defaultauth

Documentation

Index

• Constants
• Variables
• func IsEmptyOperator(t OperatorInfo) bool
• func IsSubAccount(t OperatorInfo) bool
• func StoreCode2APICode(err error) apimodel.Code
• type AuthConfig
  • func DefaultAuthConfig() *AuthConfig
  • func (cfg *AuthConfig) Verify() error
• type OperatorInfo
  • func (t *OperatorInfo) String() string
• type StrategyDetail2Api
• type User2Api
• type UserGroup2Api

Constants

const (
	// TokenPattern token 的格式 随机字符串::[uid/xxx | groupid/xxx]
	TokenPattern string = "%s::%s"
	// TokenSplit token 的分隔符
	TokenSplit string = "::"
)

const (
	// PluginName default auth name
	PluginName = "defaultAuth"
)

Variables

var (
	// ErrorNotAllowedAccess 鉴权失败
	ErrorNotAllowedAccess error = errors.New(api.Code2Info(api.NotAllowedAccess))

	// ErrorInvalidParameter 不合法的参数
	ErrorInvalidParameter error = errors.New(api.Code2Info(api.InvalidParameter))
)

var (
	// MustOwner 必须超级账户 or 主账户
	MustOwner = true
	// NotOwner 任意账户
	NotOwner = false
	// WriteOp 写操作
	WriteOp = true
	// ReadOp 读操作
	ReadOp = false
)

var AuthOption = DefaultAuthConfig()

AuthOption 鉴权的配置信息

var (
	// StrategyFilterAttributes strategy filter attributes
	StrategyFilterAttributes = map[string]bool{
		"id":             true,
		"name":           true,
		"owner":          true,
		"offset":         true,
		"limit":          true,
		"principal_id":   true,
		"principal_type": true,
		"res_id":         true,
		"res_type":       true,
		"default":        true,
		"show_detail":    true,
	}
)

var (

	// UserFilterAttributes 查询用户所能允许的参数查询列表
	UserFilterAttributes = map[string]bool{
		"id":         true,
		"name":       true,
		"owner":      true,
		"source":     true,
		"offset":     true,
		"group_id":   true,
		"limit":      true,
		"hide_admin": true,
	}
)

var (
	// UserLinkGroupAttributes is the user link group attributes
	UserLinkGroupAttributes = map[string]bool{
		"id":        true,
		"user_id":   true,
		"user_name": true,
		"group_id":  true,
		"name":      true,
		"offset":    true,
		"limit":     true,
	}
)

Functions

func IsEmptyOperator

func IsEmptyOperator(t OperatorInfo) bool

IsEmptyOperator token 是否是一个空类型

func IsSubAccount

func IsSubAccount(t OperatorInfo) bool

IsSubAccount 当前 token 对应的账户类型

func StoreCode2APICode

func StoreCode2APICode(err error) apimodel.Code

StoreCode2APICode store code to api code

Types

type AuthConfig

type AuthConfig struct {
	// ConsoleOpen 控制台是否开启鉴权
	ConsoleOpen bool `json:"consoleOpen" xml:"consoleOpen"`
	// ClientOpen 是否开启客户端接口鉴权
	ClientOpen bool `json:"clientOpen" xml:"clientOpen"`
	// Salt 相关密码、token加密的salt
	Salt string `json:"salt" xml:"salt"`
	// Strict 是否启用鉴权的严格模式，即对于没有任何鉴权策略的资源，也必须带上正确的token才能操作, 默认关闭
	Strict bool `json:"strict"`
}

AuthConfig 鉴权配置

func DefaultAuthConfig

func DefaultAuthConfig() *AuthConfig

DefaultAuthConfig 返回一个默认的鉴权配置

func (*AuthConfig) Verify

func (cfg *AuthConfig) Verify() error

Verify 检查配置是否合法

type OperatorInfo

type OperatorInfo struct {

	// Origin 原始 token 字符串
	Origin string

	// OperatorID 当前 token 绑定的 用户/用户组 ID
	OperatorID string

	// OwnerID 当前用户/用户组对应的 owner
	OwnerID string

	// Role 如果当前是 user token 的话，该值才能有信息
	Role model.UserRoleType

	// IsUserToken 当前 token 是否是 user 的 token
	IsUserToken bool

	// Disable 标识用户 token 是否被禁用
	Disable bool

	// 是否属于匿名操作者
	Anonymous bool
}

OperatorInfo 根据 token 解析出来的具体额外信息

func (*OperatorInfo) String

func (t *OperatorInfo) String() string

type StrategyDetail2Api

type StrategyDetail2Api func(user *model.StrategyDetail) *apisecurity.AuthStrategy

StrategyDetail2Api strategy detail to *apisecurity.AuthStrategy func

type User2Api

type User2Api func(user *model.User) *apisecurity.User

User2Api convert user to api.User

type UserGroup2Api

type UserGroup2Api func(user *model.UserGroup) *apisecurity.UserGroup

UserGroup2Api is the user group to api