auth

package
v2.2.0+incompatible Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 17, 2018 License: MIT Imports: 13 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source
var (
	ErrNoMetadataInContext       = errors.New("no metadata in context")
	ErrNoAuthorizationInMetadata = errors.New("no authorization-data in metadata")
	ErrInvalidAlgorithm          = errors.New("invalid algorithm")
	ErrInvalidToken              = errors.New("invalid token")
	ErrNotAuthorized             = errors.New("not authorized")
)

errors

View Source
var DisableAssignExistingUsers = false

DisableAssignExistingUsers controls if existing users can be assigned to an organization or application. When set to false (default), organization admin users are able to list all users, which might depending on the context of the setup be a privacy issue.

Functions

This section is empty.

Types

type Claims

type Claims struct {
	jwt.StandardClaims

	// Username defines the identity of the user.
	Username string `json:"username"`
}

Claims defines the struct containing the token claims.

type Flag

type Flag int

Flag defines the authorization flag.

const (
	Create Flag = iota
	Read
	Update
	Delete
	List
	UpdateProfile
)

Authorization flags.

type JWTValidator

type JWTValidator struct {
	// contains filtered or unexported fields
}

JWTValidator validates JWT tokens.

func NewJWTValidator

func NewJWTValidator(db sqlx.Ext, algorithm, secret string) *JWTValidator

NewJWTValidator creates a new JWTValidator.

func (JWTValidator) GetIsAdmin

func (v JWTValidator) GetIsAdmin(ctx context.Context) (bool, error)

GetIsAdmin returns if the authenticated user is a global amin.

func (JWTValidator) GetUsername

func (v JWTValidator) GetUsername(ctx context.Context) (string, error)

GetUsername returns the username of the authenticated user.

func (JWTValidator) Validate

func (v JWTValidator) Validate(ctx context.Context, funcs ...ValidatorFunc) error

Validate validates the token from the given context against the given validator funcs.

type Validator

type Validator interface {
	// Validate validates the given set of validators against the given context.
	// Must return after the first validator function either returns true or
	// and error. The way how the validation must be seens is:
	//   if validatorFunc1 || validatorFunc2 || validatorFunc3 ...
	// In case multiple validators must validate to true, then a validator
	// func needs to be implemented which validates a given set of funcs as:
	//   if validatorFunc1 && validatorFunc2 && ValidatorFunc3 ...
	Validate(context.Context, ...ValidatorFunc) error

	// GetUsername returns the name of the authenticated user.
	GetUsername(context.Context) (string, error)

	// GetIsAdmin returns if the authenticated user is a global admin.
	GetIsAdmin(context.Context) (bool, error)
}

Validator defines the interface a validator needs to implement.

type ValidatorFunc

type ValidatorFunc func(sqlx.Queryer, *Claims) (bool, error)

ValidatorFunc defines the signature of a claim validator function. It returns a bool indicating if the validation passed or failed and an error in case an error occured (e.g. db connectivity).

func ValidateActiveUser

func ValidateActiveUser() ValidatorFunc

ValidateActiveUser validates if the user in the JWT claim is active.

func ValidateApplicationAccess

func ValidateApplicationAccess(applicationID int64, flag Flag) ValidatorFunc

ValidateApplicationAccess validates if the client has access to the given application.

func ValidateApplicationUserAccess

func ValidateApplicationUserAccess(applicationID, userID int64, flag Flag) ValidatorFunc

ValidateApplicationUserAccess validates if the client has access to the given application member.

func ValidateApplicationUsersAccess

func ValidateApplicationUsersAccess(applicationID int64, flag Flag) ValidatorFunc

ValidateApplicationUsersAccess validates if the client has access to the given application members.

func ValidateApplicationsAccess

func ValidateApplicationsAccess(flag Flag, organizationID int64) ValidatorFunc

ValidateApplicationsAccess validates if the client has access to the global applications resource.

func ValidateDeviceProfileAccess

func ValidateDeviceProfileAccess(flag Flag, id uuid.UUID) ValidatorFunc

ValidateDeviceProfileAccess validates if the client has access to the given device-profile.

func ValidateDeviceProfilesAccess

func ValidateDeviceProfilesAccess(flag Flag, organizationID, applicationID int64) ValidatorFunc

ValidateDeviceProfilesAccess validates if the client has access to the device-profiles.

func ValidateDeviceQueueAccess

func ValidateDeviceQueueAccess(devEUI lorawan.EUI64, flag Flag) ValidatorFunc

ValidateDeviceQueueAccess validates if the client has access to the queue of the given node.

func ValidateGatewayAccess

func ValidateGatewayAccess(flag Flag, mac lorawan.EUI64) ValidatorFunc

ValidateGatewayAccess validates if the client has access to the given gateway.

func ValidateGatewayProfileAccess

func ValidateGatewayProfileAccess(flag Flag) ValidatorFunc

ValidateGatewayProfileAccess validates if the client has access to the gateway-profiles.

func ValidateGatewaysAccess

func ValidateGatewaysAccess(flag Flag, organizationID int64) ValidatorFunc

ValidateGatewaysAccess validates if the client has access to the gateways.

func ValidateIsApplicationAdmin

func ValidateIsApplicationAdmin(applicationID int64) ValidatorFunc

ValidateIsApplicationAdmin validates if the client has access to administrate the given application.

func ValidateIsOrganizationAdmin

func ValidateIsOrganizationAdmin(organizationID int64) ValidatorFunc

ValidateIsOrganizationAdmin validates if the client has access to administrate the given organization.

func ValidateMulticastGroupAccess

func ValidateMulticastGroupAccess(flag Flag, multicastGroupID uuid.UUID) ValidatorFunc

ValidateMulticastGroupAccess validates if the client has access to the given multicast-group.

func ValidateMulticastGroupQueueAccess

func ValidateMulticastGroupQueueAccess(flag Flag, multicastGroupID uuid.UUID) ValidatorFunc

ValidateMulticastGroupQueueAccess validates if the client has access to the given multicast-group queue.

func ValidateMulticastGroupsAccess

func ValidateMulticastGroupsAccess(flag Flag, organizationID int64) ValidatorFunc

ValidateMulticastGroupsAccess validates if the client has access to the multicast-groups.

func ValidateNetworkServerAccess

func ValidateNetworkServerAccess(flag Flag, id int64) ValidatorFunc

ValidateNetworkServerAccess validates if the client has access to the given network-server.

func ValidateNetworkServersAccess

func ValidateNetworkServersAccess(flag Flag, organizationID int64) ValidatorFunc

ValidateNetworkServersAccess validates if the client has access to the network-servers.

func ValidateNodeAccess

func ValidateNodeAccess(devEUI lorawan.EUI64, flag Flag) ValidatorFunc

ValidateNodeAccess validates if the client has access to the given node.

func ValidateNodesAccess

func ValidateNodesAccess(applicationID int64, flag Flag) ValidatorFunc

ValidateNodesAccess validates if the client has access to the global nodes resource.

func ValidateOrganizationAccess

func ValidateOrganizationAccess(flag Flag, id int64) ValidatorFunc

ValidateOrganizationAccess validates if the client has access to the given organization.

func ValidateOrganizationNetworkServerAccess

func ValidateOrganizationNetworkServerAccess(flag Flag, organizationID, networkServerID int64) ValidatorFunc

ValidateOrganizationNetworkServerAccess validates if the given client has access to the given organization id / network server id combination.

func ValidateOrganizationUserAccess

func ValidateOrganizationUserAccess(flag Flag, organizationID, userID int64) ValidatorFunc

ValidateOrganizationUserAccess validates if the client has access to the given user of the given organization.

func ValidateOrganizationUsersAccess

func ValidateOrganizationUsersAccess(flag Flag, id int64) ValidatorFunc

ValidateOrganizationUsersAccess validates if the client has access to the organization users.

func ValidateOrganizationsAccess

func ValidateOrganizationsAccess(flag Flag) ValidatorFunc

ValidateOrganizationsAccess validates if the client has access to the organizations.

func ValidateServiceProfileAccess

func ValidateServiceProfileAccess(flag Flag, id uuid.UUID) ValidatorFunc

ValidateServiceProfileAccess validates if the client has access to the given service-profile.

func ValidateServiceProfilesAccess

func ValidateServiceProfilesAccess(flag Flag, organizationID int64) ValidatorFunc

ValidateServiceProfilesAccess validates if the client has access to the service-profiles.

func ValidateUserAccess

func ValidateUserAccess(userID int64, flag Flag) ValidatorFunc

ValidateUserAccess validates if the client has access to the given user resource.

func ValidateUsersAccess

func ValidateUsersAccess(flag Flag) ValidatorFunc

ValidateUsersAccess validates if the client has access to the global users resource.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL