auth

package
v0.0.0-...-732ec5d Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 14, 2024 License: Apache-2.0 Imports: 16 Imported by: 0

Documentation

Index

Constants

View Source
const CurrentTokenVersion = 2

Variables

PermissionLevelOrder allows for checking which permission levels are more elevated; a higher value means higher privileges

Functions

func RecordAuthEvent

func RecordAuthEvent(ctxCtx context.Context, address string, reason types.AuthReason, reasonInfo interface{}, method types.AuthMethod, methodInfo interface{}) error

RecordAuthEvent records an auth event in the database

func UserPermissionLevelIsAtLeast

func UserPermissionLevelIsAtLeast(user User, level PermissionLevel) bool

Types

type APIUserSerializer

type APIUserSerializer func(ctx context.Context, user User) *proto.User

APIUserSerializer is a function that is able to return the protobuf representation of a user

type JWTManager

type JWTManager struct {
	// contains filtered or unexported fields
}

JWTManager generates and verifies access tokens

func NewJWTManager

func NewJWTManager(secretKey []byte, tokenLifetimes map[PermissionLevel]time.Duration) (*JWTManager, error)

NewJWTManager returns a new JWTManager

func (*JWTManager) Generate

func (manager *JWTManager) Generate(ctx context.Context, rewardAddress string, permissionLevel PermissionLevel, username string) (string, time.Time, int, error)

Generate generates a JWT for a user

func (*JWTManager) InvalidateUserAuthTokens

func (manager *JWTManager) InvalidateUserAuthTokens(ctxCtx context.Context, user User) error

InvalidateUserAuthTokens invalidates all previously issued authentication tokens for the given user

func (*JWTManager) IsTokenAboutToExpire

func (manager *JWTManager) IsTokenAboutToExpire(claims *UserClaims) bool

IsTokenAboutToExpire returns whether the given token needs renewing ASAP

func (*JWTManager) Verify

func (manager *JWTManager) Verify(ctx context.Context, accessToken string) (*UserClaims, error)

Verify verifies a JWT

type PermissionLevel

type PermissionLevel string

PermissionLevel represents the elevation of a user

const AdminPermissionLevel PermissionLevel = "admin"
const AppEditorPermissionLevel PermissionLevel = "appeditor"
const UnauthenticatedPermissionLevel PermissionLevel = "" // must be the empty string
const UserPermissionLevel PermissionLevel = "user"

func ParseAPIPermissionLevel

func ParseAPIPermissionLevel(level proto.PermissionLevel) PermissionLevel

ParseAPIPermissionLevel parses a protobuf permission level into a Permission Level

func ParsePermissionLevel

func ParsePermissionLevel(p string) (PermissionLevel, error)

ParsePermissionLevel parses a permission level into a PermissionLevel

func (PermissionLevel) SerializeForAPI

func (p PermissionLevel) SerializeForAPI() proto.PermissionLevel

type ThirdPartyAuthenticationCredentials

type ThirdPartyAuthenticationCredentials struct {
	AuthToken string
	Expiry    time.Time
}

ThirdPartyAuthenticationCredentials are the credentials provided to a third party when the authorization process is approved by the user

type ThirdPartyAuthorizationProcess

type ThirdPartyAuthorizationProcess struct {
	ID              string                                           // generated by the server
	ApplicationName string                                           // provided by the third party on a per-request basis
	PermissionLevel PermissionLevel                                  // provided by the third party on a per-request basis
	Reason          string                                           // provided by the third party on a per-request basis, shown to the user making it clear the third-party is being quoted
	Complete        bool                                             // set to true once the user consents or dissents
	UserConsented   event.Event[ThirdPartyAuthenticationCredentials] // fired when the user approves the authorization request
	UserDissented   event.NoArgEvent                                 // fired when the user rejects the authorization request or when it expires
	// contains filtered or unexported fields
}

ThirdPartyAuthorizationProcess is the process for authorizing a third party to act on a user's behalf

func (*ThirdPartyAuthorizationProcess) Consent

func (process *ThirdPartyAuthorizationProcess) Consent(ctx context.Context, user User, remoteAddress string) error

func (*ThirdPartyAuthorizationProcess) Dissent

func (process *ThirdPartyAuthorizationProcess) Dissent()

type ThirdPartyAuthorizer

type ThirdPartyAuthorizer struct {
	// contains filtered or unexported fields
}

ThirdPartyAuthorizer is responsible for authorizing external systems to act on a user's behalf

func NewThirdPartyAuthorizer

func NewThirdPartyAuthorizer(jwtManager *JWTManager) *ThirdPartyAuthorizer

NewThirdPartyAuthorizer returns a new initialized ThirdPartyAuthorizer

func (*ThirdPartyAuthorizer) BeginProcess

func (authorizer *ThirdPartyAuthorizer) BeginProcess(applicationName string, permissionLevel PermissionLevel, reason string) *ThirdPartyAuthorizationProcess

func (*ThirdPartyAuthorizer) GetProcess

func (authorizer *ThirdPartyAuthorizer) GetProcess(id string) (*ThirdPartyAuthorizationProcess, bool)

type User

type User interface {
	Address() string
	PermissionLevel() PermissionLevel
	IsUnknown() bool
	IsFromAlienChain() bool
	ApplicationID() string

	Nickname() *string
	SetNickname(*string)
	ModeratorName() string
}

User represents an identity on the service

var UnknownUser User = &unknownUser{}

func BuildNonAuthorizedUser

func BuildNonAuthorizedUser(address string, permissionLevel PermissionLevel, nickname *string, applicationID *string) User

BuildNonAuthorizedUser uses the specified components to return a User that is not backed by JWT claims

func NewAddressOnlyUser

func NewAddressOnlyUser(address string) User

func NewAddressOnlyUserWithPermissionLevel

func NewAddressOnlyUserWithPermissionLevel(address string, permLevel PermissionLevel) User

func NewApplicationUser

func NewApplicationUser(address string, applicationID string) User

type UserClaims

type UserClaims struct {
	jwt.StandardClaims

	ClaimsVersion int `json:"claims_version"`
	Season        int `json:"season"` // incremented on a per-user basis when each user wants to invalidate all of their auth tokens
	// contains filtered or unexported fields
}

UserClaims is the claim type used

func (*UserClaims) Address

func (u *UserClaims) Address() string

func (*UserClaims) ApplicationID

func (u *UserClaims) ApplicationID() string

func (*UserClaims) IsFromAlienChain

func (u *UserClaims) IsFromAlienChain() bool

func (*UserClaims) IsUnknown

func (u *UserClaims) IsUnknown() bool

func (*UserClaims) ModeratorName

func (u *UserClaims) ModeratorName() string

func (*UserClaims) Nickname

func (u *UserClaims) Nickname() *string

func (*UserClaims) PermissionLevel

func (u *UserClaims) PermissionLevel() PermissionLevel

func (*UserClaims) SetNickname

func (u *UserClaims) SetNickname(s *string)

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL