user

package

v0.0.0-...-16952c6 Latest Latest Go to latest Published: Nov 9, 2024 License: AGPL-3.0 Imports: 10 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/grokloc/grokloc-apiserver

Links

Open Source Insights

Documentation ¶

Overview ¶

Package user contains package methods for user support.

Index ¶

Constants
type CreateEvent
- func NewCreateEvent(argon2Config *argon2.Config) (*CreateEvent, error)
- func (ev *CreateEvent) UnmarshalJSON(bs []byte) error
type UpdateAPISecretEvent
type UpdateDisplayNameEvent
type UpdatePasswordEvent
type UpdateStatusEvent
type User

Constants ¶

View Source

const SchemaVersion = 0

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type CreateEvent ¶

type CreateEvent struct {
	DisplayName safe.VarChar  `json:"display_name"`
	Email       safe.VarChar  `json:"email"`
	Org         models.ID     `json:"org"`
	Password    safe.Password `json:"password"`
	// contains filtered or unexported fields
}

func NewCreateEvent ¶

func NewCreateEvent(argon2Config *argon2.Config) (*CreateEvent, error)

func (*CreateEvent) UnmarshalJSON ¶

func (ev *CreateEvent) UnmarshalJSON(bs []byte) error

UnmarshalJSON assumes Password is cleartext and hashes it with argon2. This minimizes the window to access the cleartext password accidentally.

type UpdateAPISecretEvent ¶

type UpdateAPISecretEvent struct {
	GenerateAPISecret bool `json:"generate_api_secret"`
}

type UpdateDisplayNameEvent ¶

type UpdateDisplayNameEvent struct {
	DisplayName safe.VarChar `json:"display_name"`
}

type UpdatePasswordEvent ¶

type UpdatePasswordEvent struct {
	Password safe.Password `json:"password"`
}

type UpdateStatusEvent ¶

type UpdateStatusEvent struct {
	Status models.Status `json:"status"`
}

type User ¶

type User struct {
	models.Base
	// APISecret may be in both encrypted and decrypted states
	// so it is set as safe.VarChar, although it will be forged
	// from a models.ID instance.
	APISecret         safe.VarChar  `json:"api_secret"`
	APISecretDigest   string        `json:"api_secret_digest"`
	DisplayName       safe.VarChar  `json:"display_name"`
	DisplayNameDigest string        `json:"display_name_digest"`
	Email             safe.VarChar  `json:"email"`
	EmailDigest       string        `json:"email_digest"`
	Org               models.ID     `json:"org"`
	Password          safe.Password `json:"-"` // assumed derived
	KeyVersion        uuid.UUID     `json:"-"`
	// contains filtered or unexported fields
}

User models a row of the users table.

func Create ¶

func Create(
	ctx context.Context,
	conn *pgx.Conn,
	displayName safe.VarChar,
	email safe.VarChar,
	org models.ID,
	password safe.Password,
	versionKey *security.VersionKey,
) (*User, error)

Create inserts a new org and org owner into the db. Performs validation.

func New ¶

func New(
	displayName safe.VarChar,
	email safe.VarChar,
	org models.ID,
	password safe.Password,
) (*User, error)

New returns a new unencrypted User. Org is not validated. Use Create for validation.

func Read ¶

func Read(
	ctx context.Context,
	conn *pgx.Conn,
	versionKey *security.VersionKey,
	id models.ID,
) (*User, error)

func (*User) Decrypt ¶

func (u *User) Decrypt(versionKey *security.VersionKey) error

Decrypt resets APISecret, DisplayName, Email to their decrypted forms.

func (*User) Encrypt ¶

func (u *User) Encrypt(key []byte, keyVersion uuid.UUID) error

Encrypt resets APISecret, DisplayName, Email to their encrypted forms.

func (*User) GetID ¶

func (u *User) GetID() models.ID

GetID implements models.WithID.

func (*User) GetOrg ¶

func (u *User) GetOrg() models.ID

GetOrg implements models.WithOrg.

func (*User) GetUser ¶

func (u *User) GetUser() models.ID

GetUser implements models.WithUser.

func (User) Insert ¶

func (u User) Insert(
	ctx context.Context,
	conn *pgx.Conn,
	keyVersion uuid.UUID,
	key []byte,
) error

Insert a User into the db. Mutations to u in this method will not impact caller.

func (*User) ReEncrypt ¶

func (u *User) ReEncrypt(ctx context.Context,
	conn *pgx.Conn,
	keyVersion uuid.UUID,
	versionKey *security.VersionKey,
) error

ReEncrypt re-encrypts all encryptable fields with the new key. Assumes User is already in the db; updates the relevant fields.

The digests remain the same as they are the digests of the unencrypted fields.

func (*User) Refresh ¶

func (u *User) Refresh(ctx context.Context,
	conn *pgx.Conn,
	versionKey *security.VersionKey,
) error

Refresh will re-initialize data fields after an update, typically inside the same txn that performed the update.

func (*User) UpdateAPISecret ¶

func (u *User) UpdateAPISecret(ctx context.Context,
	conn *pgx.Conn,
	versionKey *security.VersionKey,
) error

UpdateAPISecret generates a new API secret on behalf of the user.

func (*User) UpdateDisplayName ¶

func (u *User) UpdateDisplayName(ctx context.Context,
	conn *pgx.Conn,
	versionKey *security.VersionKey,
	newDisplayName safe.VarChar,
) error

UpdateDisplayName changes the user display name and display name digest.

func (*User) UpdatePassword ¶

func (u *User) UpdatePassword(ctx context.Context,
	conn *pgx.Conn,
	versionKey *security.VersionKey,
	newPassword safe.Password,
) error

UpdatePassword changes the user password. Assumes password is already derived.

func (*User) UpdateStatus ¶

func (u *User) UpdateStatus(ctx context.Context,
	conn *pgx.Conn,
	versionKey *security.VersionKey,
	newStatus models.Status,
) error

UpdateStatus changes the user status.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL