Documentation ¶
Index ¶
- Variables
- type Claims
- type Flag
- type JWTValidator
- type Validator
- type ValidatorFunc
- func ValidateActiveUser() ValidatorFunc
- func ValidateApplicationAccess(applicationID int64, flag Flag) ValidatorFunc
- func ValidateApplicationUserAccess(applicationID, userID int64, flag Flag) ValidatorFunc
- func ValidateApplicationUsersAccess(applicationID int64, flag Flag) ValidatorFunc
- func ValidateApplicationsAccess(flag Flag, organizationID int64) ValidatorFunc
- func ValidateDeviceProfileAccess(flag Flag, id uuid.UUID) ValidatorFunc
- func ValidateDeviceProfilesAccess(flag Flag, organizationID, applicationID int64) ValidatorFunc
- func ValidateDeviceQueueAccess(devEUI lorawan.EUI64, flag Flag) ValidatorFunc
- func ValidateGatewayAccess(flag Flag, mac lorawan.EUI64) ValidatorFunc
- func ValidateGatewayProfileAccess(flag Flag) ValidatorFunc
- func ValidateGatewaysAccess(flag Flag, organizationID int64) ValidatorFunc
- func ValidateIsApplicationAdmin(applicationID int64) ValidatorFunc
- func ValidateIsOrganizationAdmin(organizationID int64) ValidatorFunc
- func ValidateMulticastGroupAccess(flag Flag, multicastGroupID uuid.UUID) ValidatorFunc
- func ValidateMulticastGroupQueueAccess(flag Flag, multicastGroupID uuid.UUID) ValidatorFunc
- func ValidateMulticastGroupsAccess(flag Flag, organizationID int64) ValidatorFunc
- func ValidateNetworkServerAccess(flag Flag, id int64) ValidatorFunc
- func ValidateNetworkServersAccess(flag Flag, organizationID int64) ValidatorFunc
- func ValidateNodeAccess(devEUI lorawan.EUI64, flag Flag) ValidatorFunc
- func ValidateNodesAccess(applicationID int64, flag Flag) ValidatorFunc
- func ValidateOrganizationAccess(flag Flag, id int64) ValidatorFunc
- func ValidateOrganizationNetworkServerAccess(flag Flag, organizationID, networkServerID int64) ValidatorFunc
- func ValidateOrganizationUserAccess(flag Flag, organizationID, userID int64) ValidatorFunc
- func ValidateOrganizationUsersAccess(flag Flag, id int64) ValidatorFunc
- func ValidateOrganizationsAccess(flag Flag) ValidatorFunc
- func ValidateServiceProfileAccess(flag Flag, id uuid.UUID) ValidatorFunc
- func ValidateServiceProfilesAccess(flag Flag, organizationID int64) ValidatorFunc
- func ValidateUserAccess(userID int64, flag Flag) ValidatorFunc
- func ValidateUsersAccess(flag Flag) ValidatorFunc
Constants ¶
This section is empty.
Variables ¶
var ( ErrNoMetadataInContext = errors.New("no metadata in context") ErrNoAuthorizationInMetadata = errors.New("no authorization-data in metadata") ErrInvalidAlgorithm = errors.New("invalid algorithm") ErrInvalidToken = errors.New("invalid token") ErrNotAuthorized = errors.New("not authorized") )
errors
var DisableAssignExistingUsers = false
DisableAssignExistingUsers controls if existing users can be assigned to an organization or application. When set to false (default), organization admin users are able to list all users, which might depending on the context of the setup be a privacy issue.
Functions ¶
This section is empty.
Types ¶
type Claims ¶
type Claims struct { jwt.StandardClaims // Username defines the identity of the user. Username string `json:"username"` }
Claims defines the struct containing the token claims.
type JWTValidator ¶
type JWTValidator struct {
// contains filtered or unexported fields
}
JWTValidator validates JWT tokens.
func NewJWTValidator ¶
func NewJWTValidator(db sqlx.Ext, algorithm, secret string) *JWTValidator
NewJWTValidator creates a new JWTValidator.
func (JWTValidator) GetIsAdmin ¶
func (v JWTValidator) GetIsAdmin(ctx context.Context) (bool, error)
GetIsAdmin returns if the authenticated user is a global amin.
func (JWTValidator) GetUsername ¶
func (v JWTValidator) GetUsername(ctx context.Context) (string, error)
GetUsername returns the username of the authenticated user.
func (JWTValidator) Validate ¶
func (v JWTValidator) Validate(ctx context.Context, funcs ...ValidatorFunc) error
Validate validates the token from the given context against the given validator funcs.
type Validator ¶
type Validator interface { // Validate validates the given set of validators against the given context. // Must return after the first validator function either returns true or // and error. The way how the validation must be seens is: // if validatorFunc1 || validatorFunc2 || validatorFunc3 ... // In case multiple validators must validate to true, then a validator // func needs to be implemented which validates a given set of funcs as: // if validatorFunc1 && validatorFunc2 && ValidatorFunc3 ... Validate(context.Context, ...ValidatorFunc) error // GetUsername returns the name of the authenticated user. GetUsername(context.Context) (string, error) // GetIsAdmin returns if the authenticated user is a global admin. GetIsAdmin(context.Context) (bool, error) }
Validator defines the interface a validator needs to implement.
type ValidatorFunc ¶
ValidatorFunc defines the signature of a claim validator function. It returns a bool indicating if the validation passed or failed and an error in case an error occured (e.g. db connectivity).
func ValidateActiveUser ¶
func ValidateActiveUser() ValidatorFunc
ValidateActiveUser validates if the user in the JWT claim is active.
func ValidateApplicationAccess ¶
func ValidateApplicationAccess(applicationID int64, flag Flag) ValidatorFunc
ValidateApplicationAccess validates if the client has access to the given application.
func ValidateApplicationUserAccess ¶
func ValidateApplicationUserAccess(applicationID, userID int64, flag Flag) ValidatorFunc
ValidateApplicationUserAccess validates if the client has access to the given application member.
func ValidateApplicationUsersAccess ¶
func ValidateApplicationUsersAccess(applicationID int64, flag Flag) ValidatorFunc
ValidateApplicationUsersAccess validates if the client has access to the given application members.
func ValidateApplicationsAccess ¶
func ValidateApplicationsAccess(flag Flag, organizationID int64) ValidatorFunc
ValidateApplicationsAccess validates if the client has access to the global applications resource.
func ValidateDeviceProfileAccess ¶
func ValidateDeviceProfileAccess(flag Flag, id uuid.UUID) ValidatorFunc
ValidateDeviceProfileAccess validates if the client has access to the given device-profile.
func ValidateDeviceProfilesAccess ¶
func ValidateDeviceProfilesAccess(flag Flag, organizationID, applicationID int64) ValidatorFunc
ValidateDeviceProfilesAccess validates if the client has access to the device-profiles.
func ValidateDeviceQueueAccess ¶
func ValidateDeviceQueueAccess(devEUI lorawan.EUI64, flag Flag) ValidatorFunc
ValidateDeviceQueueAccess validates if the client has access to the queue of the given node.
func ValidateGatewayAccess ¶
func ValidateGatewayAccess(flag Flag, mac lorawan.EUI64) ValidatorFunc
ValidateGatewayAccess validates if the client has access to the given gateway.
func ValidateGatewayProfileAccess ¶
func ValidateGatewayProfileAccess(flag Flag) ValidatorFunc
ValidateGatewayProfileAccess validates if the client has access to the gateway-profiles.
func ValidateGatewaysAccess ¶
func ValidateGatewaysAccess(flag Flag, organizationID int64) ValidatorFunc
ValidateGatewaysAccess validates if the client has access to the gateways.
func ValidateIsApplicationAdmin ¶
func ValidateIsApplicationAdmin(applicationID int64) ValidatorFunc
ValidateIsApplicationAdmin validates if the client has access to administrate the given application.
func ValidateIsOrganizationAdmin ¶
func ValidateIsOrganizationAdmin(organizationID int64) ValidatorFunc
ValidateIsOrganizationAdmin validates if the client has access to administrate the given organization.
func ValidateMulticastGroupAccess ¶
func ValidateMulticastGroupAccess(flag Flag, multicastGroupID uuid.UUID) ValidatorFunc
ValidateMulticastGroupAccess validates if the client has access to the given multicast-group.
func ValidateMulticastGroupQueueAccess ¶
func ValidateMulticastGroupQueueAccess(flag Flag, multicastGroupID uuid.UUID) ValidatorFunc
ValidateMulticastGroupQueueAccess validates if the client has access to the given multicast-group queue.
func ValidateMulticastGroupsAccess ¶
func ValidateMulticastGroupsAccess(flag Flag, organizationID int64) ValidatorFunc
ValidateMulticastGroupsAccess validates if the client has access to the multicast-groups.
func ValidateNetworkServerAccess ¶
func ValidateNetworkServerAccess(flag Flag, id int64) ValidatorFunc
ValidateNetworkServerAccess validates if the client has access to the given network-server.
func ValidateNetworkServersAccess ¶
func ValidateNetworkServersAccess(flag Flag, organizationID int64) ValidatorFunc
ValidateNetworkServersAccess validates if the client has access to the network-servers.
func ValidateNodeAccess ¶
func ValidateNodeAccess(devEUI lorawan.EUI64, flag Flag) ValidatorFunc
ValidateNodeAccess validates if the client has access to the given node.
func ValidateNodesAccess ¶
func ValidateNodesAccess(applicationID int64, flag Flag) ValidatorFunc
ValidateNodesAccess validates if the client has access to the global nodes resource.
func ValidateOrganizationAccess ¶
func ValidateOrganizationAccess(flag Flag, id int64) ValidatorFunc
ValidateOrganizationAccess validates if the client has access to the given organization.
func ValidateOrganizationNetworkServerAccess ¶
func ValidateOrganizationNetworkServerAccess(flag Flag, organizationID, networkServerID int64) ValidatorFunc
ValidateOrganizationNetworkServerAccess validates if the given client has access to the given organization id / network server id combination.
func ValidateOrganizationUserAccess ¶
func ValidateOrganizationUserAccess(flag Flag, organizationID, userID int64) ValidatorFunc
ValidateOrganizationUserAccess validates if the client has access to the given user of the given organization.
func ValidateOrganizationUsersAccess ¶
func ValidateOrganizationUsersAccess(flag Flag, id int64) ValidatorFunc
ValidateOrganizationUsersAccess validates if the client has access to the organization users.
func ValidateOrganizationsAccess ¶
func ValidateOrganizationsAccess(flag Flag) ValidatorFunc
ValidateOrganizationsAccess validates if the client has access to the organizations.
func ValidateServiceProfileAccess ¶
func ValidateServiceProfileAccess(flag Flag, id uuid.UUID) ValidatorFunc
ValidateServiceProfileAccess validates if the client has access to the given service-profile.
func ValidateServiceProfilesAccess ¶
func ValidateServiceProfilesAccess(flag Flag, organizationID int64) ValidatorFunc
ValidateServiceProfilesAccess validates if the client has access to the service-profiles.
func ValidateUserAccess ¶
func ValidateUserAccess(userID int64, flag Flag) ValidatorFunc
ValidateUserAccess validates if the client has access to the given user resource.
func ValidateUsersAccess ¶
func ValidateUsersAccess(flag Flag) ValidatorFunc
ValidateUsersAccess validates if the client has access to the global users resource.