local

package
v1.0.9 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Aug 12, 2020 License: Apache-2.0 Imports: 9 Imported by: 1

README

Local Backend

Configuration

Please refer to the assets/conf/local/config.json configuration file when configurin the plugin backend. In the example, the route refers to local backend in the file assets/backends/local/users.json. Specify the path to the file where you want your database to reside. Do not create a file, but rather create leading directories.

For example, create /etc/caddy/auth/local directory and specify the path value as:

"path": "/etc/caddy/auth/local/users.json",

Next, start the server, and find the following following log entries:

{"level":"info","ts":1588704471.5784082,"logger":"http.authentication.providers.portal","msg":"created new user","user_id":"cd5f647a-cc04-4ae2-9d0a-2d5e9b95cf98","user_name":"webadmin","user_email":"webadmin@localdomain.local","user_claims":{"roles":"superadmin"}}
{"level":"info","ts":1588704471.5784378,"logger":"http.authentication.providers.portal","msg":"created default superadmin user for the database","user_name":"webadmin","user_secret":"d87e7749-0dd8-482b-91a2-ada370263293"}

Identity Store

The user_name and user_secret are password for the superuser in the database.

The plugin creates the following a file having the following structure.

{
  "revision": 1,
  "users": [
    {
      "id": "cd5f647a-cc04-4ae2-9d0a-2d5e9b95cf98",
      "username": "webadmin",
      "email_addresses": [
        {
          "address": "webadmin@localdomain.local",
          "domain": "localdomain.local"
        }
      ],
      "passwords": [
        {
          "purpose": "generic",
          "type": "bcrypt",
          "hash": "$2a$10$B67nHY0PEdxLYdyoLk1YLOomvs.T/dSIyzPuoX9vWULrsD3PRf/sq",
          "cost": 10,
          "expired_at": "0001-01-01T00:00:00Z",
          "created_at": "2020-05-05T18:47:51.513552501Z",
          "disabled_at": "0001-01-01T00:00:00Z"
        }
      ],
      "created": "2020-05-05T18:47:51.513552066Z",
      "last_modified": "2020-05-05T18:47:51.513552175Z",
      "roles": [
        {
          "name": "superadmin"
        }
      ]
    }
  ]
}

Finally, browse to /auth and login with the username and password:

Password Management

An administrator may change the password directly in /etc/caddy/auth/local/users.json file.

First, download bcrypt-cli:

go get -u github.com/bitnami/bcrypt-cli

Then, use it to generate a new password:

$ echo -n "password123" | bcrypt-cli -c 10
$2a$10$OVnOaHDkcOXfbUZPFh5qt.yJqUt6pl9uJaqEMxxM.vS5fY/cZNmsq

Finally, replace the newly generated password is user database file.

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Authenticator

type Authenticator struct {
	// contains filtered or unexported fields
}

Authenticator represents database connector.

func NewAuthenticator

func NewAuthenticator() *Authenticator

NewAuthenticator returns an instance of Authenticator.

func (*Authenticator) AuthenticateUser

func (sa *Authenticator) AuthenticateUser(userInput, password string) (*jwt.UserClaims, int, error)

AuthenticateUser checks the database for the presence of a username/email and password and returns user claims.

func (*Authenticator) Configure

func (sa *Authenticator) Configure() error

Configure check database connectivity and required tables.

func (*Authenticator) CreateUser

func (sa *Authenticator) CreateUser(userName, userPwd, userEmail string, userClaims map[string]interface{}) error

CreateUser creates a user in a database

func (*Authenticator) SetPath

func (sa *Authenticator) SetPath(s string)

SetPath sets database path.

type Backend

type Backend struct {
	Realm         string                   `json:"realm,omitempty"`
	Path          string                   `json:"path,omitempty"`
	TokenProvider *jwt.TokenProviderConfig `json:"jwt,omitempty"`
	Authenticator *Authenticator           `json:"-"`
	// contains filtered or unexported fields
}

Backend represents authentication provider with SQLite backend.

func NewDatabaseBackend

func NewDatabaseBackend() *Backend

NewDatabaseBackend return an instance of authentication provider with SQLite backend.

func (*Backend) Authenticate

func (b *Backend) Authenticate(reqID string, kv map[string]string) (*jwt.UserClaims, int, error)

Authenticate performs authentication.

func (*Backend) ConfigureAuthenticator

func (b *Backend) ConfigureAuthenticator() error

ConfigureAuthenticator configures backend for .

func (*Backend) ConfigureLogger

func (b *Backend) ConfigureLogger(logger *zap.Logger) error

ConfigureLogger configures backend with the same logger as its user.

func (*Backend) ConfigureTokenProvider

func (b *Backend) ConfigureTokenProvider(upstream *jwt.TokenProviderConfig) error

ConfigureTokenProvider configures TokenProvider.

func (*Backend) GetRealm

func (b *Backend) GetRealm() string

GetRealm return authentication realm.

func (*Backend) Validate

func (b *Backend) Validate() error

Validate checks whether Backend is functional.

func (*Backend) ValidateConfig

func (b *Backend) ValidateConfig() error

ValidateConfig checks whether Backend has mandatory configuration.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL