auth

package
v0.21.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 6, 2024 License: AGPL-3.0 Imports: 19 Imported by: 0

Documentation

Overview

Package auth manages users, passwords, tokens and sessions.

Index

Constants

View Source
const (
	CodeChars = "123456789ABCDEFGHILKMNPQRSTUVWXYZ"
	CodeSize  = 6
)
View Source
const (
	CookieName = takeout.AppName
)

Variables

View Source
var (
	ErrBadDriver                = errors.New("driver not supported")
	ErrUserNotFound             = errors.New("user not found")
	ErrKeyMismatch              = errors.New("key mismatch")
	ErrSessionNotFound          = errors.New("session not found")
	ErrSessionExpired           = errors.New("session expired")
	ErrCodeNotFound             = errors.New("code not found")
	ErrCodeExpired              = errors.New("code has expired")
	ErrCodeAlreadyUsed          = errors.New("code already authorized")
	ErrInvalidTokenSubject      = errors.New("invalid subject")
	ErrInvalidTokenAudience     = errors.New("invalid audience")
	ErrInvalidTokenMethod       = errors.New("invalid token method")
	ErrInvalidTokenIssuer       = errors.New("invalid token issuer")
	ErrInvalidTokenClaims       = errors.New("invalid token claims")
	ErrInvalidAccessTokenSecret = errors.New("invalid access token secret")
	ErrInvalidMediaTokenSecret  = errors.New("invalid media token secret")
	ErrInvalidCodeTokenSecret   = errors.New("invalid code token secret")
	ErrInvalidFileTokenSecret   = errors.New("invalid file token secret")
	ErrInvalidTokenSecret       = errors.New("invalid token secret")
	ErrTokenExpired             = errors.New("token expired")
	ErrMissingTOTP              = errors.New("missing totp")
	ErrInvalidPasscodeIssuer    = errors.New("invalid passcode issuer")
	ErrInvalidPasscode          = errors.New("invalid passcode")
	ErrPasscodeRequired         = errors.New("passcode required")
	ErrLoginFailed              = errors.New("login failed")
)

Functions

func CredentialsError

func CredentialsError(err error) bool

func ExpireCookie

func ExpireCookie(cookie *http.Cookie) *http.Cookie

ExpireCookie will update cookie fields to ensure it's expired.

func GeneratePasscode added in v0.15.0

func GeneratePasscode(secret string) (string, error)

for unit testing

func GenerateTOTP added in v0.15.0

func GenerateTOTP(config config.TOTPConfig, userid string) (string, error)

func SecretFromURL added in v0.15.0

func SecretFromURL(url string) (string, error)

func UpdateCookie

func UpdateCookie(session Session, cookie *http.Cookie)

UpdateCookie will update the cookie age based on the time left for the session.

func ValidatePasscode added in v0.15.0

func ValidatePasscode(passcode, secret string) bool

Types

type Auth

type Auth struct {
	// contains filtered or unexported fields
}

func NewAuth

func NewAuth(config *config.Config) *Auth

func (*Auth) AddUser

func (a *Auth) AddUser(userid, pass string) error

AddUser adds a new user to the user database.

func (*Auth) AssignMedia

func (a *Auth) AssignMedia(userid, media string) error

func (*Auth) AssignTOTP added in v0.15.0

func (a *Auth) AssignTOTP(userid, url string) error

assign a TOTP to a user

The TOTP secret is not stored encrypted. May change this later but would need a way to protect passwords used to encrypt secrets.

Entire otpauth URL is stored to support future use of different parameters.

func (*Auth) AssignedMedia

func (a *Auth) AssignedMedia() []string

func (*Auth) AuthorizeCode

func (a *Auth) AuthorizeCode(value, token string) error

This assumes token is valid

func (*Auth) ChangePass

func (a *Auth) ChangePass(userid, newpass string) error

ChangePass changes the password associated with the provided userid. User Check prior to this if you'd like to verify the current password.

TODO this should trigger a TOTP change as well.

func (*Auth) CheckAccessToken

func (a *Auth) CheckAccessToken(signedToken string) error

func (*Auth) CheckAccessTokenUser

func (a *Auth) CheckAccessTokenUser(signedToken string) (User, error)

func (*Auth) CheckCodeToken

func (a *Auth) CheckCodeToken(signedToken string) error

func (*Auth) CheckCookie

func (a *Auth) CheckCookie(cookie *http.Cookie) error

func (*Auth) CheckFileToken added in v0.14.0

func (a *Auth) CheckFileToken(signedToken string, path string) error

func (*Auth) CheckMediaToken

func (a *Auth) CheckMediaToken(signedToken string) error

func (*Auth) CheckMediaTokenUser

func (a *Auth) CheckMediaTokenUser(signedToken string) (User, error)

func (*Auth) Close

func (a *Auth) Close()

func (*Auth) CookieSession

func (a *Auth) CookieSession(cookie *http.Cookie) (Session, error)

CookieSession will find the session associated with the provided cookie.

func (*Auth) DeleteExpiredCodes

func (a *Auth) DeleteExpiredCodes() error

func (*Auth) DeleteExpiredSessions

func (a *Auth) DeleteExpiredSessions() error

func (*Auth) DeleteSession

func (a *Auth) DeleteSession(session *Session)

DeleteSession will delete the provided session

func (*Auth) DeleteSessions

func (a *Auth) DeleteSessions(u User) error

func (*Auth) ExpireAll added in v0.14.5

func (a *Auth) ExpireAll(userid string) error

Expire all user sessions. This will expire all cookies and refresh tokens. All other tokens will be valid until their ExpireAt.

func (*Auth) GenerateCode

func (a *Auth) GenerateCode() *Code

func (*Auth) LinkedCode

func (a *Auth) LinkedCode(value string) *Code

func (*Auth) Login

func (a *Auth) Login(userid, pass string) (Session, error)

Login will create a new login session after authenticating the userid and password.

func (*Auth) LoginSession added in v0.16.0

func (a *Auth) LoginSession(userid string) (Session, error)

LoginSession will create a new login session for the given userid. No password or passcode are required so use with caution.

func (*Auth) LookupCode

func (a *Auth) LookupCode(value string) *Code

func (*Auth) NewAccessToken

func (a *Auth) NewAccessToken(s Session) (string, error)

NewAccessToken creates a new JWT token associated with the provided session.

func (*Auth) NewCodeToken

func (a *Auth) NewCodeToken(subject string) (string, error)

NewCodeToken creates a new JWT token for code-based authentication

func (*Auth) NewCookie

func (a *Auth) NewCookie(session *Session) http.Cookie

NewCookie creates a new cookie associated with the provided session.

func (*Auth) NewFileToken added in v0.14.0

func (a *Auth) NewFileToken(path string) (string, error)

NewFileToken creates a new JWT token for file auth

func (*Auth) NewMediaToken

func (a *Auth) NewMediaToken(s Session) (string, error)

NewMediaToken creates a new JWT token associated with the provided session.

func (*Auth) Open

func (a *Auth) Open() (err error)

func (*Auth) PasscodeLogin added in v0.15.0

func (a *Auth) PasscodeLogin(userid, pass, passcode string) (Session, error)

func (*Auth) Refresh

func (a *Auth) Refresh(session *Session) error

func (*Auth) RefreshCookie

func (a *Auth) RefreshCookie(session *Session, cookie *http.Cookie) error

RefreshCookie will renew a session and cookie.

func (*Auth) SessionUser

func (a *Auth) SessionUser(session Session) (User, error)

func (*Auth) TokenSession

func (a *Auth) TokenSession(token string) (Session, error)

TokenSession will find the session associated with this provided token.

func (*Auth) User

func (a *Auth) User(userid string) (User, error)

User returns the user found with the provded userid.

func (*Auth) ValidCode

func (a *Auth) ValidCode(value string) *Code

type Code

type Code struct {
	gorm.Model
	Value   string    `gorm:"unique_index:idx_code_value"`
	Expires time.Time `gorm:"index:idx_code_expires"`
	Token   string
}

func (*Code) Linked

func (c *Code) Linked() bool

type Session

type Session struct {
	gorm.Model
	User    string    `gorm:"unique_index:idx_session_user"`
	Token   string    `gorm:"unique_index:idx_session_token"`
	Expires time.Time `gorm:"index:idx_session_expires"`
}

A Session is an authenticated user login session associated with a token and expiration date.

func (*Session) Duration

func (s *Session) Duration() time.Duration

Duration returns the remain time for this session.

func (*Session) Expired

func (s *Session) Expired() bool

Expired returns whether or not the session is expired.

func (*Session) Valid

func (s *Session) Valid() bool

Valid returns whether or not the session is not expired.

type User

type User struct {
	gorm.Model
	Name  string `gorm:"unique_index:idx_user_name"`
	Key   []byte
	Salt  []byte
	Media string
	TOTP  string
}

func (*User) FirstMedia

func (u *User) FirstMedia() string

func (*User) MediaList

func (u *User) MediaList() []string

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL