the user does not have permission to create either their own token or another user's token based on the targetUser.

func (*TokenAuthZRBAC) CanGetAccessTokens 

func (a *TokenAuthZRBAC) CanGetAccessTokens(
	ctx context.Context, curUser model.User, query *bun.SelectQuery, targetUserID *model.UserID,
) (selectQuery *bun.SelectQuery, err error)

CanGetAccessTokens returns an error if the user does not have permission to view own or another user's token based on own role permissions.

func (*TokenAuthZRBAC) CanUpdateAccessToken 

func (a *TokenAuthZRBAC) CanUpdateAccessToken(
	ctx context.Context,
	curUser model.User,
	targetTokenUserID model.UserID,
) (err error)

CanUpdateAccessToken returns an error if the user does not have permission to update either their own token or another user's token based on the targetTokenUserID.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.