Documentation ¶
Index ¶
- Constants
- Variables
- func RecordAuthEvent(ctxCtx context.Context, address string, reason types.AuthReason, ...) error
- func UserPermissionLevelIsAtLeast(user User, level PermissionLevel) bool
- type APIUserSerializer
- type JWTManager
- func (manager *JWTManager) Generate(ctx context.Context, rewardAddress string, permissionLevel PermissionLevel, ...) (string, time.Time, int, error)
- func (manager *JWTManager) InvalidateUserAuthTokens(ctxCtx context.Context, user User) error
- func (manager *JWTManager) IsTokenAboutToExpire(claims *UserClaims) bool
- func (manager *JWTManager) Verify(ctx context.Context, accessToken string) (*UserClaims, error)
- type PermissionLevel
- type ThirdPartyAuthenticationCredentials
- type ThirdPartyAuthorizationProcess
- type ThirdPartyAuthorizer
- type User
- func BuildNonAuthorizedUser(address string, permissionLevel PermissionLevel, nickname *string, ...) User
- func NewAddressOnlyUser(address string) User
- func NewAddressOnlyUserWithPermissionLevel(address string, permLevel PermissionLevel) User
- func NewApplicationUser(address string, applicationID string) User
- type UserClaims
- func (u *UserClaims) Address() string
- func (u *UserClaims) ApplicationID() string
- func (u *UserClaims) IsFromAlienChain() bool
- func (u *UserClaims) IsUnknown() bool
- func (u *UserClaims) ModeratorName() string
- func (u *UserClaims) Nickname() *string
- func (u *UserClaims) PermissionLevel() PermissionLevel
- func (u *UserClaims) SetNickname(s *string)
Constants ¶
const CurrentTokenVersion = 2
Variables ¶
var PermissionLevelOrder = map[PermissionLevel]int{ UnauthenticatedPermissionLevel: 0, UserPermissionLevel: 1, AppEditorPermissionLevel: 2, AdminPermissionLevel: 3, }
PermissionLevelOrder allows for checking which permission levels are more elevated; a higher value means higher privileges
Functions ¶
func RecordAuthEvent ¶
func RecordAuthEvent(ctxCtx context.Context, address string, reason types.AuthReason, reasonInfo interface{}, method types.AuthMethod, methodInfo interface{}) error
RecordAuthEvent records an auth event in the database
func UserPermissionLevelIsAtLeast ¶
func UserPermissionLevelIsAtLeast(user User, level PermissionLevel) bool
Types ¶
type APIUserSerializer ¶
APIUserSerializer is a function that is able to return the protobuf representation of a user
type JWTManager ¶
type JWTManager struct {
// contains filtered or unexported fields
}
JWTManager generates and verifies access tokens
func NewJWTManager ¶
func NewJWTManager(secretKey []byte, tokenLifetimes map[PermissionLevel]time.Duration) (*JWTManager, error)
NewJWTManager returns a new JWTManager
func (*JWTManager) Generate ¶
func (manager *JWTManager) Generate(ctx context.Context, rewardAddress string, permissionLevel PermissionLevel, username string) (string, time.Time, int, error)
Generate generates a JWT for a user
func (*JWTManager) InvalidateUserAuthTokens ¶
func (manager *JWTManager) InvalidateUserAuthTokens(ctxCtx context.Context, user User) error
InvalidateUserAuthTokens invalidates all previously issued authentication tokens for the given user
func (*JWTManager) IsTokenAboutToExpire ¶
func (manager *JWTManager) IsTokenAboutToExpire(claims *UserClaims) bool
IsTokenAboutToExpire returns whether the given token needs renewing ASAP
func (*JWTManager) Verify ¶
func (manager *JWTManager) Verify(ctx context.Context, accessToken string) (*UserClaims, error)
Verify verifies a JWT
type PermissionLevel ¶
type PermissionLevel string
PermissionLevel represents the elevation of a user
const AdminPermissionLevel PermissionLevel = "admin"
const AppEditorPermissionLevel PermissionLevel = "appeditor"
const UnauthenticatedPermissionLevel PermissionLevel = "" // must be the empty string
const UserPermissionLevel PermissionLevel = "user"
func ParseAPIPermissionLevel ¶
func ParseAPIPermissionLevel(level proto.PermissionLevel) PermissionLevel
ParseAPIPermissionLevel parses a protobuf permission level into a Permission Level
func ParsePermissionLevel ¶
func ParsePermissionLevel(p string) (PermissionLevel, error)
ParsePermissionLevel parses a permission level into a PermissionLevel
func (PermissionLevel) SerializeForAPI ¶
func (p PermissionLevel) SerializeForAPI() proto.PermissionLevel
type ThirdPartyAuthenticationCredentials ¶
ThirdPartyAuthenticationCredentials are the credentials provided to a third party when the authorization process is approved by the user
type ThirdPartyAuthorizationProcess ¶
type ThirdPartyAuthorizationProcess struct { ID string // generated by the server ApplicationName string // provided by the third party on a per-request basis PermissionLevel PermissionLevel // provided by the third party on a per-request basis Reason string // provided by the third party on a per-request basis, shown to the user making it clear the third-party is being quoted Complete bool // set to true once the user consents or dissents UserConsented event.Event[ThirdPartyAuthenticationCredentials] // fired when the user approves the authorization request UserDissented event.NoArgEvent // fired when the user rejects the authorization request or when it expires // contains filtered or unexported fields }
ThirdPartyAuthorizationProcess is the process for authorizing a third party to act on a user's behalf
func (*ThirdPartyAuthorizationProcess) Dissent ¶
func (process *ThirdPartyAuthorizationProcess) Dissent()
type ThirdPartyAuthorizer ¶
type ThirdPartyAuthorizer struct {
// contains filtered or unexported fields
}
ThirdPartyAuthorizer is responsible for authorizing external systems to act on a user's behalf
func NewThirdPartyAuthorizer ¶
func NewThirdPartyAuthorizer(jwtManager *JWTManager) *ThirdPartyAuthorizer
NewThirdPartyAuthorizer returns a new initialized ThirdPartyAuthorizer
func (*ThirdPartyAuthorizer) BeginProcess ¶
func (authorizer *ThirdPartyAuthorizer) BeginProcess(applicationName string, permissionLevel PermissionLevel, reason string) *ThirdPartyAuthorizationProcess
func (*ThirdPartyAuthorizer) GetProcess ¶
func (authorizer *ThirdPartyAuthorizer) GetProcess(id string) (*ThirdPartyAuthorizationProcess, bool)
type User ¶
type User interface { Address() string PermissionLevel() PermissionLevel IsUnknown() bool IsFromAlienChain() bool ApplicationID() string Nickname() *string SetNickname(*string) ModeratorName() string }
User represents an identity on the service
var UnknownUser User = &unknownUser{}
func BuildNonAuthorizedUser ¶
func BuildNonAuthorizedUser(address string, permissionLevel PermissionLevel, nickname *string, applicationID *string) User
BuildNonAuthorizedUser uses the specified components to return a User that is not backed by JWT claims
func NewAddressOnlyUser ¶
func NewAddressOnlyUserWithPermissionLevel ¶
func NewAddressOnlyUserWithPermissionLevel(address string, permLevel PermissionLevel) User
func NewApplicationUser ¶
type UserClaims ¶
type UserClaims struct { jwt.StandardClaims ClaimsVersion int `json:"claims_version"` Season int `json:"season"` // incremented on a per-user basis when each user wants to invalidate all of their auth tokens // contains filtered or unexported fields }
UserClaims is the claim type used
func (*UserClaims) Address ¶
func (u *UserClaims) Address() string
func (*UserClaims) ApplicationID ¶
func (u *UserClaims) ApplicationID() string
func (*UserClaims) IsFromAlienChain ¶
func (u *UserClaims) IsFromAlienChain() bool
func (*UserClaims) IsUnknown ¶
func (u *UserClaims) IsUnknown() bool
func (*UserClaims) ModeratorName ¶
func (u *UserClaims) ModeratorName() string
func (*UserClaims) Nickname ¶
func (u *UserClaims) Nickname() *string
func (*UserClaims) PermissionLevel ¶
func (u *UserClaims) PermissionLevel() PermissionLevel
func (*UserClaims) SetNickname ¶
func (u *UserClaims) SetNickname(s *string)