Documentation ¶
Index ¶
- Variables
- func DecodeAPIKey(key string) (id uint, secret []byte, err error)
- func GenerateAPIKey(id uint) (key string, hashed []byte, err error)
- func IsAuthenticationError(err error) bool
- func IsAuthorizationError(err error) bool
- func IsNotFoundError(err error) bool
- func IsUserDisabled(u User) bool
- func IsUserExternal(u User) bool
- func IsValidationError(err error) bool
- func MustPasswordHash(password string) []byte
- func MustRandomPassword() string
- func String(s string) *string
- func ValidateAPIKeyName(apiKeyName string) error
- func ValidateEmail(email string) error
- func ValidatePasswordRequirements(p string) error
- func ValidateUserFullName(fullName string) error
- func ValidateUserName(userName string) error
- func VerifyPassword(hashed []byte, password string) error
- func WithAPIKey(ctx context.Context, key APIKey) context.Context
- func WithUser(ctx context.Context, user User) context.Context
- type APIKey
- type AuthenticationError
- type AuthorizationError
- type CreateAPIKeyParams
- type CreateUserParams
- type NotFoundError
- type Role
- type TokenUser
- type UpdateUserParams
- type UpdateUserPasswordParams
- type User
- type ValidationError
Constants ¶
This section is empty.
Variables ¶
View Source
var ( ErrAPIKeyNotFound = NotFoundError{errors.New("api key not found")} ErrAPIKeyNameExists = ValidationError{errors.New("api key with this name already exists")} ErrAPIKeyNameEmpty = ValidationError{errors.New("api key name can't be empty")} ErrAPIKeyNameTooLong = ValidationError{errors.New("api key name must not exceed 255 characters")} ErrAPIKeyInvalid = AuthenticationError{errors.New("API key invalid")} ErrAPIKeyExpired = AuthenticationError{errors.New("API key expired")} )
View Source
var ( ErrUserNotFound = NotFoundError{errors.New("user not found")} ErrUserNameExists = ValidationError{errors.New("user with this name already exists")} ErrUserNameEmpty = ValidationError{errors.New("user name can't be empty")} ErrUserNameTooLong = ValidationError{errors.New("user name must not exceed 255 characters")} ErrUserFullNameTooLong = ValidationError{errors.New("user full name must not exceed 255 characters")} ErrUserEmailExists = ValidationError{errors.New("user with this email already exists")} ErrUserEmailInvalid = ValidationError{errors.New("user email is invalid")} ErrUserExternalChange = ValidationError{errors.New("external users can't be modified")} ErrUserPasswordEmpty = ValidationError{errors.New("user password can't be empty")} ErrUserPasswordTooLong = ValidationError{errors.New("user password must not exceed 255 characters")} ErrUserPasswordInvalid = ValidationError{errors.New("invalid password")} ErrUserDisabled = ValidationError{errors.New("user disabled")} // ErrCredentialsInvalid should be returned when details of the authentication // failure should be hidden (e.g. when user or API key not found). ErrCredentialsInvalid = AuthenticationError{errors.New("invalid credentials")} // ErrPermissionDenied should be returned if the actor does not have // sufficient permissions for the action. ErrPermissionDenied = AuthorizationError{errors.New("permission denied")} )
View Source
var (
ErrRoleUnknown = ValidationError{errors.New("unknown role")}
)
Functions ¶
func DecodeAPIKey ¶
DecodeAPIKey retrieves API key ID and the secret from the given key generated with GenerateAPIKey.
func GenerateAPIKey ¶
GenerateAPIKey produces an API key and returns the secret bcrypt hash to be persisted.
The key format:
[4 byte magic][payload]
Currently, the function generates 'psx' key, the payload structure is defined as follows: base64(id + secret), where:
- id A var-len encoded uint64 ID of the API key.
- secret A random string of the defined length (32).
