Documentation ¶
Index ¶
- Variables
- func Auth(mech, device string, creds map[string]string) error
- func Clean()
- func HasAccess(role string) bool
- func Invalidate(sessId string) error
- func IsAuth() bool
- func RecoverService(toEndpoint, fromService string) error
- func RecoverSession(sessId string) error
- func SetCurrentService(name string)
- func SignOut(user *User)
- type Cacher
- type MockScope
- func (s *MockScope) Auth(mech, device string, creds map[string]string) error
- func (s *MockScope) AuthUser() *User
- func (s *MockScope) Authorised() bool
- func (s *MockScope) Clean() Scope
- func (s *MockScope) HasAccess(role string) bool
- func (s *MockScope) HasTriedAuth() bool
- func (s *MockScope) IsAuth() bool
- func (s *MockScope) MockUser(id string, roles []string)
- func (s *MockScope) RecoverService(toEndpoint, fromService string) error
- func (s *MockScope) RecoverSession(sessId string) error
- func (s *MockScope) RpcScope(scoper multiclient.Scoper) Scope
- func (s *MockScope) SetAuthorised(authorised bool)
- func (s *MockScope) SignOut(user *User) error
- type Scope
- type User
Constants ¶
This section is empty.
Variables ¶
var (
BadCredentialsError error = errors.New("Bad credentials")
)
var RoleGlobOptions = &glob.Options{ Separator: '.', MatchAtStart: true, MatchAtEnd: true, }
Options which should be used whenever construting a role glob
Functions ¶
func Invalidate ¶
Invalidate wraps `Invalidate` against our default memcache-based `Cacher`
func RecoverService ¶
RecoverService wraps defaultScope.RecoverService
func RecoverSession ¶
RecoverSession wraps defaultScope.RecoverSession
func SetCurrentService ¶
func SetCurrentService(name string)
SetCurrentService defines the current service, as used for service-to-service auth This defines who _we_ are, and thus which rules we'll load that define which other services will be allowed via HasAccess to call us with assumed role auth TODO delete when removing s2s rules
Types ¶
type MockScope ¶
type MockScope struct { MockUid string MockRoles []string // contains filtered or unexported fields }
func (*MockScope) Authorised ¶
func (*MockScope) HasTriedAuth ¶
func (*MockScope) RecoverService ¶
func (*MockScope) RecoverSession ¶
func (*MockScope) SetAuthorised ¶
type Scope ¶
type Scope interface { RpcScope(scoper multiclient.Scoper) Scope Clean() Scope RecoverSession(sessId string) error RecoverService(toEndpoint, fromService string) error Auth(mech, device string, creds map[string]string) error IsAuth() bool AuthUser() *User HasAccess(role string) bool SignOut(user *User) error HasTriedAuth() bool Authorised() bool SetAuthorised(authorised bool) }
Scope represents some session witin which we may know about a user who has somehow identified themselves to us, or some service that has identified itself to us (and we trust)
type User ¶
type User struct {
SessId, Mech, Device, Id string
CreatedTs, ExpiryTs, RenewTs time.Time
Roles []string
Token, Sig, Data []byte
}
func FromSessionToken ¶
FromSessionToken turns a raw session and token pair into a full user object that we can query/validate
func (*User) Application ¶
Application returns the user's application (derived from the authentication mechanism). This is only available for H2-generated tokens; H1 tokens return an empty string.
func (*User) CanAutoRenew ¶
CanAutoRenew tests if the token can be auto-renewed at this time (by the login service)