embiam

package module
v0.0.17 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 26, 2021 License: MIT Imports: 12 Imported by: 0

README

embiam

Embedded identity and access management

-- WHAT IS embiam? The idea is to embed IAM directly in your API server. Since IAM doesn't require much CPU power or RAM, it's obvious to combine the primary tasks in your APIS and IAM. Use embiam to make your IAM simpler, easier to maintain, and more efficient. Efficiency doesn't only lead to cost reduction on your cloud infrastructure but also to greener IT because it's using less energy. With higher efficiency you also improve your user's expericence because the reponse times shrink and your user's have a smoother and more reactive experince using your applications. #CodeGreenIT

-- HOW TO USE IT? -- Initializing If your server is starting include the initialization of embiam

embiam.Initialize(new(embiam.DbFile))

In this case we are using the filesystem as database of the data (check the directory db/ in the folder to your executable). See example 2 how to apply it.

-- Checking identities Just embed embiam in your API code and use it to check username (we call it nick) and password. If the validation was successful, you get an identity token. Send it back to the client application. With this identity token the client application can validate further calls - without sending passwords around.

identityToken, err := embiam.CheckIdentity(credentials.Nick, credentials.Password, clientHost)

see example 1

-- Secure APIs with identity tokens After the authentication (with nick and password) the client application gets an identity token. This is used to validate the calls to your APIs. Before the actual task of the API is started, the identity token is checked. When the check was successful the actual task can be done, e.g. the data is fechted from the db or the item is added to the shopping basket.

if !embiam.IsIdentityTokenValid(requestBody.IdentityToken, clientHost) {
	http.Error(w, "", http.StatusForbidden)
	return
}

see example 1

-- Creating new nicks We call it nick instead of user because a nick describes also a machine, not only person. Nicks are generated and can't be choosen. So is the password. The procedure to provide a new identity with a new nick is as follows: 1. A nick token is generated. The nick token is valid for a certain time (e.g. 3 days - this is configured in conf.json). Usually the admin generates the token and sends it to the new user.

   newNickToken := embiam.GetNickToken()

2. The new user receives the nick token and uses it to get a new nick, a new password and a secret (to restore passwords). At the same time embiam saves the new nick into database (for password and secret embiam only stores hashes). The nick token is deleted.

   newNick := embiam.GenerateNewNick(nickToken)

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func CheckAuthIdentity 

func CheckAuthIdentity(authValue string, validFor string) (identityTokenStruct, string, error)

CheckAuthIdentity checks nick and password and provides and identity token (for validFor) it also returns the nick, that was checked

func CheckIdentity 

func CheckIdentity(nick, password, validFor string) (identityTokenStruct, error)

CheckIdentity checks nick and password and provides and identity token (for validFor)

func GenerateEntityToken 

func GenerateEntityToken() string

GenerateEntityToken generates a valid entity token

func GenerateIdentityToken 

func GenerateIdentityToken() string

GenerateIdentityToken generates a identity token

func GenerateNick 

func GenerateNick() string

GenerateNick generates a nick

func GeneratePassword 

func GeneratePassword(length int) string

GeneratePassword generates a password

func GeneratePin added in v0.0.10 

func GeneratePin() string

GeneratePin generates a PIN

func Hash 

func Hash(original string) string

Hash calculates 'hash' for 'original' using bcrypt

func Initialize 

func Initialize(aDb DbInterface)

Initialize prepares embiam

func InitializeDirectory added in v0.0.3 

func InitializeDirectory(folderPath string) error

InitializeDirectory checks if 'folderPath' exists and creates it, if it's not existing

func IsAuthIdentityTokenValid 

func IsAuthIdentityTokenValid(authValue string, validFor string) bool

IsAuthIdentityTokenValid checks if the identity token is valid, validFor contains information about the client, e.g. the IP address

func IsAuthorized added in v0.0.3 

func IsAuthorized(token string, authLeaf AuthNodeStruct) bool

IsAuthorized checks if the entity, provides through token, is authorizied for authLeaf

func IsIdentityTokenValid 

func IsIdentityTokenValid(token string, validFor string) bool

IsIdentityTokenValid checks if the identity token is valid, validFor contains information about the client, e.g. the IP address

Types

type AuthNodeStruct added in v0.0.3 

type AuthNodeStruct struct {
	Id            string              `json:"id"`            // Id is the unique name of the authorization node
	Node          []string            `json:"node"`          // refers to other nodes to inherted their authorization
	Authorization map[string][]string `json:"authorization"` // actual authorisition
}

type ConfigurationStruct 

type ConfigurationStruct struct {
	ServerId                     string `json:"serverId"`
	Port                         string `json:"port"`
	EntityTokenValidityHours     int    `json:"entityTokenValidityHours"`
	IdentityTokenValiditySeconds int    `json:"identityTokenValiditySeconds"`
	MaxSignInAttempts            int    `json:"maxSignInAttempts"`
}
var Configuration ConfigurationStruct

type DbFile 

type DbFile struct {
	EntityFilePath        string
	EntityDeletedFilePath string
	EntityTokenFilePath   string
	AuthNodeFilePath      string
	DBPath                string
}

DbFile - use the filesystem and store json files

func (DbFile) DeleteContentsFromDirectory added in v0.0.3 

func (m DbFile) DeleteContentsFromDirectory(dir string) error

func (DbFile) DeleteEntity added in v0.0.16 

func (m DbFile) DeleteEntity(nick string) error

func (DbFile) DeleteEntityToken 

func (m DbFile) DeleteEntityToken(token string) error

func (DbFile) EntityExists 

func (m DbFile) EntityExists(nick string) bool

func (*DbFile) Initialize 

func (m *DbFile) Initialize()

func (DbFile) ReadAuthNodes added in v0.0.3 

func (m DbFile) ReadAuthNodes(authNodes *[]AuthNodeStruct) error

func (DbFile) ReadEntityByNick 

func (m DbFile) ReadEntityByNick(nick string) (*Entity, error)

func (DbFile) ReadEntityList added in v0.0.10 

func (m DbFile) ReadEntityList() (nicklist []string, e error)

func (DbFile) ReadEntityToken 

func (m DbFile) ReadEntityToken(token string) (*EntityToken, error)

func (DbFile) ReadPublicEntityByNick added in v0.0.17 

func (m DbFile) ReadPublicEntityByNick(nick string) (*PublicEntity, error)

func (DbFile) SaveAuthNodes added in v0.0.3 

func (m DbFile) SaveAuthNodes(authNodes *[]AuthNodeStruct) error

func (DbFile) SaveEntity 

func (m DbFile) SaveEntity(e *Entity) error

func (DbFile) SaveEntityToken 

func (m DbFile) SaveEntityToken(et *EntityToken) error

type DbInterface 

type DbInterface interface {
	Initialize()
	// Entity
	ReadEntityList() (nicklist []string, e error)
	ReadEntityByNick(nick string) (*Entity, error)
	ReadPublicEntityByNick(nick string) (*PublicEntity, error)
	EntityExists(nick string) bool
	SaveEntity(entity *Entity) error
	DeleteEntity(nick string) error
	// Entity Tokens
	SaveEntityToken(entityToken *EntityToken) error
	ReadEntityToken(tokenoken string) (*EntityToken, error)
	DeleteEntityToken(token string) error
	// Auth Nodes
	ReadAuthNodes(authNode *[]AuthNodeStruct) error
	SaveAuthNodes(authNode *[]AuthNodeStruct) error
}
var Db DbInterface

******************************************************************* 

Interface Db (database, persistent storage)

*******************************************************************

type DbTransient added in v0.0.2 

type DbTransient struct {
	// contains filtered or unexported fields
}

DbTransient - non-persistent database for testing and demonstration

func (DbTransient) DeleteEntity added in v0.0.16 

func (m DbTransient) DeleteEntity(nick string) error

func (DbTransient) DeleteEntityToken added in v0.0.2 

func (m DbTransient) DeleteEntityToken(token string) error

func (DbTransient) EntityExists added in v0.0.2 

func (m DbTransient) EntityExists(nick string) bool

func (*DbTransient) Initialize added in v0.0.2 

func (m *DbTransient) Initialize()

func (DbTransient) ReadAuthNodes added in v0.0.3 

func (m DbTransient) ReadAuthNodes(authNode *[]AuthNodeStruct) error

func (DbTransient) ReadEntityByNick added in v0.0.2 

func (m DbTransient) ReadEntityByNick(nick string) (*Entity, error)

func (DbTransient) ReadEntityList added in v0.0.10 

func (m DbTransient) ReadEntityList() (nicklist []string, e error)

func (DbTransient) ReadEntityToken added in v0.0.2 

func (m DbTransient) ReadEntityToken(token string) (*EntityToken, error)

func (DbTransient) ReadPublicEntityByNick added in v0.0.17 

func (m DbTransient) ReadPublicEntityByNick(nick string) (*PublicEntity, error)

func (DbTransient) SaveAuthNodes added in v0.0.3 

func (m DbTransient) SaveAuthNodes(authNode *[]AuthNodeStruct) error

func (DbTransient) SaveEntity added in v0.0.2 

func (m DbTransient) SaveEntity(e *Entity) error

func (DbTransient) SaveEntityToken added in v0.0.2 

func (m DbTransient) SaveEntityToken(et *EntityToken) error

type Entity 

type Entity struct {
	Nick                 string    `json:"nick"`
	PasswordHash         string    `json:"passwordHash"`
	SecretHash           string    `json:"secretHash"`
	Active               bool      `json:"active"`
	WrongPasswordCounter int       `json:"WrongPasswordCounter"`
	LastSignInAttempt    time.Time `json:"lastSignInAttempt"`
	LastSignIn           time.Time `json:"lastSignIn"`
	CreateTimeStamp      time.Time `json:"createTimeStamp"`
	UpdateTimeStamp      time.Time `json:"updateTimeStamp"`
}

Entity describes a user or a device

func (*Entity) ToPublicEntity added in v0.0.17 

func (e *Entity) ToPublicEntity() PublicEntity

ToPublicEntity converts an EntityStruct to PublicEntity

type EntityToken 

type EntityToken struct {
	Token      string    `json:"token"`
	Pin        string    `json:"pin"`
	ValidUntil time.Time `json:"validUntil"`
}

******************************************************************* 

ENTITY TOKEN

Entity Tokens are used to create new entities. The administrator
creates an entity token and sends it to the new user. The new
user uses the entity token to create an new entity. After the
entity was created, the entity token is deleted.

*******************************************************************

func NewEntityToken 

func NewEntityToken() EntityToken

NewEntityToken creates a new entity token (token itself and validity, comming from configuration)

func (EntityToken) Delete 

func (et EntityToken) Delete() error

Delete the entity token from database

func (EntityToken) Save 

func (et EntityToken) Save() error

Save the entity token to database

type NewEntityStruct added in v0.0.10 

type NewEntityStruct struct {
	Nick                 string    `json:"nick"`
	Password             string    `json:"password"`
	Secret               string    `json:"secret"`
	PasswordHash         string    `json:"passwordHash"`
	SecretHash           string    `json:"secretHash"`
	Active               bool      `json:"active"`
	WrongPasswordCounter int       `json:"WrongPasswordCounter"`
	LastSignInAttempt    time.Time `json:"lastSignInAttempt"`
	LastSignIn           time.Time `json:"lastSignIn"`
	CreateTimeStamp      time.Time `json:"createTimeStamp"`
	UpdateTimeStamp      time.Time `json:"updateTimeStamp"`
}

NewEntity contains all fields of Entity but also the password and the secret (not only the hash)

func NewEntity 

func NewEntity(entityToken, pin string) (newEntity NewEntityStruct, err error)

NewEntity creates a new entity using an entityToken and PIN

func (*NewEntityStruct) ToEntity added in v0.0.10 

func (ne *NewEntityStruct) ToEntity() Entity

ToEntity converts a NewEntityStruct to Entity

type PublicEntity added in v0.0.17 

type PublicEntity struct {
	Nick                 string    `json:"nick"`
	Active               bool      `json:"active"`
	WrongPasswordCounter int       `json:"WrongPasswordCounter"`
	LastSignInAttempt    time.Time `json:"lastSignInAttempt"`
	LastSignIn           time.Time `json:"lastSignIn"`
	CreateTimeStamp      time.Time `json:"createTimeStamp"`
	UpdateTimeStamp      time.Time `json:"updateTimeStamp"`
}

PublicEntity describes a user or a device (without hashes)

type ServerId added in v0.0.11 

type ServerId [2]uint64

random 128-bit Id of the server

func (*ServerId) New added in v0.0.11 

func (id *ServerId) New()

New generates a new ServerId

func (*ServerId) String added in v0.0.11 

func (id *ServerId) String() string

Stringer for ServerId

Source Files

View all Source files

Directories

Path Synopsis
The programm is a simple REST server and handles two request: 1.
 The programm is a simple REST server and handles two request: 1.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.