Documentation ¶
Overview ¶
Package idauth is an authentication plugin based on libp2p peer IDs. The public key is extracted from the ID and the authentication payload is a signature of the ID corresponding to the private key.
Index ¶
- Variables
- func NewCreds(key crypto.PrivateKey) grpc.DialOption
- type AllowedIDs
- type Config
- type Plugin
- func (p *Plugin) Authenticate(ctx context.Context, req *v1.AuthenticationRequest) (*v1.AuthenticationResponse, error)
- func (p *Plugin) Close(ctx context.Context, req *emptypb.Empty) (*emptypb.Empty, error)
- func (p *Plugin) Configure(ctx context.Context, req *v1.PluginConfiguration) (*emptypb.Empty, error)
- func (p *Plugin) GetInfo(context.Context, *emptypb.Empty) (*v1.PluginInfo, error)
Constants ¶
This section is empty.
Variables ¶
View Source
var Now = time.Now
Now returns the current time.
Functions ¶
func NewCreds ¶
func NewCreds(key crypto.PrivateKey) grpc.DialOption
NewCreds returns a DialOption that sets the basic auth credentials.
Types ¶
type AllowedIDs ¶
AllowedIDs is a map of source files to a set of the allowed IDs in that file.
func (AllowedIDs) HasID ¶
func (a AllowedIDs) HasID(id string) bool
HasID returns true if the given ID is in the allowed IDs.
type Config ¶
type Config struct { // TimeSkew is the maximum allowed time skew between the client and server // as a multiple of 30 seconds. Defaults to 1. TimeSkew int `mapstructure:"time-skew,omitempty" koanf:"time-skew,omitempty"` // AllowedIDs is a list of allowed peer IDs. AllowedIDs []string `mapstructure:"allowed-ids,omitempty" koanf:"allowed-ids,omitempty"` // IDFiles are paths to files containing lists of allowed peer IDs. // These can be local files or files in a remote HTTP(S) location. IDFiles []string `mapstructure:"id-files,omitempty" koanf:"id-files,omitempty"` // WatchIDFiles indicates that the ID files should be watched for changes. WatchIDFiles bool `mapstructure:"watch-id-files,omitempty" koanf:"watch-id-files,omitempty"` // WatchInterval is the interval to poll for changes to remote ID files. Local files // use the filesystem's native change notification mechanism. WatchInterval time.Duration `mapstructure:"watch-interval,omitempty" koanf:"watch-interval,omitempty"` // RemoteFetchRetries is the number of times to retry fetching a remote ID file. RemoteFetchRetries int `mapstructure:"remote-fetch-retries,omitempty" koanf:"remote-fetch-retries,omitempty"` // RemoteFetchRetryInterval is the interval to wait between retries to fetch a remote ID file. RemoteFetchRetryInterval time.Duration `mapstructure:"remote-fetch-retry-interval,omitempty" koanf:"remote-fetch-retry-interval,omitempty"` }
Config is the configuration for the ID auth plugin.
func (*Config) AsMapStructure ¶
func (*Config) CurrentSigData ¶
CurrentSigData returns the current expected signature data based on the configured time skew.
func (*Config) SetMapStructure ¶
type Plugin ¶
type Plugin struct { v1.UnimplementedPluginServer v1.UnimplementedAuthPluginServer // contains filtered or unexported fields }
Plugin is the ID auth plugin.
func (*Plugin) Authenticate ¶
func (p *Plugin) Authenticate(ctx context.Context, req *v1.AuthenticationRequest) (*v1.AuthenticationResponse, error)
Click to show internal directories.
Click to hide internal directories.