The call encodes base64 using raw URL encoding (unpadded alternate base64 encoding defined in RFC 4648).
func IsAuthenticationError ¶
func IsAuthorizationError ¶
func IsNotFoundError ¶
func IsUserDisabled ¶
func IsUserExternal ¶
func IsValidationError ¶
func MustPasswordHash ¶
func MustRandomPassword ¶
func MustRandomPassword() string
func ValidateAPIKeyName ¶
func ValidateEmail ¶
func ValidateUserFullName ¶
func ValidateUserName ¶
func VerifyPassword ¶
Types ¶
type APIKey ¶
type APIKey struct { ID uint `gorm:"primarykey"` Name string `gorm:"type:varchar(255);not null;default:null;index:,unique"` Hash []byte `gorm:"type:varchar(255);not null;default:null"` Role Role `gorm:"not null;default:null"` ExpiresAt *time.Time `gorm:"default:null"` LastSeenAt *time.Time `gorm:"default:null"` CreatedAt time.Time }
type AuthenticationError ¶
type AuthenticationError struct{ Err error }
func (AuthenticationError) Error ¶
func (e AuthenticationError) Error() string
func (AuthenticationError) Unwrap ¶
func (e AuthenticationError) Unwrap() error
type AuthorizationError ¶
type AuthorizationError struct{ Err error }
func (AuthorizationError) Error ¶
func (e AuthorizationError) Error() string
func (AuthorizationError) Unwrap ¶
func (e AuthorizationError) Unwrap() error
type CreateAPIKeyParams ¶
func (CreateAPIKeyParams) Validate ¶
func (p CreateAPIKeyParams) Validate() error
type CreateUserParams ¶
type CreateUserParams struct { Name string Email *string FullName *string Password string Role Role IsExternal bool }
func (CreateUserParams) Validate ¶
func (p CreateUserParams) Validate() error
type NotFoundError ¶
type NotFoundError struct{ Err error }
func (NotFoundError) Error ¶
func (e NotFoundError) Error() string
func (NotFoundError) Unwrap ¶
func (e NotFoundError) Unwrap() error
type UpdateUserParams ¶
type UpdateUserParams struct { FullName *string Name *string Email *string Password *string Role *Role IsDisabled *bool }
func (UpdateUserParams) SetIsDisabled ¶
func (p UpdateUserParams) SetIsDisabled(d bool) UpdateUserParams
func (UpdateUserParams) SetRole ¶
func (p UpdateUserParams) SetRole(r Role) UpdateUserParams
func (UpdateUserParams) Validate ¶
func (p UpdateUserParams) Validate() error
type UpdateUserPasswordParams ¶
func (UpdateUserPasswordParams) Validate ¶
func (p UpdateUserPasswordParams) Validate() error
type User ¶
type User struct { ID uint `gorm:"primarykey"` Name string `gorm:"type:varchar(255);not null;default:null;index:,unique"` Email *string `gorm:"type:varchar(255);default:null;index:,unique"` FullName *string `gorm:"type:varchar(255);default:null"` PasswordHash []byte `gorm:"type:varchar(255);not null;default:null"` Role Role `gorm:"not null;default:null"` IsDisabled *bool `gorm:"not null;default:false"` // IsExternal indicates that the user authenticity is confirmed by // an external authentication provider (such as OAuth) and thus, // only limited attributes of the user can be managed. In fact, only // FullName and Email can be altered by the user, and Role and IsDisabled // can be changed by an administrator. Name should never change. // TODO(kolesnikovae): // Add an attribute indicating the provider (e.g OAuth/LDAP). // Can it be a tagged union (sum type)? IsExternal *bool `gorm:"not null;default:false"` // TODO(kolesnikovae): Implemented LastSeenAt updating. LastSeenAt *time.Time `gorm:"default:null"` PasswordChangedAt time.Time CreatedAt time.Time UpdatedAt time.Time }
type ValidationError ¶
type ValidationError struct{ Err error }
func (ValidationError) Error ¶
func (e ValidationError) Error() string
func (ValidationError) Unwrap ¶
func (e ValidationError) Unwrap() error
Click to show internal directories.
Click to hide internal directories.