authorization

package
v2.7.11 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 26, 2024 License: MIT Imports: 28 Imported by: 0

Documentation

Index

Constants

View Source
const MaxIDGenerationN = 100
View Source
const ReservedIDs = 1000
View Source
const (
	// SaltBytes is the number of bytes used for salts.
	SaltBytes = 32
)

Variables

View Source
var (
	// ErrInvalidAuthID is used when the Authorization's ID cannot be encoded
	ErrInvalidAuthID = &errors.Error{
		Code: errors.EInvalid,
		Msg:  "authorization ID is invalid",
	}

	// ErrAuthNotFound is used when the specified auth cannot be found
	ErrAuthNotFound = &errors.Error{
		Code: errors.ENotFound,
		Msg:  "authorization not found",
	}

	// NotUniqueIDError occurs when attempting to create an Authorization with an ID that already belongs to another one
	NotUniqueIDError = &errors.Error{
		Code: errors.EConflict,
		Msg:  "ID already exists",
	}

	// ErrFailureGeneratingID occurs ony when the random number generator
	// cannot generate an ID in MaxIDGenerationN times.
	ErrFailureGeneratingID = &errors.Error{
		Code: errors.EInternal,
		Msg:  "unable to generate valid id",
	}

	// ErrTokenAlreadyExistsError is used when attempting to create an authorization
	// with a token that already exists
	ErrTokenAlreadyExistsError = &errors.Error{
		Code: errors.EConflict,
		Msg:  "token already exists",
	}

	// ErrBucketNotFound is used when attempting to create an authorization
	// with a bucket id that does not exist
	ErrBucketNotFound = &errors.Error{
		Code: errors.ENotFound,
		Msg:  "bucket not found when creating auth",
	}
)
View Source
var (
	ErrUnsupportedScheme = &errors2.Error{
		Code: errors2.EInternal,
		Msg:  "unsupported authorization scheme",
	}
)

Functions

func ErrInvalidAuthIDError

func ErrInvalidAuthIDError(err error) *errors.Error

ErrInvalidAuthIDError is used when a service was provided an invalid ID.

func UnavailablePasswordServiceError

func UnavailablePasswordServiceError(err error) *errors.Error

UnavailablePasswordServiceError is used if we aren't able to add the password to the store, it means the store is not available at the moment (e.g. network).

func UnexpectedAuthIndexError

func UnexpectedAuthIndexError(err error) *errors.Error

UnexpectedAuthIndexError is used when the error comes from an internal system.

func WithPasswordChecking added in v2.7.6

func WithPasswordChecking(strong bool) func(*Service)

Types

type AuthFinder

type AuthFinder interface {
	FindAuthorizationByID(ctx context.Context, id platform.ID) (*influxdb.Authorization, error)
}

type AuthHandler

type AuthHandler struct {
	chi.Router
	// contains filtered or unexported fields
}

func NewHTTPAuthHandler

func NewHTTPAuthHandler(log *zap.Logger, authService influxdb.AuthorizationService, passwordService PasswordService, tenantService TenantService) *AuthHandler

NewHTTPAuthHandler constructs a new http server.

func (*AuthHandler) Prefix

func (h *AuthHandler) Prefix() string

type AuthTokenFinder

type AuthTokenFinder interface {
	FindAuthorizationByToken(ctx context.Context, token string) (*influxdb.Authorization, error)
}

type AuthedPasswordService

type AuthedPasswordService struct {
	// contains filtered or unexported fields
}

AuthedPasswordService is middleware for authorizing requests to the inner PasswordService.

func NewAuthedPasswordService

func NewAuthedPasswordService(auth AuthFinder, inner PasswordService) *AuthedPasswordService

NewAuthedPasswordService wraps an existing PasswordService with authorization middleware.

func (*AuthedPasswordService) SetPassword

func (s *AuthedPasswordService) SetPassword(ctx context.Context, authID platform.ID, password string) error

SetPassword overrides the password of a known user.

type Authorizer

type Authorizer struct {
	AuthV1   AuthTokenFinder  // A service to find V1 tokens
	AuthV2   AuthTokenFinder  // A service to find V2 tokens
	Comparer PasswordComparer // A service to compare passwords for V1 tokens
	User     UserFinder       // A service to find users
}

A type that is used to verify credentials.

func (*Authorizer) Authorize

func (v *Authorizer) Authorize(ctx context.Context, c influxdb.CredentialsV1) (auth *influxdb.Authorization, err error)

Authorize returns an influxdb.Authorization if c can be verified; otherwise, an error. influxdb.ErrCredentialsUnauthorized will be returned if the credentials are invalid.

type CachingPasswordsService

type CachingPasswordsService struct {
	// contains filtered or unexported fields
}

An implementation of influxdb.PasswordsService that will perform ComparePassword requests at a reduced cost under certain conditions. See ComparePassword for further information.

The cache is only valid for the duration of the process.

func NewCachingPasswordsService

func NewCachingPasswordsService(inner influxdb.PasswordsService) *CachingPasswordsService

func (*CachingPasswordsService) CompareAndSetPassword

func (c *CachingPasswordsService) CompareAndSetPassword(ctx context.Context, id platform.ID, old, new string) error

func (*CachingPasswordsService) ComparePassword

func (c *CachingPasswordsService) ComparePassword(ctx context.Context, id platform.ID, password string) error

ComparePassword will attempt to perform the comparison using a lower cost hashing function if influxdb.ContextHasPasswordCacheOption returns true for ctx.

func (*CachingPasswordsService) SetPassword

func (c *CachingPasswordsService) SetPassword(ctx context.Context, id platform.ID, password string) error

type Client

type Client struct {
	Client *httpc.Client
}

Client connects to Influx via HTTP using tokens to manage authorizations

func (*Client) CreateAuthorization

func (s *Client) CreateAuthorization(ctx context.Context, a *influxdb.Authorization) error

CreateAuthorization creates a new authorization and sets b.ID with the new identifier.

func (*Client) DeleteAuthorization

func (s *Client) DeleteAuthorization(ctx context.Context, id platform.ID) error

DeleteAuthorization removes a authorization by id.

func (*Client) FindAuthorizationByID

func (s *Client) FindAuthorizationByID(ctx context.Context, id platform.ID) (*influxdb.Authorization, error)

FindAuthorizationByID finds a single Authorization by its ID against a remote influx server.

func (*Client) FindAuthorizationByToken

func (s *Client) FindAuthorizationByToken(ctx context.Context, token string) (*influxdb.Authorization, error)

FindAuthorizationByToken is not supported by the HTTP authorization service.

func (*Client) FindAuthorizations

func (s *Client) FindAuthorizations(ctx context.Context, filter influxdb.AuthorizationFilter, opt ...influxdb.FindOptions) ([]*influxdb.Authorization, int, error)

FindAuthorizations returns a list of authorizations that match filter and the total count of matching authorizations. Additional options provide pagination & sorting.

func (*Client) SetPassword

func (s *Client) SetPassword(ctx context.Context, id platform.ID, password string) error

SetPassword sets the password for the authorization token id.

func (*Client) UpdateAuthorization

func (s *Client) UpdateAuthorization(ctx context.Context, id platform.ID, upd *influxdb.AuthorizationUpdate) (*influxdb.Authorization, error)

UpdateAuthorization updates the status and description if available.

type PasswordComparer

type PasswordComparer interface {
	ComparePassword(ctx context.Context, authID platform.ID, password string) error
}

type PasswordService

type PasswordService interface {
	SetPassword(ctx context.Context, id platform.ID, password string) error
}

type Service

type Service struct {
	// contains filtered or unexported fields
}

func NewService

func NewService(st *Store, ts TenantService, OptFns ...func(*Service)) *Service

NewService constructs a new Service.

func (*Service) CompareAndSetPassword

func (s *Service) CompareAndSetPassword(ctx context.Context, authID platform.ID, old, new string) error

CompareAndSetPassword checks the password and if they match updates to the new password.

func (*Service) ComparePassword

func (s *Service) ComparePassword(ctx context.Context, authID platform.ID, password string) error

ComparePassword checks if the password matches the password recorded. Passwords that do not match return errors, as do too weak passwords

func (*Service) CreateAuthorization

func (s *Service) CreateAuthorization(ctx context.Context, a *influxdb.Authorization) error

func (*Service) DeleteAuthorization

func (s *Service) DeleteAuthorization(ctx context.Context, id platform.ID) error

func (*Service) FindAuthorizationByID

func (s *Service) FindAuthorizationByID(ctx context.Context, id platform.ID) (*influxdb.Authorization, error)

func (*Service) FindAuthorizationByToken

func (s *Service) FindAuthorizationByToken(ctx context.Context, n string) (*influxdb.Authorization, error)

FindAuthorizationByToken returns a authorization by token for a particular authorization.

func (*Service) FindAuthorizations

func (s *Service) FindAuthorizations(ctx context.Context, filter influxdb.AuthorizationFilter, opt ...influxdb.FindOptions) ([]*influxdb.Authorization, int, error)

FindAuthorizations retrives all authorizations that match an arbitrary authorization filter. Filters using ID, or Token should be efficient. Other filters will do a linear scan across all authorizations searching for a match.

func (*Service) SetPassword

func (s *Service) SetPassword(ctx context.Context, authID platform.ID, password string) error

SetPassword overrides the password of a known user.

func (*Service) SetPasswordHash

func (s *Service) SetPasswordHash(ctx context.Context, authID platform.ID, passHash string) error

SetPasswordHash updates the password hash for id. If passHash is not a valid bcrypt hash, SetPasswordHash returns an error.

This API is intended for upgrading 1.x users.

func (*Service) UpdateAuthorization

func (s *Service) UpdateAuthorization(ctx context.Context, id platform.ID, upd *influxdb.AuthorizationUpdate) (*influxdb.Authorization, error)

UpdateAuthorization updates the status and description if available.

type Store

type Store struct {
	IDGen platform.IDGenerator
	// contains filtered or unexported fields
}

func NewStore

func NewStore(kvStore kv.Store) (*Store, error)

func (*Store) CreateAuthorization

func (s *Store) CreateAuthorization(ctx context.Context, tx kv.Tx, a *influxdb.Authorization) error

CreateAuthorization takes an Authorization object and saves it in storage using its token using its token property as an index

func (*Store) DeleteAuthorization

func (s *Store) DeleteAuthorization(ctx context.Context, tx kv.Tx, id platform.ID) error

DeleteAuthorization removes an authorization from storage

func (*Store) DeletePassword

func (s *Store) DeletePassword(ctx context.Context, tx kv.Tx, id platform.ID) error

func (*Store) GetAuthorizationByID

func (s *Store) GetAuthorizationByID(ctx context.Context, tx kv.Tx, id platform.ID) (*influxdb.Authorization, error)

GetAuthorization gets an authorization by its ID from the auth bucket in kv

func (*Store) GetAuthorizationByToken

func (s *Store) GetAuthorizationByToken(ctx context.Context, tx kv.Tx, token string) (*influxdb.Authorization, error)

func (*Store) GetPassword

func (s *Store) GetPassword(ctx context.Context, tx kv.Tx, id platform.ID) (string, error)

func (*Store) ListAuthorizations

func (s *Store) ListAuthorizations(ctx context.Context, tx kv.Tx, f influxdb.AuthorizationFilter) ([]*influxdb.Authorization, error)

ListAuthorizations returns all the authorizations matching a set of FindOptions. This function is used for FindAuthorizationByID, FindAuthorizationByToken, and FindAuthorizations in the AuthorizationService implementation

func (*Store) SetPassword

func (s *Store) SetPassword(ctx context.Context, tx kv.Tx, id platform.ID, password string) error

func (*Store) Update

func (s *Store) Update(ctx context.Context, fn func(kv.Tx) error) error

Update opens up a transaction that will mutate data.

func (*Store) UpdateAuthorization

func (s *Store) UpdateAuthorization(ctx context.Context, tx kv.Tx, id platform.ID, a *influxdb.Authorization) (*influxdb.Authorization, error)

UpdateAuthorization updates the status and description only of an authorization

func (*Store) View

func (s *Store) View(ctx context.Context, fn func(kv.Tx) error) error

View opens up a transaction that will not write to any data. Implementing interfaces should take care to ensure that all view transactions do not mutate any data.

type TenantService

type TenantService interface {
	FindOrganizationByID(ctx context.Context, id platform.ID) (*influxdb.Organization, error)
	FindOrganization(ctx context.Context, filter influxdb.OrganizationFilter) (*influxdb.Organization, error)
	FindUserByID(ctx context.Context, id platform.ID) (*influxdb.User, error)
	FindUser(ctx context.Context, filter influxdb.UserFilter) (*influxdb.User, error)
	FindBucketByID(ctx context.Context, id platform.ID) (*influxdb.Bucket, error)
}

TenantService is used to look up the Organization and User for an Authorization

type UserFinder

type UserFinder interface {
	// Returns a single user by ID.
	FindUserByID(ctx context.Context, id platform.ID) (*influxdb.User, error)
}

Directories

Path Synopsis
Package mocks is a generated GoMock package.
Package mocks is a generated GoMock package.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL