Documentation
¶
Index ¶
- Variables
- func DecodeAPIKey(key string) (id uint, secret []byte, err error)
- func GenerateAPIKey(id uint) (key string, hashed []byte, err error)
- func IsAuthenticationError(err error) bool
- func IsAuthorizationError(err error) bool
- func IsNotFoundError(err error) bool
- func IsUserDisabled(u User) bool
- func IsUserExternal(u User) bool
- func IsValidationError(err error) bool
- func MustPasswordHash(password string) []byte
- func MustRandomPassword() string
- func String(s string) *string
- func ValidateAPIKeyName(apiKeyName string) error
- func ValidateEmail(email string) error
- func ValidatePasswordRequirements(p string) error
- func ValidateUserFullName(fullName string) error
- func ValidateUserName(userName string) error
- func VerifyPassword(hashed []byte, password string) error
- func WithAPIKey(ctx context.Context, key APIKeyToken) context.Context
- func WithUser(ctx context.Context, user User) context.Context
- type APIKey
- type APIKeyToken
- type AuthenticationError
- type AuthorizationError
- type CreateAPIKeyParams
- type CreateUserParams
- type NotFoundError
- type Role
- type TokenUser
- type UpdateUserParams
- type UpdateUserPasswordParams
- type User
- type ValidationError
Constants ¶
This section is empty.
Variables ¶
View Source
var ( ErrAPIKeyNotFound = NotFoundError{errors.New("api key not found")} ErrAPIKeyNameExists = ValidationError{errors.New("api key with this name already exists")} ErrAPIKeyNameEmpty = ValidationError{errors.New("api key name can't be empty")} ErrAPIKeyNameTooLong = ValidationError{errors.New("api key name must not exceed 255 characters")} ErrAPIKeyInvalid = AuthenticationError{errors.New("API key invalid")} ErrAPIKeyExpired = AuthenticationError{errors.New("API key expired")} )
View Source
var ( ErrUserNotFound = NotFoundError{errors.New("user not found")} ErrUserNameExists = ValidationError{errors.New("user with this name already exists")} ErrUserNameEmpty = ValidationError{errors.New("user name can't be empty")} ErrUserNameTooLong = ValidationError{errors.New("user name must not exceed 255 characters")} ErrUserFullNameTooLong = ValidationError{errors.New("user full name must not exceed 255 characters")} ErrUserEmailExists = ValidationError{errors.New("user with this email already exists")} ErrUserEmailInvalid = ValidationError{errors.New("user email is invalid")} ErrUserExternalChange = ValidationError{errors.New("external users can't be modified")} ErrUserPasswordEmpty = ValidationError{errors.New("user password can't be empty")} ErrUserPasswordTooLong = ValidationError{errors.New("user password must not exceed 255 characters")} ErrUserPasswordInvalid = ValidationError{errors.New("invalid password")} ErrUserDisabled = ValidationError{errors.New("user disabled")} // ErrInvalidCredentials should be returned when details of the authentication // failure should be hidden (e.g. when user or API key not found). ErrInvalidCredentials = AuthenticationError{errors.New("invalid credentials")} // ErrPermissionDenied should be returned if the actor does not have // sufficient permissions for the action. ErrPermissionDenied = AuthorizationError{errors.New("permission denied")} )
View Source
var (
ErrRoleUnknown = ValidationError{errors.New("unknown role")}
)
Functions ¶
func DecodeAPIKey ¶
DecodeAPIKey retrieves API key ID and the secret from the given key generated with GenerateAPIKey.
func GenerateAPIKey ¶
GenerateAPIKey produces an API key and returns the secret bcrypt hash to be persisted.
The key format:
[4 byte magic][payload]
Currently, the function generates 'psx' key, the payload structure is defined as follows: base64(id + secret), where:
- id A var-len encoded uint64 ID of the API key.
- secret A random string of the defined length (32).
The call encodes base64 using raw URL encoding (unpadded alternate base64 encoding defined in RFC 4648).
func IsAuthenticationError ¶
func IsAuthorizationError ¶
func IsNotFoundError ¶
func IsUserDisabled ¶
func IsUserExternal ¶
func IsValidationError ¶
func MustPasswordHash ¶
func MustRandomPassword ¶
func MustRandomPassword() string
func ValidateAPIKeyName ¶
func ValidateEmail ¶
func ValidateUserFullName ¶
func ValidateUserName ¶
func VerifyPassword ¶
func WithAPIKey ¶
func WithAPIKey(ctx context.Context, key APIKeyToken) context.Context
Types ¶
type APIKey ¶
type APIKey struct {
ID uint `gorm:"primarykey"`
Name string `gorm:"type:varchar(255);not null;default:null;index:,unique"`
Hash []byte `gorm:"type:varchar(255);not null;default:null"`
Role Role `gorm:"not null;default:null"`
ExpiresAt *time.Time `gorm:"default:null"`
LastSeenAt *time.Time `gorm:"default:null"`
CreatedAt time.Time
}
type APIKeyToken ¶
APIKeyToken represents an API key retrieved from the provided secret.
func APIKeyFromContext ¶
func APIKeyFromContext(ctx context.Context) (APIKeyToken, bool)
type AuthenticationError ¶
type AuthenticationError struct{ Err error }
func (AuthenticationError) Error ¶
func (e AuthenticationError) Error() string
func (AuthenticationError) Unwrap ¶
func (e AuthenticationError) Unwrap() error
type AuthorizationError ¶
type AuthorizationError struct{ Err error }
func (AuthorizationError) Error ¶
func (e AuthorizationError) Error() string
func (AuthorizationError) Unwrap ¶
func (e AuthorizationError) Unwrap() error
type CreateAPIKeyParams ¶
func (CreateAPIKeyParams) Validate ¶
func (p CreateAPIKeyParams) Validate() error
type CreateUserParams ¶
type CreateUserParams struct {
Name string
Email *string
FullName *string
Password string
Role Role
IsExternal bool
}
func (CreateUserParams) Validate ¶
func (p CreateUserParams) Validate() error
type NotFoundError ¶
type NotFoundError struct{ Err error }
func (NotFoundError) Error ¶
func (e NotFoundError) Error() string
func (NotFoundError) Unwrap ¶
func (e NotFoundError) Unwrap() error
type UpdateUserParams ¶
type UpdateUserParams struct {
FullName *string
Name *string
Email *string
Password *string
Role *Role
IsDisabled *bool
}
func (UpdateUserParams) SetIsDisabled ¶
func (p UpdateUserParams) SetIsDisabled(d bool) UpdateUserParams
func (UpdateUserParams) SetRole ¶
func (p UpdateUserParams) SetRole(r Role) UpdateUserParams
func (UpdateUserParams) Validate ¶
func (p UpdateUserParams) Validate() error
type UpdateUserPasswordParams ¶
func (UpdateUserPasswordParams) Validate ¶
func (p UpdateUserPasswordParams) Validate() error
type User ¶
type User struct {
ID uint `gorm:"primarykey"`
Name string `gorm:"type:varchar(255);not null;default:null;index:,unique"`
Email *string `gorm:"type:varchar(255);default:null;index:,unique"`
FullName *string `gorm:"type:varchar(255);default:null"`
PasswordHash []byte `gorm:"type:varchar(255);not null;default:null"`
Role Role `gorm:"not null;default:null"`
IsDisabled *bool `gorm:"not null;default:false"`
// IsExternal indicates that the user authenticity is confirmed by
// an external authentication provider (such as OAuth) and thus,
// only limited attributes of the user can be managed. In fact, only
// FullName and Email can be altered by the user, and Role and IsDisabled
// can be changed by an administrator. Name should never change.
// TODO(kolesnikovae):
// Add an attribute indicating the provider (e.g OAuth/LDAP).
// Can it be a tagged union (sum type)?
IsExternal *bool `gorm:"not null;default:false"`
// TODO(kolesnikovae): Implemented LastSeenAt updating.
LastSeenAt *time.Time `gorm:"default:null"`
PasswordChangedAt time.Time
CreatedAt time.Time
UpdatedAt time.Time
}
type ValidationError ¶
type ValidationError struct{ Err error }
func (ValidationError) Error ¶
func (e ValidationError) Error() string
func (ValidationError) Unwrap ¶
func (e ValidationError) Unwrap() error
Source Files
Click to show internal directories.
Click to hide internal directories.