Documentation ¶
Overview ¶
Package auth manages users, passwords, tokens and sessions.
Index ¶
- Constants
- Variables
- func CredentialsError(err error) bool
- func ExpireCookie(cookie *http.Cookie) *http.Cookie
- func GeneratePasscode(secret string) (string, error)
- func GenerateTOTP(config config.TOTPConfig, userid string) (string, error)
- func SecretFromURL(url string) (string, error)
- func UpdateCookie(session *Session, cookie *http.Cookie)
- func ValidatePasscode(passcode, secret string) bool
- type Auth
- func (a *Auth) AddUser(userid, pass string) error
- func (a *Auth) AssignMedia(userid, media string) error
- func (a *Auth) AssignTOTP(userid, url string) error
- func (a *Auth) AssignedMedia() []string
- func (a *Auth) AuthorizeCode(value, token string) error
- func (a *Auth) ChangePass(userid, newpass string) error
- func (a *Auth) CheckAccessToken(signedToken string) error
- func (a *Auth) CheckAccessTokenUser(signedToken string) (User, error)
- func (a *Auth) CheckCodeToken(signedToken string) error
- func (a *Auth) CheckCookie(cookie *http.Cookie) error
- func (a *Auth) CheckFileToken(signedToken string, path string) error
- func (a *Auth) CheckMediaToken(signedToken string) error
- func (a *Auth) CheckMediaTokenUser(signedToken string) (User, error)
- func (a *Auth) Close()
- func (a *Auth) CookieSession(cookie *http.Cookie) *Session
- func (a *Auth) DeleteExpiredCodes() error
- func (a *Auth) DeleteExpiredSessions() error
- func (a *Auth) DeleteSession(session Session)
- func (a *Auth) DeleteSessions(u *User) error
- func (a *Auth) ExpireAll(userid string) error
- func (a *Auth) GenerateCode() *Code
- func (a *Auth) LinkedCode(value string) *Code
- func (a *Auth) Login(userid, pass string) (Session, error)
- func (a *Auth) LoginSession(userid string) (Session, error)
- func (a *Auth) LookupCode(value string) *Code
- func (a *Auth) NewAccessToken(s Session) (string, error)
- func (a *Auth) NewCodeToken(subject string) (string, error)
- func (a *Auth) NewCookie(session *Session) http.Cookie
- func (a *Auth) NewFileToken(path string) (string, error)
- func (a *Auth) NewMediaToken(s Session) (string, error)
- func (a *Auth) Open() (err error)
- func (a *Auth) PasscodeLogin(userid, pass, passcode string) (Session, error)
- func (a *Auth) Refresh(session *Session) error
- func (a *Auth) RefreshCookie(session *Session, cookie *http.Cookie) error
- func (a *Auth) SessionUser(session *Session) (*User, error)
- func (a *Auth) TokenSession(token string) *Session
- func (a *Auth) User(userid string) (User, error)
- func (a *Auth) ValidCode(value string) *Code
- type Code
- type Session
- type User
Constants ¶
const ( CodeChars = "123456789ABCDEFGHILKMNPQRSTUVWXYZ" CodeSize = 6 )
const (
CookieName = takeout.AppName
)
Variables ¶
var ( ErrBadDriver = errors.New("driver not supported") ErrUserNotFound = errors.New("user not found") ErrKeyMismatch = errors.New("key mismatch") ErrSessionNotFound = errors.New("session not found") ErrSessionExpired = errors.New("session expired") ErrCodeNotFound = errors.New("code not found") ErrCodeExpired = errors.New("code has expired") ErrCodeAlreadyUsed = errors.New("code already authorized") ErrInvalidTokenSubject = errors.New("invalid subject") ErrInvalidTokenAudience = errors.New("invalid audience") ErrInvalidTokenMethod = errors.New("invalid token method") ErrInvalidTokenIssuer = errors.New("invalid token issuer") ErrInvalidTokenClaims = errors.New("invalid token claims") ErrInvalidAccessTokenSecret = errors.New("invalid access token secret") ErrInvalidMediaTokenSecret = errors.New("invalid media token secret") ErrInvalidCodeTokenSecret = errors.New("invalid code token secret") ErrInvalidFileTokenSecret = errors.New("invalid file token secret") ErrInvalidTokenSecret = errors.New("invalid token secret") ErrTokenExpired = errors.New("token expired") ErrMissingTOTP = errors.New("missing totp") ErrInvalidPasscodeIssuer = errors.New("invalid passcode issuer") ErrInvalidPasscode = errors.New("invalid passcode") ErrPasscodeRequired = errors.New("passcode required") ErrLoginFailed = errors.New("login failed") )
Functions ¶
func CredentialsError ¶
func ExpireCookie ¶
ExpireCookie will update cookie fields to ensure it's expired.
func GeneratePasscode ¶ added in v0.15.0
for unit testing
func GenerateTOTP ¶ added in v0.15.0
func GenerateTOTP(config config.TOTPConfig, userid string) (string, error)
func SecretFromURL ¶ added in v0.15.0
func UpdateCookie ¶
UpdateCookie will update the cookie age based on the time left for the session.
func ValidatePasscode ¶ added in v0.15.0
Types ¶
type Auth ¶
type Auth struct {
// contains filtered or unexported fields
}
func (*Auth) AssignMedia ¶
func (*Auth) AssignTOTP ¶ added in v0.15.0
assign a TOTP to a user
The TOTP secret is not stored encrypted. May change this later but would need a way to protect passwords used to encrypt secrets.
Entire otpauth URL is stored to support future use of different parameters.
func (*Auth) AssignedMedia ¶
func (*Auth) AuthorizeCode ¶
This assumes token is valid
func (*Auth) ChangePass ¶
ChangePass changes the password associated with the provided userid. User Check prior to this if you'd like to verify the current password.
TODO this should trigger a TOTP change as well.
func (*Auth) CheckAccessToken ¶
func (*Auth) CheckAccessTokenUser ¶
func (*Auth) CheckCodeToken ¶
func (*Auth) CheckFileToken ¶ added in v0.14.0
func (*Auth) CheckMediaToken ¶
func (*Auth) CheckMediaTokenUser ¶
func (*Auth) CookieSession ¶
CookieSession will find the session associated with the provided cookie.
func (*Auth) DeleteExpiredCodes ¶
func (*Auth) DeleteExpiredSessions ¶
func (*Auth) DeleteSession ¶
DeleteSession will delete the provided session
func (*Auth) DeleteSessions ¶
func (*Auth) ExpireAll ¶ added in v0.14.5
Expire all user sessions. This will expire all cookies and refresh tokens. All other tokens will be valid until their ExpireAt.
func (*Auth) GenerateCode ¶
func (*Auth) LinkedCode ¶
func (*Auth) Login ¶
Login will create a new login session after authenticating the userid and password.
func (*Auth) LoginSession ¶ added in v0.16.0
LoginSession will create a new login session for the given userid. No password or passcode are required so use with caution.
func (*Auth) LookupCode ¶
func (*Auth) NewAccessToken ¶
NewAccessToken creates a new JWT token associated with the provided session.
func (*Auth) NewCodeToken ¶
NewCodeToken creates a new JWT token for code-based authentication
func (*Auth) NewFileToken ¶ added in v0.14.0
NewFileToken creates a new JWT token for file auth
func (*Auth) NewMediaToken ¶
NewMediaToken creates a new JWT token associated with the provided session.
func (*Auth) PasscodeLogin ¶ added in v0.15.0
func (*Auth) RefreshCookie ¶
RefreshCookie will renew a session and cookie.
func (*Auth) TokenSession ¶
TokenSession will find the session associated with this provided token.
type Code ¶
type Session ¶
type Session struct { gorm.Model User string `gorm:"unique_index:idx_session_user"` Token string `gorm:"unique_index:idx_session_token"` Expires time.Time `gorm:"index:idx_session_expires"` }
A Session is an authenticated user login session associated with a token and expiration date.