model

package
v0.17.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 26, 2022 License: Apache-2.0 Imports: 12 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source
var (
	ErrAPIKeyNotFound    = NotFoundError{errors.New("api key not found")}
	ErrAPIKeyNameExists  = ValidationError{errors.New("api key with this name already exists")}
	ErrAPIKeyNameEmpty   = ValidationError{errors.New("api key name can't be empty")}
	ErrAPIKeyNameTooLong = ValidationError{errors.New("api key name must not exceed 255 characters")}

	ErrAPIKeyInvalid = AuthenticationError{errors.New("API key invalid")}
	ErrAPIKeyExpired = AuthenticationError{errors.New("API key expired")}
)
View Source
var (
	ErrUserNotFound = NotFoundError{errors.New("user not found")}

	ErrUserNameExists      = ValidationError{errors.New("user with this name already exists")}
	ErrUserNameEmpty       = ValidationError{errors.New("user name can't be empty")}
	ErrUserNameTooLong     = ValidationError{errors.New("user name must not exceed 255 characters")}
	ErrUserFullNameTooLong = ValidationError{errors.New("user full name must not exceed 255 characters")}
	ErrUserEmailExists     = ValidationError{errors.New("user with this email already exists")}
	ErrUserEmailInvalid    = ValidationError{errors.New("user email is invalid")}
	ErrUserExternalChange  = ValidationError{errors.New("external users can't be modified")}
	ErrUserPasswordEmpty   = ValidationError{errors.New("user password can't be empty")}
	ErrUserPasswordTooLong = ValidationError{errors.New("user password must not exceed 255 characters")}
	ErrUserPasswordInvalid = ValidationError{errors.New("invalid password")}
	ErrUserDisabled        = ValidationError{errors.New("user disabled")}

	// ErrCredentialsInvalid should be returned when details of the authentication
	// failure should be hidden (e.g. when user or API key not found).
	ErrCredentialsInvalid = AuthenticationError{errors.New("invalid credentials")}
	// ErrPermissionDenied should be returned if the actor does not have
	// sufficient permissions for the action.
	ErrPermissionDenied = AuthorizationError{errors.New("permission denied")}
)
View Source
var (
	ErrRoleUnknown = ValidationError{errors.New("unknown role")}
)

Functions

func DecodeAPIKey

func DecodeAPIKey(key string) (id uint, secret []byte, err error)

DecodeAPIKey retrieves API key ID and the secret from the given key generated with GenerateAPIKey.

func GenerateAPIKey

func GenerateAPIKey(id uint) (key string, hashed []byte, err error)

GenerateAPIKey produces an API key and returns the secret bcrypt hash to be persisted.

The key format:

[4 byte magic][payload]

Currently, the function generates 'psx' key, the payload structure is defined as follows: base64(id + secret), where:

  • id A var-len encoded uint64 ID of the API key.
  • secret A random string of the defined length (32).

The call encodes base64 using raw URL encoding (unpadded alternate base64 encoding defined in RFC 4648).

func IsAuthenticationError

func IsAuthenticationError(err error) bool

func IsAuthorizationError

func IsAuthorizationError(err error) bool

func IsNotFoundError

func IsNotFoundError(err error) bool

func IsUserDisabled

func IsUserDisabled(u User) bool

func IsUserExternal

func IsUserExternal(u User) bool

func IsValidationError

func IsValidationError(err error) bool

func MustPasswordHash

func MustPasswordHash(password string) []byte

func MustRandomPassword

func MustRandomPassword() string

func String

func String(s string) *string

func ValidateAPIKeyName

func ValidateAPIKeyName(apiKeyName string) error

func ValidateEmail

func ValidateEmail(email string) error

func ValidatePasswordRequirements

func ValidatePasswordRequirements(p string) error

func ValidateUserFullName

func ValidateUserFullName(fullName string) error

func ValidateUserName

func ValidateUserName(userName string) error

func VerifyPassword

func VerifyPassword(hashed []byte, password string) error

func WithAPIKey

func WithAPIKey(ctx context.Context, key APIKey) context.Context

func WithUser

func WithUser(ctx context.Context, user User) context.Context

Types

type APIKey

type APIKey struct {
	ID         uint       `gorm:"primarykey"`
	Name       string     `gorm:"type:varchar(255);not null;default:null;index:,unique"`
	Hash       []byte     `gorm:"type:varchar(255);not null;default:null"`
	Role       Role       `gorm:"not null;default:null"`
	ExpiresAt  *time.Time `gorm:"default:null"`
	LastSeenAt *time.Time `gorm:"default:null"`

	CreatedAt time.Time
}

func APIKeyFromContext

func APIKeyFromContext(ctx context.Context) (APIKey, bool)

func (APIKey) Verify

func (k APIKey) Verify(secret []byte) error

type AuthenticationError

type AuthenticationError struct{ Err error }

func (AuthenticationError) Error

func (e AuthenticationError) Error() string

func (AuthenticationError) Unwrap

func (e AuthenticationError) Unwrap() error

type AuthorizationError

type AuthorizationError struct{ Err error }

func (AuthorizationError) Error

func (e AuthorizationError) Error() string

func (AuthorizationError) Unwrap

func (e AuthorizationError) Unwrap() error

type CreateAPIKeyParams

type CreateAPIKeyParams struct {
	Name      string
	Role      Role
	ExpiresAt *time.Time
}

func (CreateAPIKeyParams) Validate

func (p CreateAPIKeyParams) Validate() error

type CreateUserParams

type CreateUserParams struct {
	Name       string
	Email      *string
	FullName   *string
	Password   string
	Role       Role
	IsExternal bool
}

func (CreateUserParams) Validate

func (p CreateUserParams) Validate() error

type NotFoundError

type NotFoundError struct{ Err error }

func (NotFoundError) Error

func (e NotFoundError) Error() string

func (NotFoundError) Unwrap

func (e NotFoundError) Unwrap() error

type Role

type Role int
const (
	InvalidRole Role = iota
	ReadOnlyRole
	AgentRole
	AdminRole
)

func ParseRole

func ParseRole(s string) (Role, error)

func (Role) IsValid

func (r Role) IsValid() bool

func (Role) MarshalJSON

func (r Role) MarshalJSON() ([]byte, error)

func (Role) String

func (r Role) String() string

func (*Role) UnmarshalJSON

func (r *Role) UnmarshalJSON(b []byte) error

type TokenUser

type TokenUser struct {
	Name string
	Role Role
}

TokenUser represents a user info retrieved from the validated JWT token.

type UpdateUserParams

type UpdateUserParams struct {
	FullName   *string
	Name       *string
	Email      *string
	Password   *string
	Role       *Role
	IsDisabled *bool
}

func (UpdateUserParams) SetIsDisabled

func (p UpdateUserParams) SetIsDisabled(d bool) UpdateUserParams

func (UpdateUserParams) SetRole

func (p UpdateUserParams) SetRole(r Role) UpdateUserParams

func (UpdateUserParams) Validate

func (p UpdateUserParams) Validate() error

type UpdateUserPasswordParams

type UpdateUserPasswordParams struct {
	OldPassword string
	NewPassword string
}

func (UpdateUserPasswordParams) Validate

func (p UpdateUserPasswordParams) Validate() error

type User

type User struct {
	ID           uint    `gorm:"primarykey"`
	Name         string  `gorm:"type:varchar(255);not null;default:null;index:,unique"`
	Email        *string `gorm:"type:varchar(255);default:null;index:,unique"`
	FullName     *string `gorm:"type:varchar(255);default:null"`
	PasswordHash []byte  `gorm:"type:varchar(255);not null;default:null"`
	Role         Role    `gorm:"not null;default:null"`
	IsDisabled   *bool   `gorm:"not null;default:false"`

	// IsExternal indicates that the user authenticity is confirmed by
	// an external authentication provider (such as OAuth) and thus,
	// only limited attributes of the user can be managed. In fact, only
	// FullName and Email can be altered by the user, and Role and IsDisabled
	// can be changed by an administrator. Name should never change.
	// TODO(kolesnikovae):
	//  Add an attribute indicating the provider (e.g OAuth/LDAP).
	//  Can it be a tagged union (sum type)?
	IsExternal *bool `gorm:"not null;default:false"`

	// TODO(kolesnikovae): Implemented LastSeenAt updating.
	LastSeenAt        *time.Time `gorm:"default:null"`
	PasswordChangedAt time.Time
	CreatedAt         time.Time
	UpdatedAt         time.Time
}

func UserFromContext

func UserFromContext(ctx context.Context) (User, bool)

type ValidationError

type ValidationError struct{ Err error }

func (ValidationError) Error

func (e ValidationError) Error() string

func (ValidationError) Unwrap

func (e ValidationError) Unwrap() error

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL