auth

package
v4.3.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 11, 2024 License: Apache-2.0 Imports: 17 Imported by: 0

Documentation

Overview

Package auth provides authentication and authorization for the server.

Index

Constants

View Source
const (
	RoleAdmin      = "_admin"
	RoleReader     = "_reader"
	RoleWriter     = "_writer"
	RoleReplicator = "_replicator"
	RoleDBUpdates  = "_db_updates"
	RoleDesign     = "_design"
)

CouchDB system roles.

Variables

This section is empty.

Functions

func CreateAuthToken

func CreateAuthToken(name, salt, secret string, time int64) string

CreateAuthToken hashes a username, salt, timestamp, and the server secret into an authentication token.

func DecodeCookie

func DecodeCookie(cookie string) (name string, created int64, err error)

DecodeCookie decodes a Base64-encoded cookie, and returns its component parts.

Types

type AuthenticateFunc

type AuthenticateFunc func(http.ResponseWriter, *http.Request) (*UserContext, error)

AuthenticateFunc authenticates the HTTP request. On success, a user context must be returned. Any error will immediately terminate the authentication process, returning an error to the client. In particular, this means that an "unauthorized" error must not be returned if fallthrough is intended. If a response is sent, execution does not continue. This allows handlers to expose their own API endpoints (for example, the default cookie auth handler adds POST /_session and DELETE /_session handlers).

type Handler

type Handler interface {
	// Init should return the name of the authentication method, and an
	// authentication function. It is only called once on server startup.
	Init(Server) (string, AuthenticateFunc)
}

Handler is an auth handler.

func BasicAuth

func BasicAuth() Handler

BasicAuth returns a basic auth handler.

func CookieAuth

func CookieAuth(secret string, sessionTimeout time.Duration) Handler

CookieAuth returns a cookie auth handler.

type MemoryUserStore

type MemoryUserStore struct {
	// contains filtered or unexported fields
}

MemoryUserStore is a simple in-memory user store.

func NewMemoryUserStore

func NewMemoryUserStore() *MemoryUserStore

NewMemoryUserStore returns a new MemoryUserStore.

func (*MemoryUserStore) AddUser

func (s *MemoryUserStore) AddUser(username, password string, roles []string) error

AddUser adds a user to the store. It returns an error if the user already exists.

func (*MemoryUserStore) DeleteUser

func (s *MemoryUserStore) DeleteUser(username string)

DeleteUser deletes a user from the store.

func (*MemoryUserStore) UserCtx

func (s *MemoryUserStore) UserCtx(_ context.Context, username string) (*UserContext, error)

UserCtx returns a user context object if the user exists.

func (*MemoryUserStore) Validate

func (s *MemoryUserStore) Validate(_ context.Context, username, password string) (*UserContext, error)

Validate returns a user context object if the credentials are valid.

type Server

type Server interface {
	UserStore() UserStore
	Bind(*http.Request, interface{}) error
}

Server is the interface for the server which exposes capabilities needed by auth handlers.

type UserContext

type UserContext struct {
	Database string   `json:"db,omitempty"`
	Name     string   `json:"name"`
	Roles    []string `json:"roles"`
	// Salt is needed to calculate cookie tokens.
	Salt string `json:"-"`
}

UserContext represents a CouchDB UserContext object.

func (*UserContext) HasRole

func (c *UserContext) HasRole(role string) bool

HasRole returns true if the user has the specified role.

type UserStore

type UserStore interface {
	// Validate returns a user context object if the credentials are valid. An
	// error must be returned otherwise. A Not-Found error will continue to the
	// next user store, while any other error will terminate the auth process.
	Validate(ctx context.Context, username, password string) (user *UserContext, err error)
	// UserCtx returns a user context object if the user exists. It is used by
	// AuthHandlers that don't validate the password (e.g. Cookie auth). If the
	// user does not exist, a Not-Found error will be returned.
	UserCtx(ctx context.Context, username string) (user *UserContext, err error)
}

A UserStore provides an AuthHandler with access to a user store for.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL