Documentation
¶
Overview ¶
Thin controller-like layer supporting main.go Currently contains mostly authentication-related functions. Overly complex currently, will be redesigned a bit.
Currently user levels are: 0: total stranger. 1: someone who already done an action, was "registered on the fly", but failed puzzles 2: someone who already done an action, was registered on the fly and solved the puzzles successfully 100: registered user Above this, user levels are not well defined yet: 200: moderator-like entity 300: admin, full rights.
Package user implements basic user functionality. - Registration, deletion, update, login, logout of users. - Building the user itself (if logged in), and putting it to uni.Dat["_user"].
Index ¶
- func AuthAction(uni *context.Uni, auth_options map[string]interface{}) (error, error)
- func AuthOpts(uni *context.Uni, mod_name, action_name string) (auth_opts map[string]interface{}, explicit_ignore bool)
- func OkayToDoAction(uni *context.Uni, mod_name, action_name string) (error, error)
- func RegLoginBuild(uni *context.Uni, solved_puzzle bool) error
- func ShowPuzzles(uni *context.Uni, auth_options map[string]interface{}) (string, error)
- func ShowPuzzlesPath(uni *context.Uni, mod_name, action_name string) (string, error)
- func SolvePuzzles(uni *context.Uni, auth_options map[string]interface{}) error
- func SolvePuzzlesPath(uni *context.Uni, mod_name, action_name string) error
- func UserAllowed(uni *context.Uni, auth_options map[string]interface{}) error
- type A
- type H
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func AuthAction ¶
Similar to OkayToDoAction but it works directly on the auth_options map.
func AuthOpts ¶
func AuthOpts(uni *context.Uni, mod_name, action_name string) (auth_opts map[string]interface{}, explicit_ignore bool)
Retrieves the map which drives the given authorization from the option document.
func OkayToDoAction ¶
A very basic framework to provide an easy way to do action based authorization (currently checks user levels and puzzles). Hopefully this will solve the common security problem of forgetting to check the user's rights in modules, since everything is blacklisted by default (needs admin rights).
Example:
"Modules.%v.actions.%v.auth" : {
"min_lev": 0, // Defaults to 300. 0 Means somebody who has a user level >= min_lev can do it.
"no_puzzles_lev": 2 // Defaults to 2. Means someone who has a user level >= no_puzzles_lev will not have to solve the spam protection puzzle.
"puzzles": ["timer"] // Defaults to defaultPuzzles(uni).
"hot_reg": 2 // More precisely: "reg, login, build".
// Defaults to 0. Specifies wether to register, login and build a guest user.
// 0 means don't register at all. 1 means register if he solved the puzzles. 2 register even if he failed the puzzles (useful for moderation).
}
A value of false means proceed as passed. This is useful when the rights to an action can not be determined by only from the module and action name. A good example is the content module. An action of "insert", or "comment_insert" can belong to different types of content, thus requiring different levels. We can solve this problem by assigning "Modules.content.actions.insert.auth" = false and calling this function by hand as mod_name = "content.types.blog", action_name = "insert" => "Modules.content.types.blog.actions.insert.auth" (long, I know...).
Better workaround must exists, but currently we go on with this in the content module. First error is general error, not meant to be ignored, second is puzzle error, which can be ignored if one wants implement moderation.
func RegLoginBuild ¶
Helper function to hotregister a guest user, log him in and build his user data into uni.Dat["_user"].
func ShowPuzzles ¶
func ShowPuzzlesPath ¶
Show puzzles for action. Called as a template function, under the name "show_puzzles".
func SolvePuzzles ¶
Run all the spam protection assigned to the given action - if there is any. One can specify a minimum user level for the spam protection task. Naturally, if the user is above this level, he must not solve the puzzles.
For further information, see documentation of UserAllowed method.
func SolvePuzzlesPath ¶
Wraps SolvePuzzles Returns error on go on because one uses this function when wants to explicitly call SolvePuzzles (see comment_insert action of content)
func UserAllowed ¶
Immediately terminate the run of the action in case the user level is lower than the required level of the given action. By default, if not otherwise specified, every action requires a level of 300 (admin rights).
Made public to be able to call separately from PuzzlesSolved. This way one can implement moderation.
Source Files
Directories