Documentation ¶
Index ¶
- Constants
- func GenerateSHA256PasswordHash(cleartext string) (string, error)
- type AccessControlV1
- type Common
- type Config
- type ErrDuplicateAccessControlPath
- type ErrInvalidPermissions
- type ErrInvalidVersion
- type ErrUndefinedUsername
- type InvalidPasswordHash
- type V1
- func (c *V1) Authenticate(ctx context.Context, username, cleartextPassword string) bool
- func (c *V1) Encode(w io.Writer, prettify bool) error
- func (c *V1) EnsureInit() error
- func (c *V1) GetPermissions(path string, username *string) (read, list bool, possibleRead, possibleList bool, realm string, err error)
- func (c *V1) HasBcryptPasswords() (bool, error)
- func (c *V1) Validate() error
- func (c *V1) Version() Version
- type Version
Constants ¶
const ( // PermRead is the read permission. PermRead = "read" // PermList is the list permission. PermList = "list" // PermReadAndList allows both read and list. PermReadAndList = "read,list" )
const ( // VersionUnknownStr is the string representation of VUnknown. VersionUnknownStr string = "unknown" // Version1Str is the string representation of Version1. Version1Str string = "v1" // Version2Str is the string representation of Version2. Version2Str string = "v2" )
const DefaultConfigFilename = ".kbp_config"
DefaultConfigFilename is the default filename for Keybase Pages config file.
const DefaultConfigFilepath = "/.kbp_config"
DefaultConfigFilepath is the default path for Keybase Pages config file under the site root, and is what's used in kbpagesd.
Variables ¶
This section is empty.
Functions ¶
func GenerateSHA256PasswordHash ¶
GenerateSHA256PasswordHash generates a SHA256 based password hash.
Types ¶
type AccessControlV1 ¶
type AccessControlV1 struct { // WhitelistAdditionalPermissions is a map of username -> permissions that // defines a list of additional permissions that authenticated users have // in addition to AnonymousPermissions. WhitelistAdditionalPermissions map[string]string `json:"whitelist_additional_permissions"` // AnonymousPermissions is the permissions for // unauthenticated/anonymous requests. AnonymousPermissions string `json:"anonymous_permissions"` }
AccessControlV1 defines an access control list (ACL) for the V1 config.
type Common ¶
type Common struct { // Version specifies the version of the config. Version string `json:"version"` }
Common includes common fields that should appear in all versions of configs.
type Config ¶
type Config interface { Version() Version Authenticate(ctx context.Context, username, password string) bool // GetPermissions returns permission info. If username is nil, anonymous // permissions are returned. Otherwise, permissions for *username is // returned. Additionally, "maximum possible permissions" are returned, // which indicates whether a permission (read or list) is possible to be // granted on the path if proper authentication is provided. GetPermissions(path string, username *string) ( read, list bool, possibleRead, possibleList bool, realm string, err error) Encode(w io.Writer, prettify bool) error }
Config is a collection of methods for getting different configuration parameters.
type ErrDuplicateAccessControlPath ¶
type ErrDuplicateAccessControlPath struct {
// contains filtered or unexported fields
}
ErrDuplicateAccessControlPath is returned when multiple ACLs are defined for the same path in config.
func (ErrDuplicateAccessControlPath) Error ¶
func (e ErrDuplicateAccessControlPath) Error() string
Error implements the error interface.
type ErrInvalidPermissions ¶
type ErrInvalidPermissions struct {
// contains filtered or unexported fields
}
ErrInvalidPermissions is returned when an invalid permissions string appears in the config.
func (ErrInvalidPermissions) Error ¶
func (e ErrInvalidPermissions) Error() string
Error implements the error interface.
type ErrInvalidVersion ¶
type ErrInvalidVersion struct {
// contains filtered or unexported fields
}
ErrInvalidVersion is returned when Version field of the config is invalid.
func (ErrInvalidVersion) Error ¶
func (e ErrInvalidVersion) Error() string
Error implements the error interface.
type ErrUndefinedUsername ¶
type ErrUndefinedUsername struct {
// contains filtered or unexported fields
}
ErrUndefinedUsername is returned when a username appears in a ACL but it's not defined in the config's Users section.
func (ErrUndefinedUsername) Error ¶
func (e ErrUndefinedUsername) Error() string
Error implements the error interface.
type InvalidPasswordHash ¶
type InvalidPasswordHash struct{}
InvalidPasswordHash is the error that happens when there's an invalid password hash in the config.
func (InvalidPasswordHash) Error ¶
func (InvalidPasswordHash) Error() string
Error implements the error interface.
type V1 ¶
type V1 struct { Common // Users is a [username -> bcrypt-hashed password] map that defines how // users should be authenticated. Users map[string]string `json:"users"` // ACLs is a path -> AccessControlV1 map that defines ACLs for different // paths. ACLs map[string]AccessControlV1 `json:"acls"` // contains filtered or unexported fields }
V1 defines a V1 config. Public fields are accessible by `json` encoders and decoder.
On first call to GetPermission* methods, it initializes an internal ACL checker. If the object is constructed from ParseConfig, its internal ACL checker is initialized automatically. Any changes to the ACL fields afterwards have no effect.
func DefaultV1 ¶
func DefaultV1() *V1
DefaultV1 returns a default V1 config, which allows anonymous read to everything.
func (*V1) Authenticate ¶
Authenticate implements the Config interface.
func (*V1) EnsureInit ¶
EnsureInit initializes c, and returns any error encountered during the initialization. It is not necessary to call EnsureInit. Methods that need it does it automatically.
func (*V1) GetPermissions ¶
func (c *V1) GetPermissions(path string, username *string) ( read, list bool, possibleRead, possibleList bool, realm string, err error)
GetPermissions implements the Config interface.
func (*V1) HasBcryptPasswords ¶
HasBcryptPasswords checks if any password hash in the config is a bcrypt hash. This method is temporary for migration and will go away.
func (*V1) Validate ¶
Validate checks all public fields of c, and returns an error if any of them is invalid, or a nil-error if they are all valid.
Although changes to ACL fields have no effect to ACL checkings once the internal ACL checker is intialized (see comment on V1), this method still checks the updated ACL feilds. So it's OK to use Validate directly on a *V1 that has been modified since it was initialized.
As a result, unlike other methods on the type, this method is not goroutine safe against changes to the public fields.
type Version ¶
type Version int
Version specifies the version of a config.
const ( // VersionUnknown defines an unknown config version. VersionUnknown Version = iota // Version1 is version 1. Version1 // Version2 is version 2. // // Currently the only difference between V1 and V2 is that V2 uses // sha-based password hash instead of bcrypt in V1. V2 still uses the ACL // definition and checker from V1. Version2 )