Documentation ¶
Overview ¶
Package auth implements Camlistore authentication.
Index ¶
- Constants
- Variables
- func Allowed(req *http.Request, op Operation) bool
- func IsLocalhost(req *http.Request) bool
- func ProcessRandom() string
- func RandToken(size int) string
- func RegisterAuth(name string, ctor AuthConfigParser)
- func RequireAuth(h http.Handler, op Operation) http.Handler
- func SendUnauthorized(rw http.ResponseWriter, req *http.Request)
- func SetMode(m AuthMode)
- func TriedAuthorization(req *http.Request) bool
- type AuthConfigParser
- type AuthMode
- type DevAuth
- type Handler
- type Localhost
- type None
- type Operation
- type UnauthorizedSender
- type UserPass
Constants ¶
const ( OpUpload Operation = 1 << iota OpStat OpGet OpEnumerate OpRemove OpSign OpDiscovery OpRead = OpEnumerate | OpStat | OpGet | OpDiscovery OpRW = OpUpload | OpEnumerate | OpStat | OpGet // Not Remove OpVivify = OpUpload | OpStat | OpGet | OpDiscovery OpAll = OpUpload | OpEnumerate | OpStat | OpRemove | OpGet | OpSign | OpDiscovery )
Variables ¶
var ErrNoAuth = errors.New("auth: no configured authentication")
ErrNoAuth is returned when there is no configured authentication.
Functions ¶
func Allowed ¶
Allowed returns whether the given request has access to perform all the operations in op.
func IsLocalhost ¶
func ProcessRandom ¶
func ProcessRandom() string
func RandToken ¶
RandToken genererates (with crypto/rand.Read) and returns a token that is the hex version (2x size) of size bytes of randomness.
func RegisterAuth ¶
func RegisterAuth(name string, ctor AuthConfigParser)
RegisterAuth registers a new authentication scheme.
func RequireAuth ¶
RequireAuth wraps a function with another function that enforces HTTP Basic Auth and checks if the operations in op are all permitted.
func SendUnauthorized ¶
func SendUnauthorized(rw http.ResponseWriter, req *http.Request)
func TriedAuthorization ¶
Types ¶
type AuthConfigParser ¶
An AuthConfigParser parses a registered authentication type's option and returns an AuthMode.
type AuthMode ¶
type AuthMode interface { // AllowedAccess returns a bitmask of all operations // this user/request is allowed to do. AllowedAccess(req *http.Request) Operation // AddAuthHeader inserts in req the credentials needed // for a client to authenticate. AddAuthHeader(req *http.Request) }
An AuthMode is the interface implemented by diffent authentication schemes.
func FromConfig ¶
FromConfig parses authConfig and accordingly sets up the AuthMode that will be used for all upcoming authentication exchanges. The supported modes are UserPass and DevAuth. UserPass requires an authConfig of the kind "userpass:joe:ponies".
If the input string is empty, the error will be ErrNoAuth.
func NewBasicAuth ¶
NewBasicAuth returns a UserPass Authmode, adequate to support HTTP basic authentication.
type DevAuth ¶
type DevAuth struct { Password string // Password for the vivify mode, automatically set to "vivi" + Password VivifyPass string }
DevAuth is used for development. It has one password and one vivify password, but also accepts all passwords from localhost. Usernames are ignored.
func (*DevAuth) AddAuthHeader ¶
type Operation ¶
type Operation int
Operation represents a bitmask of operations. See the OpX constants.
type UnauthorizedSender ¶
type UnauthorizedSender interface { // and returns whether it handled it. SendUnauthorized(http.ResponseWriter, *http.Request) (handled bool) }
UnauthorizedSender may be implemented by AuthModes which want to handle sending unauthorized.
type UserPass ¶
type UserPass struct {
Username, Password string
OrLocalhost bool // if true, allow localhost ident auth too
// Alternative password used (only) for the vivify operation.
// It is checked when uploading, but Password takes precedence.
VivifyPass string
}
UserPass is used when the auth string provided in the config is of the kind "userpass:username:pass" Possible options appended to the config string are "+localhost" and "vivify=pass", where pass will be the alternative password which only allows the vivify operation.