Documentation ¶
Index ¶
- Constants
- Variables
- func ErrInternalServiceError(err error) *errors.Error
- func ErrInvalidAuthIDError(err error) *errors.Error
- func UnavailablePasswordServiceError(err error) *errors.Error
- func UnexpectedAuthIndexError(err error) *errors.Error
- type AuthFinder
- type AuthHandler
- type AuthTokenFinder
- type AuthedPasswordService
- type Authorizer
- type CachingPasswordsService
- func (c *CachingPasswordsService) CompareAndSetPassword(ctx context.Context, id platform.ID, old, new string) error
- func (c *CachingPasswordsService) ComparePassword(ctx context.Context, id platform.ID, password string) error
- func (c *CachingPasswordsService) SetPassword(ctx context.Context, id platform.ID, password string) error
- type Client
- func (s *Client) CreateAuthorization(ctx context.Context, a *influxdb.Authorization) error
- func (s *Client) DeleteAuthorization(ctx context.Context, id platform.ID) error
- func (s *Client) FindAuthorizationByID(ctx context.Context, id platform.ID) (*influxdb.Authorization, error)
- func (s *Client) FindAuthorizationByToken(ctx context.Context, token string) (*influxdb.Authorization, error)
- func (s *Client) FindAuthorizations(ctx context.Context, filter influxdb.AuthorizationFilter, ...) ([]*influxdb.Authorization, int, error)
- func (s *Client) SetPassword(ctx context.Context, id platform.ID, password string) error
- func (s *Client) UpdateAuthorization(ctx context.Context, id platform.ID, upd *influxdb.AuthorizationUpdate) (*influxdb.Authorization, error)
- type PasswordComparer
- type PasswordService
- type Service
- func (s *Service) CompareAndSetPassword(ctx context.Context, authID platform.ID, old, new string) error
- func (s *Service) ComparePassword(ctx context.Context, authID platform.ID, password string) error
- func (s *Service) CreateAuthorization(ctx context.Context, a *influxdb.Authorization) error
- func (s *Service) DeleteAuthorization(ctx context.Context, id platform.ID) error
- func (s *Service) FindAuthorizationByID(ctx context.Context, id platform.ID) (*influxdb.Authorization, error)
- func (s *Service) FindAuthorizationByToken(ctx context.Context, n string) (*influxdb.Authorization, error)
- func (s *Service) FindAuthorizations(ctx context.Context, filter influxdb.AuthorizationFilter, ...) ([]*influxdb.Authorization, int, error)
- func (s *Service) SetPassword(ctx context.Context, authID platform.ID, password string) error
- func (s *Service) SetPasswordHash(ctx context.Context, authID platform.ID, passHash string) error
- func (s *Service) UpdateAuthorization(ctx context.Context, id platform.ID, upd *influxdb.AuthorizationUpdate) (*influxdb.Authorization, error)
- type Store
- func (s *Store) CreateAuthorization(ctx context.Context, tx kv.Tx, a *influxdb.Authorization) error
- func (s *Store) DeleteAuthorization(ctx context.Context, tx kv.Tx, id platform.ID) error
- func (s *Store) DeletePassword(ctx context.Context, tx kv.Tx, id platform.ID) error
- func (s *Store) GetAuthorizationByID(ctx context.Context, tx kv.Tx, id platform.ID) (*influxdb.Authorization, error)
- func (s *Store) GetAuthorizationByToken(ctx context.Context, tx kv.Tx, token string) (*influxdb.Authorization, error)
- func (s *Store) GetPassword(ctx context.Context, tx kv.Tx, id platform.ID) (string, error)
- func (s *Store) ListAuthorizations(ctx context.Context, tx kv.Tx, f influxdb.AuthorizationFilter) ([]*influxdb.Authorization, error)
- func (s *Store) SetPassword(ctx context.Context, tx kv.Tx, id platform.ID, password string) error
- func (s *Store) Update(ctx context.Context, fn func(kv.Tx) error) error
- func (s *Store) UpdateAuthorization(ctx context.Context, tx kv.Tx, id platform.ID, a *influxdb.Authorization) (*influxdb.Authorization, error)
- func (s *Store) View(ctx context.Context, fn func(kv.Tx) error) error
- type TenantService
- type UserFinder
Constants ¶
const MaxIDGenerationN = 100
const ReservedIDs = 1000
const (
// SaltBytes is the number of bytes used for salts.
SaltBytes = 32
)
Variables ¶
var ( // ErrInvalidAuthID is used when the Authorization's ID cannot be encoded ErrInvalidAuthID = &errors.Error{ Code: errors.EInvalid, Msg: "authorization ID is invalid", } // ErrAuthNotFound is used when the specified auth cannot be found ErrAuthNotFound = &errors.Error{ Code: errors.ENotFound, Msg: "authorization not found", } // NotUniqueIDError occurs when attempting to create an Authorization with an ID that already belongs to another one NotUniqueIDError = &errors.Error{ Code: errors.EConflict, Msg: "ID already exists", } // ErrFailureGeneratingID occurs ony when the random number generator // cannot generate an ID in MaxIDGenerationN times. ErrFailureGeneratingID = &errors.Error{ Code: errors.EInternal, Msg: "unable to generate valid id", } // ErrTokenAlreadyExistsError is used when attempting to create an authorization // with a token that already exists ErrTokenAlreadyExistsError = &errors.Error{ Code: errors.EConflict, Msg: "token already exists", } // ErrBucketNotFound is used when attempting to create an authorization // with a bucket id that does not exist ErrBucketNotFound = &errors.Error{ Code: errors.ENotFound, Msg: "bucket not found when creating auth", } )
var EIncorrectPassword = tenant.EIncorrectPassword
var ( ErrUnsupportedScheme = &errors2.Error{ Code: errors2.EInternal, Msg: "unsupported authorization scheme", } )
Functions ¶
func ErrInternalServiceError ¶
ErrInternalServiceError is used when the error comes from an internal system.
func ErrInvalidAuthIDError ¶
ErrInvalidAuthIDError is used when a service was provided an invalid ID.
func UnavailablePasswordServiceError ¶
UnavailablePasswordServiceError is used if we aren't able to add the password to the store, it means the store is not available at the moment (e.g. network).
func UnexpectedAuthIndexError ¶
UnexpectedAuthIndexError is used when the error comes from an internal system.
Types ¶
type AuthFinder ¶
type AuthHandler ¶
func NewHTTPAuthHandler ¶
func NewHTTPAuthHandler(log *zap.Logger, authService influxdb.AuthorizationService, passwordService PasswordService, tenantService TenantService) *AuthHandler
NewHTTPAuthHandler constructs a new http server.
func (*AuthHandler) Prefix ¶
func (h *AuthHandler) Prefix() string
type AuthTokenFinder ¶
type AuthedPasswordService ¶
type AuthedPasswordService struct {
// contains filtered or unexported fields
}
AuthedPasswordService is middleware for authorizing requests to the inner PasswordService.
func NewAuthedPasswordService ¶
func NewAuthedPasswordService(auth AuthFinder, inner PasswordService) *AuthedPasswordService
NewAuthedPasswordService wraps an existing PasswordService with authorization middleware.
func (*AuthedPasswordService) SetPassword ¶
func (s *AuthedPasswordService) SetPassword(ctx context.Context, authID platform.ID, password string) error
SetPassword overrides the password of a known user.
type Authorizer ¶
type Authorizer struct { AuthV1 AuthTokenFinder // A service to find V1 tokens AuthV2 AuthTokenFinder // A service to find V2 tokens Comparer PasswordComparer // A service to compare passwords for V1 tokens User UserFinder // A service to find users }
A type that is used to verify credentials.
func (*Authorizer) Authorize ¶
func (v *Authorizer) Authorize(ctx context.Context, c influxdb.CredentialsV1) (auth *influxdb.Authorization, err error)
Authorize returns an influxdb.Authorization if c can be verified; otherwise, an error. influxdb.ErrCredentialsUnauthorized will be returned if the credentials are invalid.
type CachingPasswordsService ¶
type CachingPasswordsService struct {
// contains filtered or unexported fields
}
An implementation of influxdb.PasswordsService that will perform ComparePassword requests at a reduced cost under certain conditions. See ComparePassword for further information.
The cache is only valid for the duration of the process.
func NewCachingPasswordsService ¶
func NewCachingPasswordsService(inner influxdb.PasswordsService) *CachingPasswordsService
func (*CachingPasswordsService) CompareAndSetPassword ¶
func (*CachingPasswordsService) ComparePassword ¶
func (c *CachingPasswordsService) ComparePassword(ctx context.Context, id platform.ID, password string) error
ComparePassword will attempt to perform the comparison using a lower cost hashing function if influxdb.ContextHasPasswordCacheOption returns true for ctx.
func (*CachingPasswordsService) SetPassword ¶
type Client ¶
Client connects to Influx via HTTP using tokens to manage authorizations
func (*Client) CreateAuthorization ¶
CreateAuthorization creates a new authorization and sets b.ID with the new identifier.
func (*Client) DeleteAuthorization ¶
DeleteAuthorization removes a authorization by id.
func (*Client) FindAuthorizationByID ¶
func (s *Client) FindAuthorizationByID(ctx context.Context, id platform.ID) (*influxdb.Authorization, error)
FindAuthorizationByID finds a single Authorization by its ID against a remote influx server.
func (*Client) FindAuthorizationByToken ¶
func (s *Client) FindAuthorizationByToken(ctx context.Context, token string) (*influxdb.Authorization, error)
FindAuthorizationByToken is not supported by the HTTP authorization service.
func (*Client) FindAuthorizations ¶
func (s *Client) FindAuthorizations(ctx context.Context, filter influxdb.AuthorizationFilter, opt ...influxdb.FindOptions) ([]*influxdb.Authorization, int, error)
FindAuthorizations returns a list of authorizations that match filter and the total count of matching authorizations. Additional options provide pagination & sorting.
func (*Client) SetPassword ¶
SetPassword sets the password for the authorization token id.
type PasswordComparer ¶
type PasswordService ¶
type Service ¶
type Service struct {
// contains filtered or unexported fields
}
func NewService ¶
func NewService(st *Store, ts TenantService) *Service
func (*Service) CompareAndSetPassword ¶
func (s *Service) CompareAndSetPassword(ctx context.Context, authID platform.ID, old, new string) error
CompareAndSetPassword checks the password and if they match updates to the new password.
func (*Service) ComparePassword ¶
ComparePassword checks if the password matches the password recorded. Passwords that do not match return errors.
func (*Service) CreateAuthorization ¶
func (*Service) DeleteAuthorization ¶
func (*Service) FindAuthorizationByID ¶
func (*Service) FindAuthorizationByToken ¶
func (s *Service) FindAuthorizationByToken(ctx context.Context, n string) (*influxdb.Authorization, error)
FindAuthorizationByToken returns a authorization by token for a particular authorization.
func (*Service) FindAuthorizations ¶
func (s *Service) FindAuthorizations(ctx context.Context, filter influxdb.AuthorizationFilter, opt ...influxdb.FindOptions) ([]*influxdb.Authorization, int, error)
FindAuthorizations retrives all authorizations that match an arbitrary authorization filter. Filters using ID, or Token should be efficient. Other filters will do a linear scan across all authorizations searching for a match.
func (*Service) SetPassword ¶
SetPassword overrides the password of a known user.
func (*Service) SetPasswordHash ¶
SetPasswordHash updates the password hash for id. If passHash is not a valid bcrypt hash, SetPasswordHash returns an error.
This API is intended for upgrading 1.x users.
type Store ¶
type Store struct { IDGen platform.IDGenerator // contains filtered or unexported fields }
func (*Store) CreateAuthorization ¶
CreateAuthorization takes an Authorization object and saves it in storage using its token using its token property as an index
func (*Store) DeleteAuthorization ¶
DeleteAuthorization removes an authorization from storage
func (*Store) DeletePassword ¶
func (*Store) GetAuthorizationByID ¶
func (s *Store) GetAuthorizationByID(ctx context.Context, tx kv.Tx, id platform.ID) (*influxdb.Authorization, error)
GetAuthorization gets an authorization by its ID from the auth bucket in kv
func (*Store) GetAuthorizationByToken ¶
func (*Store) GetPassword ¶
func (*Store) ListAuthorizations ¶
func (s *Store) ListAuthorizations(ctx context.Context, tx kv.Tx, f influxdb.AuthorizationFilter) ([]*influxdb.Authorization, error)
ListAuthorizations returns all the authorizations matching a set of FindOptions. This function is used for FindAuthorizationByID, FindAuthorizationByToken, and FindAuthorizations in the AuthorizationService implementation
func (*Store) SetPassword ¶
type TenantService ¶
type TenantService interface { FindOrganizationByID(ctx context.Context, id platform.ID) (*influxdb.Organization, error) FindOrganization(ctx context.Context, filter influxdb.OrganizationFilter) (*influxdb.Organization, error) FindUserByID(ctx context.Context, id platform.ID) (*influxdb.User, error) FindUser(ctx context.Context, filter influxdb.UserFilter) (*influxdb.User, error) FindBucketByID(ctx context.Context, id platform.ID) (*influxdb.Bucket, error) }
TenantService is used to look up the Organization and User for an Authorization