auth

package
v0.0.0-...-c5af384 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 13, 2015 License: Apache-2.0 Imports: 8 Imported by: 0

Documentation

Overview

Package auth implements Camlistore authentication.

Index

Constants

View Source 
const (
	OpUpload Operation = 1 << iota
	OpStat
	OpGet
	OpEnumerate
	OpRemove
	OpSign
	OpDiscovery
	OpRead   = OpEnumerate | OpStat | OpGet | OpDiscovery
	OpRW     = OpUpload | OpEnumerate | OpStat | OpGet // Not Remove
	OpVivify = OpUpload | OpStat | OpGet | OpDiscovery
	OpAll    = OpUpload | OpEnumerate | OpStat | OpRemove | OpGet | OpSign | OpDiscovery
)

Variables

View Source 
var ErrNoAuth = errors.New("auth: no configured authentication")

ErrNoAuth is returned when there is no configured authentication.

Functions

func AddMode 

func AddMode(am AuthMode)

AddMode adds the given authentication mode to the list of modes that future requests can authenticate against.

func Allowed 

func Allowed(req *http.Request, op Operation) bool

Allowed returns whether the given request has access to perform all the operations in op.

func AllowedWithAuth 

func AllowedWithAuth(am AuthMode, req *http.Request, op Operation) bool

AllowedWithAuth returns whether the given request has access to perform all the operations in op against am.

func IsLocalhost 

func IsLocalhost(req *http.Request) bool

func ProcessRandom 

func ProcessRandom() string

func RandToken 

func RandToken(size int) string

RandToken genererates (with crypto/rand.Read) and returns a token that is the hex version (2x size) of size bytes of randomness.

func RegisterAuth 

func RegisterAuth(name string, ctor AuthConfigParser)

RegisterAuth registers a new authentication scheme.

func RequireAuth 

func RequireAuth(h http.Handler, op Operation) http.Handler

RequireAuth wraps a function with another function that enforces HTTP Basic Auth and checks if the operations in op are all permitted.

func SendUnauthorized 

func SendUnauthorized(rw http.ResponseWriter, req *http.Request)

func SetMode 

func SetMode(m AuthMode)

SetMode sets the given authentication mode as the only allowed one for future requests. That is, it replaces all modes that were previously added.

func TriedAuthorization 

func TriedAuthorization(req *http.Request) bool

Types

type AuthConfigParser 

type AuthConfigParser func(arg string) (AuthMode, error)

An AuthConfigParser parses a registered authentication type's option and returns an AuthMode.

type AuthMode 

type AuthMode interface {
	// AllowedAccess returns a bitmask of all operations
	// this user/request is allowed to do.
	AllowedAccess(req *http.Request) Operation
	// AddAuthHeader inserts in req the credentials needed
	// for a client to authenticate.
	AddAuthHeader(req *http.Request)
}

An AuthMode is the interface implemented by diffent authentication schemes.

func FromConfig 

func FromConfig(authConfig string) (AuthMode, error)

FromConfig parses authConfig and accordingly sets up the AuthMode that will be used for all upcoming authentication exchanges. The supported modes are UserPass and DevAuth. UserPass requires an authConfig of the kind "userpass:joe:ponies".

If the input string is empty, the error will be ErrNoAuth.

func FromEnv 

func FromEnv() (AuthMode, error)

func NewBasicAuth 

func NewBasicAuth(username, password string) AuthMode

NewBasicAuth returns a UserPass Authmode, adequate to support HTTP basic authentication.

type DevAuth 

type DevAuth struct {
	Password string
	// Password for the vivify mode, automatically set to "vivi" + Password
	VivifyPass string
}

DevAuth is used for development. It has one password and one vivify password, but also accepts all passwords from localhost. Usernames are ignored.

func (*DevAuth) AddAuthHeader 

func (da *DevAuth) AddAuthHeader(req *http.Request)

func (*DevAuth) AllowedAccess 

func (da *DevAuth) AllowedAccess(req *http.Request) Operation

type Handler 

type Handler struct {
	http.Handler
}

func (Handler) ServeHTTP 

func (h Handler) ServeHTTP(w http.ResponseWriter, r *http.Request)

ServeHTTP serves only if this request and auth mode are allowed all Operations.

type Localhost 

type Localhost struct {
	None
}

func (Localhost) AllowedAccess 

func (Localhost) AllowedAccess(req *http.Request) (out Operation)

type None 

type None struct{}

func (None) AddAuthHeader 

func (None) AddAuthHeader(req *http.Request)

func (None) AllowedAccess 

func (None) AllowedAccess(req *http.Request) Operation

type Operation 

type Operation int

Operation represents a bitmask of operations. See the OpX constants.

type UnauthorizedSender 

type UnauthorizedSender interface {
	// SendUnauthorized sends an unauthorized response,
	// and returns whether it handled it.
	SendUnauthorized(http.ResponseWriter, *http.Request) (handled bool)
}

UnauthorizedSender may be implemented by AuthModes which want to handle sending unauthorized.

type UserPass 

type UserPass struct {
	Username, Password string
	OrLocalhost        bool // if true, allow localhost ident auth too
	// Alternative password used (only) for the vivify operation.
	// It is checked when uploading, but Password takes precedence.
	VivifyPass string
}

UserPass is used when the auth string provided in the config is of the kind "userpass:username:pass" Possible options appended to the config string are "+localhost" and "vivify=pass", where pass will be the alternative password which only allows the vivify operation.

func (*UserPass) AddAuthHeader 

func (up *UserPass) AddAuthHeader(req *http.Request)

func (*UserPass) AllowedAccess 

func (up *UserPass) AllowedAccess(req *http.Request) Operation

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.