Documentation ¶
Index ¶
- Constants
- Variables
- func AddFirstPartyCaveats(m *macaroon.Macaroon, caveats ...Caveat) error
- func EncodeCaveat(c Caveat) string
- func GetMaxUploadSizeContext(next http.Handler) http.Handler
- func GetMaxUploadSizeContextLarge(next http.Handler) http.Handler
- func HasCaveat(m *macaroon.Macaroon, cond string) (string, bool)
- func LsatContext(next http.Handler) http.Handler
- func SetHeader(header *http.Header, mac *macaroon.Macaroon, preimage fmt.Stringer) error
- func SetMaxUploadValue(next http.Handler) http.Handler
- func VerifyCaveats(caveats []Caveat, satisfiers ...Satisfier) error
- func VerifyUploadContext(next http.Handler) http.Handler
- type Caveat
- type Satisfier
Constants ¶
const ( HeaderAuthorization = "Authorization" ContextKey = contextKey("MEME_LSAT_CAVEATS") MaxUploadSizeContextKey = contextKey("MAX_UPLOAD_SIZE") )
HeaderAuthorization is the HTTP header field name that is used to send the LSAT by REST clients.
const ( // CondCapabilitiesSuffix is the condition suffix used for a service's // capabilities caveat. For example, the condition of a capabilities // caveat for a service named `loop` would be `loop_capabilities`. CondCapabilitiesSuffix = "_capabilities" MaxUploadCapability = "large_upload" CondMaxUploadConstraintSuffix = "_max_mb" )
const (
// PreimageKey is the key used for a payment preimage caveat.
PreimageKey = "preimage"
)
Variables ¶
var ( // ErrInvalidCaveat is an error returned when we attempt to decode a // caveat with an invalid format. ErrInvalidCaveat = errors.New("caveat must be of the form " + "\"condition=value\"") )
Functions ¶
func AddFirstPartyCaveats ¶
AddFirstPartyCaveats adds a set of caveats as first-party caveats to a macaroon.
func EncodeCaveat ¶
EncodeCaveat encodes a caveat into its string representation.
func HasCaveat ¶
HasCaveat checks whether the given macaroon has a caveat with the given condition, and if so, returns its value. If multiple caveats with the same condition exist, then the value of the last one is returned.
func LsatContext ¶
this is a middleware that parses lsats from header, validates the lsat token, decodes the caveats, and adds them to the request context.
func SetHeader ¶
SetHeader sets the provided authentication elements as the default/standard HTTP header for the LSAT protocol. This function is pulled directly from aperture
func VerifyCaveats ¶
VerifyCaveats determines whether every relevant caveat of an LSAT holds true. A caveat is considered relevant if a satisfier is provided for it, which is what we'll use as their evaluation.
NOTE: The caveats provided should be in the same order as in the LSAT to ensure the correctness of each satisfier's SatisfyPrevious.
Types ¶
type Caveat ¶
type Caveat struct { // Condition serves as a way to identify a caveat and how to satisfy it. Condition string // Value is what will be used to satisfy a caveat. This can be as // flexible as needed, as long as it can be encoded into a string. Value string }
Caveat is a predicate that can be applied to an LSAT in order to restrict its use in some form. Caveats are evaluated during LSAT verification after the LSAT's signature is verified. The predicate of each caveat must hold true in order to successfully validate an LSAT.
func DecodeCaveat ¶
DecodeCaveat decodes a caveat from its string representation.
func GetLsatContextCaveats ¶
type Satisfier ¶
type Satisfier struct { // Condition is the condition of the caveat we'll attempt to satisfy. Condition string // SatisfyPrevious ensures a caveat is in accordance with a previous one // with the same condition. This is needed since caveats of the same // condition can be used multiple times as long as they enforce more // permissions than the previous. // // For example, we have a caveat that only allows us to use an LSAT for // 7 more days. We can add another caveat that only allows for 3 more // days of use and lend it to another party. SatisfyPrevious func(previous Caveat, current Caveat) error // SatisfyFinal satisfies the final caveat of an LSAT. If multiple // caveats with the same condition exist, this will only be executed // once all previous caveats are also satisfied. SatisfyFinal func(Caveat) error }
Satisfier provides a generic interface to satisfy a caveat based on its condition.
func NewUploadSatisfier ¶
pass in the file size in the request to compare against the caveats