Documentation ¶
Index ¶
- Constants
- Variables
- func EnableTestMode()
- func GetToken(zones []string) (t *token.Token, err error)
- func GetTokenAmount(zones []string) (regular, fallback int)
- func InitializeZones() error
- func Logout(shallow, purge bool) error
- func SaveNewAuthToken(deviceID string, resp *http.Response) error
- func ShouldRequest(zones []string) (shouldRequest bool)
- func TokenIssuerIsFailing() bool
- func UpdateAccount(_ context.Context, task *modules.Task) error
- func UpdateTokens() error
- func VerifyRawToken(data []byte) (granted terminal.Permission, err error)
- func VerifyToken(t *token.Token) (granted terminal.Permission, err error)
- type AuthTokenRecord
- type AuthorizeOp
- type Feature
- type Package
- type UserRecord
Constants ¶
const ( AccountServer = "https://api.account.safing.io" LoginPath = "/api/v1/authenticate" UserProfilePath = "/api/v1/user/profile" TokenRequestSetupPath = "/api/v1/token/request/setup" //nolint:gosec TokenRequestIssuePath = "/api/v1/token/request/issue" //nolint:gosec HealthCheckPath = "/api/v1/health" )
Client URLs.
const OpTypeAccessCodeAuth = "auth"
OpTypeAccessCodeAuth is the type ID of the auth operation.
Variables ¶
var ( ErrDeviceIsLocked = errors.New("device is locked") ErrDeviceLimitReached = errors.New("device limit reached") ErrFallbackNotAvailable = errors.New("fallback tokens not available, token issuer is online") ErrInvalidCredentials = errors.New("invalid credentials") ErrMayNotUseSPN = errors.New("may not use SPN") ErrNotLoggedIn = errors.New("not logged in") )
Errors.
var (
// AccountUpdateEvent is fired when the account has changed in any way.
AccountUpdateEvent = "account update"
)
var ( // EnableAfterLogin automatically enables the SPN subsystem/module after login. EnableAfterLogin = true )
var ( // ExpandAndConnectZones are the zones that grant access to the expand and // connect operations. ExpandAndConnectZones = []string{"pblind1", "alpha2", "fallback1"} )
Functions ¶
func EnableTestMode ¶
func EnableTestMode()
EnableTestMode enables the test mode, leading the access module to only register a test zone. This should not be used to test the access module itself.
func GetTokenAmount ¶
GetTokenAmount returns the amount of tokens for the given zones.
func InitializeZones ¶
func InitializeZones() error
InitializeZones initialized the permission zones. It initializes the test zones, if EnableTestMode was called before. Must only be called once.
func Logout ¶
Logout logs the user out of the SPN account. Specify "shallow" to keep user data in order to display data in the UI - preferably when logged out be the server. Specify "purge" in order to fully delete all user account data, even the device ID so that logging in again will create a new device.
func SaveNewAuthToken ¶
SaveNewAuthToken saves a new auth token to the database.
func ShouldRequest ¶
ShouldRequest returns whether tokens should be requested for the given zones.
func TokenIssuerIsFailing ¶
func TokenIssuerIsFailing() bool
TokenIssuerIsFailing returns whether token issuing is currently failing.
func UpdateAccount ¶
UpdateAccount updates the user account and fetches new tokens, if needed.
func UpdateTokens ¶
func UpdateTokens() error
UpdateTokens fetches more tokens for handlers that need it.
func VerifyRawToken ¶
func VerifyRawToken(data []byte) (granted terminal.Permission, err error)
VerifyRawToken verifies a raw token.
func VerifyToken ¶
func VerifyToken(t *token.Token) (granted terminal.Permission, err error)
VerifyToken verifies a token.
Types ¶
type AuthTokenRecord ¶
AuthTokenRecord holds an authentication token.
func GetAuthToken ¶
func GetAuthToken() (*AuthTokenRecord, error)
GetAuthToken returns the current auth token.
func (*AuthTokenRecord) GetToken ¶
func (authToken *AuthTokenRecord) GetToken() *account.AuthToken
GetToken returns the token from the record.
func (*AuthTokenRecord) Save ¶
func (authToken *AuthTokenRecord) Save() error
Save saves the auth token to the database.
type AuthorizeOp ¶
type AuthorizeOp struct {
terminal.OneOffOperationBase
}
AuthorizeOp is used to authorize a session.
func AuthorizeToTerminal ¶
func AuthorizeToTerminal(t terminal.Terminal) (*AuthorizeOp, *terminal.Error)
AuthorizeToTerminal starts an authorization operation.
type Feature ¶
type Feature struct { Name string ID string RequiredFeatureID account.FeatureID ConfigKey string ConfigScope string InPackage *Package Comment string Beta bool ComingSoon bool // contains filtered or unexported fields }
Feature describes a notable part of the program.
type UserRecord ¶
type UserRecord struct { record.Base sync.Mutex *account.User LastNotifiedOfEnd *time.Time LoggedInAt *time.Time }
UserRecord holds a SPN user account.
func GetUser ¶
func GetUser() (*UserRecord, error)
GetUser returns the current user account. Returns nil when no user is logged in.
func Login ¶
func Login(username, password string) (user *UserRecord, code int, err error)
Login logs the user into the SPN account with the given username and password.
func UpdateUser ¶
func UpdateUser() (user *UserRecord, statusCode int, err error)
UpdateUser fetches the current user information from the server.
func (*UserRecord) IsLoggedIn ¶
func (user *UserRecord) IsLoggedIn() bool
IsLoggedIn returns whether a User is currently logged in.
func (*UserRecord) MayUse ¶
func (user *UserRecord) MayUse(featureID account.FeatureID) bool
MayUse returns whether the user may currently use the feature identified by the given feature ID. Leave feature ID empty to check without feature.
func (*UserRecord) MayUsePrioritySupport ¶
func (user *UserRecord) MayUsePrioritySupport() bool
MayUsePrioritySupport returns whether the user may currently use the priority support.
func (*UserRecord) MayUseSPN ¶
func (user *UserRecord) MayUseSPN() bool
MayUseSPN returns whether the user may currently use the SPN.
func (*UserRecord) MayUseTheSPN ¶
func (user *UserRecord) MayUseTheSPN() bool
MayUseTheSPN returns whether the currently logged in User may use the SPN.