security

package
v1.26.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 4, 2024 License: AGPL-3.0 Imports: 17 Imported by: 0

Documentation

Index

Constants

View Source 
const KVUserToken = "user_token"
View Source 
const RoleAdminName = "Administrator"
View Source 
const Secret = "console"

Variables

View Source 
var BuiltinRoles = make(map[string]Role, 0)
View Source 
var RoleMap = make(map[string]Role)

Functions

func DeleteUserToken 

func DeleteUserToken(key string)

func GenerateAccessToken 

func GenerateAccessToken(user *User) (map[string]interface{}, error)

func GetAPIPermissionRouter 

func GetAPIPermissionRouter(typ string) *routetree.Router

func GetCurrentUserCluster 

func GetCurrentUserCluster(req *http.Request) (bool, []string)

GetCurrentUserCluster get cluster id by current login user return true when has all cluster privilege, otherwise return cluster id list

func GetPermissions 

func GetPermissions(typ string) interface{}

func GetRoleCluster 

func GetRoleCluster(roles []string) (bool, []string)

GetRoleCluster get cluster id by given role names return true when has all cluster privilege, otherwise return cluster id list

func GetRoleClusterMap 

func GetRoleClusterMap(roles []string) map[string][]string

func GetRoleIndex 

func GetRoleIndex(roles []string, clusterID string) (bool, []string)

func IsAllowRoleType 

func IsAllowRoleType(roleType string) (err error)

func NewUserContext 

func NewUserContext(ctx context.Context, clam *UserClaims) context.Context

func RegisterAPIPermissionRouter 

func RegisterAPIPermissionRouter(typ string, router *routetree.Router)

func RegisterAdapter 

func RegisterAdapter(typ string, handler Adapter)

func RegisterPermission 

func RegisterPermission(typ string, permissions interface{})

func SearchAPIPermission 

func SearchAPIPermission(typ string, method, path string) (permission string, params map[string]string, matched bool)

func SetUserToken 

func SetUserToken(key string, token Token)

func ValidateCluster 

func ValidateCluster(req ClusterRequest, userRole RolePermission) (err error)

func ValidateIndex 

func ValidateIndex(req IndexRequest, userRole RolePermission) (err error)

func ValidatePermission 

func ValidatePermission(claims *UserClaims, permissions []string) (err error)

Types

type Adapter 

type Adapter struct {
	Role IRole
	User IUser
}

func GetAdapter 

func GetAdapter(typ string) Adapter

type ClusterPrivilege 

type ClusterPrivilege struct {
	Resources   []InnerCluster `json:"resources,omitempty" elastic_mapping:"resources: { type: object }"`
	Permissions []string       `json:"permissions,omitempty" elastic_mapping:"permissions: { type: keyword }"`
}

type ClusterRequest 

type ClusterRequest struct {
	Cluster   string   `json:"cluster"`
	Privilege []string `json:"privilege"`
}

func NewClusterRequest 

func NewClusterRequest(ps httprouter.Params, privilege []string) ClusterRequest

type ElasticsearchAPIPrivilege 

type ElasticsearchAPIPrivilege map[string]map[string]struct{}

func (ElasticsearchAPIPrivilege) Merge 

func (ep ElasticsearchAPIPrivilege) Merge(epa ElasticsearchAPIPrivilege)

type ElasticsearchPrivilege 

type ElasticsearchPrivilege struct {
	Cluster ClusterPrivilege `json:"cluster,omitempty" elastic_mapping:"cluster: { type: object }"`
	Index   []IndexPrivilege `json:"index,omitempty" elastic_mapping:"index: { type: object }"`
}

type EsRequest 

type EsRequest struct {
	Doc       string `json:"doc"`
	Privilege string `json:"privilege"`
	ClusterRequest
	IndexRequest
}

type IRole 

type IRole interface {
	Get(id string) (Role, error)
	GetBy(field string, value interface{}) (Role, error)
	Update(role *Role) error
	Create(role *Role) (string, error)
	Delete(id string) error
	Search(keyword string, from, size int) (orm.Result, error)
}

type IUser 

type IUser interface {
	Get(id string) (User, error)
	GetBy(field string, value interface{}) (*User, error)
	Update(user *User) error
	Create(user *User) (string, error)
	Delete(id string) error
	Search(keyword string, from, size int) (orm.Result, error)
}

type IndexPrivilege 

type IndexPrivilege struct {
	Name        []string `json:"name,omitempty" elastic_mapping:"name: { type: keyword }"`
	Permissions []string `json:"permissions,omitempty" elastic_mapping:"permissions: { type: keyword }"`
}

type IndexRequest 

type IndexRequest struct {
	Cluster   string   `json:"cluster"`
	Index     string   `json:"index"`
	Privilege []string `json:"privilege"`
}

func NewIndexRequest 

func NewIndexRequest(ps httprouter.Params, privilege []string) IndexRequest

type InnerCluster 

type InnerCluster struct {
	ID   string `json:"id" elastic_mapping:"id: { type: keyword }"`
	Name string `json:"name" elastic_mapping:"name: { type: keyword }"`
}

type Role 

type Role struct {
	orm.ORMObjectBase

	Name        string        `json:"name"  elastic_mapping:"name: { type: keyword }"`
	Type        string        `json:"type" elastic_mapping:"type: { type: keyword }"`
	Description string        `json:"description"  elastic_mapping:"description: { type: text }"`
	Builtin     bool          `json:"builtin" elastic_mapping:"builtin: { type: boolean }"`
	Privilege   RolePrivilege `json:"privilege" elastic_mapping:"privilege: { type: object }"`
}

type RolePermission 

type RolePermission struct {
	Platform         []string `json:"platform,omitempty"`
	ElasticPrivilege struct {
		Cluster ElasticsearchAPIPrivilege
		Index   map[string]ElasticsearchAPIPrivilege
	}
}

func CombineUserRoles 

func CombineUserRoles(roleNames []string) RolePermission

type RolePrivilege 

type RolePrivilege struct {
	Platform      []string               `json:"platform,omitempty" elastic_mapping:"platform: { type: keyword }"`
	Elasticsearch ElasticsearchPrivilege `json:"elasticsearch,omitempty" elastic_mapping:"elasticsearch: { type: object }"`
}

type RoleType 

type RoleType = string
const (
	Platform      RoleType = "platform"
	Elasticsearch RoleType = "elasticsearch"
)

type SecurityRealm 

type SecurityRealm interface {
	GetType() string
	Authenticate(username, password string) (bool, *User, error) // Return true if authentication is successful, otherwise false
	Authorize(user *User) (bool, error)                          // Return true if authorization is granted, otherwise false
}

type ShortUser 

type ShortUser struct {
	Provider string   `json:"provider"`
	Username string   `json:"username"`
	UserId   string   `json:"user_id"`
	Roles    []string `json:"roles"`
}

func FromUserContext 

func FromUserContext(ctx context.Context) (*ShortUser, error)

type Token 

type Token struct {
	JwtStr   string `json:"jwt_str"`
	Value    string `json:"value"`
	ExpireIn int64  `json:"expire_in"`
}

func GetUserToken 

func GetUserToken(key string) *Token

type User 

type User struct {
	orm.ORMObjectBase

	AuthProvider string   `json:"auth_provider"  elastic_mapping:"auth_provider: { type: keyword }"`
	Username     string   `json:"name"  elastic_mapping:"name: { type: keyword }"`
	Nickname     string   `json:"nick_name"  elastic_mapping:"nick_name: { type: keyword }"`
	Password     string   `json:"password"  elastic_mapping:"password: { type: keyword }"`
	Email        string   `json:"email" elastic_mapping:"email: { type: keyword }"`
	Phone        string   `json:"phone" elastic_mapping:"phone: { type: keyword }"`
	Tags         []string `json:"tags" elastic_mapping:"mobile: { type: keyword }"`

	AvatarUrl string      `json:"avatar_url" elastic_mapping:"avatar_url: { type: keyword }"`
	Roles     []UserRole  `json:"roles" elastic_mapping:"roles: { type: object }"`
	Payload   interface{} `json:"-"` //used for storing additional data derived from auth provider
}

func (*User) GetPermissions 

func (user *User) GetPermissions() (roles []string, privileges []string)

type UserClaims 

type UserClaims struct {
	*jwt.RegisteredClaims
	*ShortUser
}

func ValidateLogin 

func ValidateLogin(authorizationHeader string) (clams *UserClaims, err error)

type UserRole 

type UserRole struct {
	ID   string `json:"id" elastic_mapping:"id: { type: keyword }"`
	Name string `json:"name" elastic_mapping:"name: { type: keyword }"`
}

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.