Documentation
¶
Index ¶
- Constants
- Variables
- type Claims
- type Flag
- type JWTValidator
- type Validator
- type ValidatorFunc
- func ValidateAPIKeyAccess(flag Flag, id uuid.UUID) ValidatorFunc
- func ValidateAPIKeysAccess(flag Flag, organizationID int64, applicationID int64) ValidatorFunc
- func ValidateActiveUser() ValidatorFunc
- func ValidateApplicationAccess(applicationID int64, flag Flag) ValidatorFunc
- func ValidateApplicationsAccess(flag Flag, organizationID int64) ValidatorFunc
- func ValidateDeviceProfileAccess(flag Flag, id uuid.UUID) ValidatorFunc
- func ValidateDeviceProfilesAccess(flag Flag, organizationID, applicationID int64) ValidatorFunc
- func ValidateDeviceQueueAccess(devEUI lorawan.EUI64, flag Flag) ValidatorFunc
- func ValidateGatewayAccess(flag Flag, mac lorawan.EUI64) ValidatorFunc
- func ValidateGatewayProfileAccess(flag Flag) ValidatorFunc
- func ValidateGatewaysAccess(flag Flag, organizationID int64) ValidatorFunc
- func ValidateIsOrganizationAdmin(organizationID int64) ValidatorFunc
- func ValidateMulticastGroupAccess(flag Flag, multicastGroupID uuid.UUID) ValidatorFunc
- func ValidateMulticastGroupQueueAccess(flag Flag, multicastGroupID uuid.UUID) ValidatorFunc
- func ValidateMulticastGroupsAccess(flag Flag, applicationID int64) ValidatorFunc
- func ValidateNetworkServerAccess(flag Flag, id int64) ValidatorFunc
- func ValidateNetworkServersAccess(flag Flag, organizationID int64) ValidatorFunc
- func ValidateNodeAccess(devEUI lorawan.EUI64, flag Flag) ValidatorFunc
- func ValidateNodesAccess(applicationID int64, flag Flag) ValidatorFunc
- func ValidateOrganizationAccess(flag Flag, id int64) ValidatorFunc
- func ValidateOrganizationNetworkServerAccess(flag Flag, organizationID, networkServerID int64) ValidatorFunc
- func ValidateOrganizationUserAccess(flag Flag, organizationID, userID int64) ValidatorFunc
- func ValidateOrganizationUsersAccess(flag Flag, id int64) ValidatorFunc
- func ValidateOrganizationsAccess(flag Flag) ValidatorFunc
- func ValidateServiceProfileAccess(flag Flag, id uuid.UUID) ValidatorFunc
- func ValidateServiceProfilesAccess(flag Flag, organizationID int64) ValidatorFunc
- func ValidateUserAccess(userID int64, flag Flag) ValidatorFunc
- func ValidateUsersAccess(flag Flag) ValidatorFunc
Constants ¶
const ( SubjectUser = "user" SubjectAPIKey = "api_key" )
API key subjects.
Variables ¶
var ( ErrNoMetadataInContext = errors.New("no metadata in context") ErrNoAuthorizationInMetadata = errors.New("no authorization-data in metadata") ErrInvalidAlgorithm = errors.New("invalid algorithm") ErrInvalidToken = errors.New("invalid token") ErrNotAuthorized = errors.New("not authorized") )
errors
Functions ¶
This section is empty.
Types ¶
type Claims ¶
type Claims struct {
jwt.StandardClaims
// Username defines the identity of the user.
Username string `json:"username"`
// UserID defines the ID of th user.
UserID int64 `json:"user_id"`
// APIKeyID defines the API key ID.
APIKeyID uuid.UUID `json:"api_key_id"`
}
Claims defines the struct containing the token claims.
type JWTValidator ¶
type JWTValidator struct {
// contains filtered or unexported fields
}
JWTValidator validates JWT tokens.
func NewJWTValidator ¶
func NewJWTValidator(db sqlx.Ext, algorithm, secret string) *JWTValidator
NewJWTValidator creates a new JWTValidator.
func (JWTValidator) GetAPIKeyID ¶
GetAPIKeyID returns the API key of the token.
func (JWTValidator) GetSubject ¶
func (v JWTValidator) GetSubject(ctx context.Context) (string, error)
GetSubject returns the subject of the claim.
func (JWTValidator) Validate ¶
func (v JWTValidator) Validate(ctx context.Context, funcs ...ValidatorFunc) error
Validate validates the token from the given context against the given validator funcs.
type Validator ¶
type Validator interface {
// Validate validates the given set of validators against the given context.
// Must return after the first validator function either returns true or
// and error. The way how the validation must be seens is:
// if validatorFunc1 || validatorFunc2 || validatorFunc3 ...
// In case multiple validators must validate to true, then a validator
// func needs to be implemented which validates a given set of funcs as:
// if validatorFunc1 && validatorFunc2 && ValidatorFunc3 ...
Validate(context.Context, ...ValidatorFunc) error
// GetSubject returns the claim subject.
GetSubject(context.Context) (string, error)
// GetUser returns the user object.
GetUser(context.Context) (storage.User, error)
// GetAPIKey returns the API key ID.
GetAPIKeyID(context.Context) (uuid.UUID, error)
}
Validator defines the interface a validator needs to implement.
type ValidatorFunc ¶
ValidatorFunc defines the signature of a claim validator function. It returns a bool indicating if the validation passed or failed and an error in case an error occurred (e.g. db connectivity).
func ValidateAPIKeyAccess ¶
func ValidateAPIKeyAccess(flag Flag, id uuid.UUID) ValidatorFunc
ValidateAPIKeyAccess validates if the client has access to the given API key.
func ValidateAPIKeysAccess ¶
func ValidateAPIKeysAccess(flag Flag, organizationID int64, applicationID int64) ValidatorFunc
ValidateAPIKeysAccess validates if the client has access to the global API key resource.
func ValidateActiveUser ¶
func ValidateActiveUser() ValidatorFunc
ValidateActiveUser validates if the user in the JWT claim is active.
func ValidateApplicationAccess ¶
func ValidateApplicationAccess(applicationID int64, flag Flag) ValidatorFunc
ValidateApplicationAccess validates if the client has access to the given application.
func ValidateApplicationsAccess ¶
func ValidateApplicationsAccess(flag Flag, organizationID int64) ValidatorFunc
ValidateApplicationsAccess validates if the client has access to the global applications resource.
func ValidateDeviceProfileAccess ¶
func ValidateDeviceProfileAccess(flag Flag, id uuid.UUID) ValidatorFunc
ValidateDeviceProfileAccess validates if the client has access to the given device-profile.
func ValidateDeviceProfilesAccess ¶
func ValidateDeviceProfilesAccess(flag Flag, organizationID, applicationID int64) ValidatorFunc
ValidateDeviceProfilesAccess validates if the client has access to the device-profiles.
func ValidateDeviceQueueAccess ¶
func ValidateDeviceQueueAccess(devEUI lorawan.EUI64, flag Flag) ValidatorFunc
ValidateDeviceQueueAccess validates if the client has access to the queue of the given node.
func ValidateGatewayAccess ¶
func ValidateGatewayAccess(flag Flag, mac lorawan.EUI64) ValidatorFunc
ValidateGatewayAccess validates if the client has access to the given gateway.
func ValidateGatewayProfileAccess ¶
func ValidateGatewayProfileAccess(flag Flag) ValidatorFunc
ValidateGatewayProfileAccess validates if the client has access to the gateway-profiles.
func ValidateGatewaysAccess ¶
func ValidateGatewaysAccess(flag Flag, organizationID int64) ValidatorFunc
ValidateGatewaysAccess validates if the client has access to the gateways.
func ValidateIsOrganizationAdmin ¶
func ValidateIsOrganizationAdmin(organizationID int64) ValidatorFunc
ValidateIsOrganizationAdmin validates if the client has access to administrate the given organization.
func ValidateMulticastGroupAccess ¶
func ValidateMulticastGroupAccess(flag Flag, multicastGroupID uuid.UUID) ValidatorFunc
ValidateMulticastGroupAccess validates if the client has access to the given multicast-group.
func ValidateMulticastGroupQueueAccess ¶
func ValidateMulticastGroupQueueAccess(flag Flag, multicastGroupID uuid.UUID) ValidatorFunc
ValidateMulticastGroupQueueAccess validates if the client has access to the given multicast-group queue.
func ValidateMulticastGroupsAccess ¶
func ValidateMulticastGroupsAccess(flag Flag, applicationID int64) ValidatorFunc
ValidateMulticastGroupsAccess validates if the client has access to the multicast-groups.
func ValidateNetworkServerAccess ¶
func ValidateNetworkServerAccess(flag Flag, id int64) ValidatorFunc
ValidateNetworkServerAccess validates if the client has access to the given network-server.
func ValidateNetworkServersAccess ¶
func ValidateNetworkServersAccess(flag Flag, organizationID int64) ValidatorFunc
ValidateNetworkServersAccess validates if the client has access to the network-servers.
func ValidateNodeAccess ¶
func ValidateNodeAccess(devEUI lorawan.EUI64, flag Flag) ValidatorFunc
ValidateNodeAccess validates if the client has access to the given node.
func ValidateNodesAccess ¶
func ValidateNodesAccess(applicationID int64, flag Flag) ValidatorFunc
ValidateNodesAccess validates if the client has access to the global nodes resource.
func ValidateOrganizationAccess ¶
func ValidateOrganizationAccess(flag Flag, id int64) ValidatorFunc
ValidateOrganizationAccess validates if the client has access to the given organization.
func ValidateOrganizationNetworkServerAccess ¶
func ValidateOrganizationNetworkServerAccess(flag Flag, organizationID, networkServerID int64) ValidatorFunc
ValidateOrganizationNetworkServerAccess validates if the given client has access to the given organization id / network server id combination.
func ValidateOrganizationUserAccess ¶
func ValidateOrganizationUserAccess(flag Flag, organizationID, userID int64) ValidatorFunc
ValidateOrganizationUserAccess validates if the client has access to the given user of the given organization.
func ValidateOrganizationUsersAccess ¶
func ValidateOrganizationUsersAccess(flag Flag, id int64) ValidatorFunc
ValidateOrganizationUsersAccess validates if the client has access to the organization users.
func ValidateOrganizationsAccess ¶
func ValidateOrganizationsAccess(flag Flag) ValidatorFunc
ValidateOrganizationsAccess validates if the client has access to the organizations.
func ValidateServiceProfileAccess ¶
func ValidateServiceProfileAccess(flag Flag, id uuid.UUID) ValidatorFunc
ValidateServiceProfileAccess validates if the client has access to the given service-profile.
func ValidateServiceProfilesAccess ¶
func ValidateServiceProfilesAccess(flag Flag, organizationID int64) ValidatorFunc
ValidateServiceProfilesAccess validates if the client has access to the service-profiles.
func ValidateUserAccess ¶
func ValidateUserAccess(userID int64, flag Flag) ValidatorFunc
ValidateUserAccess validates if the client has access to the given user resource.
func ValidateUsersAccess ¶
func ValidateUsersAccess(flag Flag) ValidatorFunc
ValidateUsersAccess validates if the client has access to the global users resource.
Source Files