auth

package
v0.0.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 7, 2023 License: MIT Imports: 13 Imported by: 0

Documentation

Index

Constants

View Source
const (
	SubjectUser   = "user"
	SubjectAPIKey = "api_key"
)

API key subjects.

Variables

View Source
var (
	ErrNoMetadataInContext       = errors.New("no metadata in context")
	ErrNoAuthorizationInMetadata = errors.New("no authorization-data in metadata")
	ErrInvalidAlgorithm          = errors.New("invalid algorithm")
	ErrInvalidToken              = errors.New("invalid token")
	ErrNotAuthorized             = errors.New("not authorized")
)

errors

Functions

This section is empty.

Types

type Claims

type Claims struct {
	jwt.StandardClaims

	// Username defines the identity of the user.
	Username string `json:"username"`

	// UserID defines the ID of th user.
	UserID int64 `json:"user_id"`

	// APIKeyID defines the API key ID.
	APIKeyID uuid.UUID `json:"api_key_id"`
}

Claims defines the struct containing the token claims.

type Flag

type Flag int

Flag defines the authorization flag.

const (
	Create Flag = iota
	Read
	Update
	Delete
	List
	UpdateProfile
	ADRAlgorithms
)

Authorization flags.

type JWTValidator

type JWTValidator struct {
	// contains filtered or unexported fields
}

JWTValidator validates JWT tokens.

func NewJWTValidator

func NewJWTValidator(db sqlx.Ext, algorithm, secret string) *JWTValidator

NewJWTValidator creates a new JWTValidator.

func (JWTValidator) GetAPIKeyID

func (v JWTValidator) GetAPIKeyID(ctx context.Context) (uuid.UUID, error)

GetAPIKeyID returns the API key of the token.

func (JWTValidator) GetSubject

func (v JWTValidator) GetSubject(ctx context.Context) (string, error)

GetSubject returns the subject of the claim.

func (JWTValidator) GetUser

func (v JWTValidator) GetUser(ctx context.Context) (storage.User, error)

GetUser returns the user object.

func (JWTValidator) Validate

func (v JWTValidator) Validate(ctx context.Context, funcs ...ValidatorFunc) error

Validate validates the token from the given context against the given validator funcs.

type Validator

type Validator interface {
	// Validate validates the given set of validators against the given context.
	// Must return after the first validator function either returns true or
	// and error. The way how the validation must be seens is:
	//   if validatorFunc1 || validatorFunc2 || validatorFunc3 ...
	// In case multiple validators must validate to true, then a validator
	// func needs to be implemented which validates a given set of funcs as:
	//   if validatorFunc1 && validatorFunc2 && ValidatorFunc3 ...
	Validate(context.Context, ...ValidatorFunc) error

	// GetSubject returns the claim subject.
	GetSubject(context.Context) (string, error)

	// GetUser returns the user object.
	GetUser(context.Context) (storage.User, error)

	// GetAPIKey returns the API key ID.
	GetAPIKeyID(context.Context) (uuid.UUID, error)
}

Validator defines the interface a validator needs to implement.

type ValidatorFunc

type ValidatorFunc func(sqlx.Queryer, *Claims) (bool, error)

ValidatorFunc defines the signature of a claim validator function. It returns a bool indicating if the validation passed or failed and an error in case an error occurred (e.g. db connectivity).

func ValidateAPIKeyAccess

func ValidateAPIKeyAccess(flag Flag, id uuid.UUID) ValidatorFunc

ValidateAPIKeyAccess validates if the client has access to the given API key.

func ValidateAPIKeysAccess

func ValidateAPIKeysAccess(flag Flag, organizationID int64, applicationID int64) ValidatorFunc

ValidateAPIKeysAccess validates if the client has access to the global API key resource.

func ValidateActiveUser

func ValidateActiveUser() ValidatorFunc

ValidateActiveUser validates if the user in the JWT claim is active.

func ValidateApplicationAccess

func ValidateApplicationAccess(applicationID int64, flag Flag) ValidatorFunc

ValidateApplicationAccess validates if the client has access to the given application.

func ValidateApplicationsAccess

func ValidateApplicationsAccess(flag Flag, organizationID int64) ValidatorFunc

ValidateApplicationsAccess validates if the client has access to the global applications resource.

func ValidateDeviceProfileAccess

func ValidateDeviceProfileAccess(flag Flag, id uuid.UUID) ValidatorFunc

ValidateDeviceProfileAccess validates if the client has access to the given device-profile.

func ValidateDeviceProfilesAccess

func ValidateDeviceProfilesAccess(flag Flag, organizationID, applicationID int64) ValidatorFunc

ValidateDeviceProfilesAccess validates if the client has access to the device-profiles.

func ValidateDeviceQueueAccess

func ValidateDeviceQueueAccess(devEUI lorawan.EUI64, flag Flag) ValidatorFunc

ValidateDeviceQueueAccess validates if the client has access to the queue of the given node.

func ValidateGatewayAccess

func ValidateGatewayAccess(flag Flag, mac lorawan.EUI64) ValidatorFunc

ValidateGatewayAccess validates if the client has access to the given gateway.

func ValidateGatewayProfileAccess

func ValidateGatewayProfileAccess(flag Flag) ValidatorFunc

ValidateGatewayProfileAccess validates if the client has access to the gateway-profiles.

func ValidateGatewaysAccess

func ValidateGatewaysAccess(flag Flag, organizationID int64) ValidatorFunc

ValidateGatewaysAccess validates if the client has access to the gateways.

func ValidateIsOrganizationAdmin

func ValidateIsOrganizationAdmin(organizationID int64) ValidatorFunc

ValidateIsOrganizationAdmin validates if the client has access to administrate the given organization.

func ValidateMulticastGroupAccess

func ValidateMulticastGroupAccess(flag Flag, multicastGroupID uuid.UUID) ValidatorFunc

ValidateMulticastGroupAccess validates if the client has access to the given multicast-group.

func ValidateMulticastGroupQueueAccess

func ValidateMulticastGroupQueueAccess(flag Flag, multicastGroupID uuid.UUID) ValidatorFunc

ValidateMulticastGroupQueueAccess validates if the client has access to the given multicast-group queue.

func ValidateMulticastGroupsAccess

func ValidateMulticastGroupsAccess(flag Flag, applicationID int64) ValidatorFunc

ValidateMulticastGroupsAccess validates if the client has access to the multicast-groups.

func ValidateNetworkServerAccess

func ValidateNetworkServerAccess(flag Flag, id int64) ValidatorFunc

ValidateNetworkServerAccess validates if the client has access to the given network-server.

func ValidateNetworkServersAccess

func ValidateNetworkServersAccess(flag Flag, organizationID int64) ValidatorFunc

ValidateNetworkServersAccess validates if the client has access to the network-servers.

func ValidateNodeAccess

func ValidateNodeAccess(devEUI lorawan.EUI64, flag Flag) ValidatorFunc

ValidateNodeAccess validates if the client has access to the given node.

func ValidateNodesAccess

func ValidateNodesAccess(applicationID int64, flag Flag) ValidatorFunc

ValidateNodesAccess validates if the client has access to the global nodes resource.

func ValidateOrganizationAccess

func ValidateOrganizationAccess(flag Flag, id int64) ValidatorFunc

ValidateOrganizationAccess validates if the client has access to the given organization.

func ValidateOrganizationNetworkServerAccess

func ValidateOrganizationNetworkServerAccess(flag Flag, organizationID, networkServerID int64) ValidatorFunc

ValidateOrganizationNetworkServerAccess validates if the given client has access to the given organization id / network server id combination.

func ValidateOrganizationUserAccess

func ValidateOrganizationUserAccess(flag Flag, organizationID, userID int64) ValidatorFunc

ValidateOrganizationUserAccess validates if the client has access to the given user of the given organization.

func ValidateOrganizationUsersAccess

func ValidateOrganizationUsersAccess(flag Flag, id int64) ValidatorFunc

ValidateOrganizationUsersAccess validates if the client has access to the organization users.

func ValidateOrganizationsAccess

func ValidateOrganizationsAccess(flag Flag) ValidatorFunc

ValidateOrganizationsAccess validates if the client has access to the organizations.

func ValidateServiceProfileAccess

func ValidateServiceProfileAccess(flag Flag, id uuid.UUID) ValidatorFunc

ValidateServiceProfileAccess validates if the client has access to the given service-profile.

func ValidateServiceProfilesAccess

func ValidateServiceProfilesAccess(flag Flag, organizationID int64) ValidatorFunc

ValidateServiceProfilesAccess validates if the client has access to the service-profiles.

func ValidateUserAccess

func ValidateUserAccess(userID int64, flag Flag) ValidatorFunc

ValidateUserAccess validates if the client has access to the given user resource.

func ValidateUsersAccess

func ValidateUsersAccess(flag Flag) ValidatorFunc

ValidateUsersAccess validates if the client has access to the global users resource.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL