idauth

package

v0.12.3 Latest Latest Go to latest Published: Oct 11, 2023 License: Apache-2.0 Imports: 19 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/webmeshproj/webmesh

Links

Open Source Insights

Documentation ¶

Overview ¶

Package idauth is an authentication plugin based on libp2p peer IDs. The public key is extracted from the ID and the authentication payload is a signature of the ID corresponding to the private key.

Index ¶

Constants
Variables
func MustNewAuthSignature(key crypto.PrivateKey) string
func NewAuthSignature(key crypto.PrivateKey) (string, error)
func NewCreds(key crypto.PrivateKey) grpc.DialOption
type AllowedIDs
- func (a AllowedIDs) HasID(id string) bool
type Config
type Plugin

Constants ¶

View Source

const (
	// DefaultTimeSkew is the default time skew.
	DefaultTimeSkew = 1
	// DefaultRemoteFetchRetryInterval is the default remote fetch retry interval.
	DefaultRemoteFetchRetryInterval = 3 * time.Second
	// DefaultRemoteFetchRetries is the default number of remote fetch retries.
	DefaultRemoteFetchRetries = 5
	// DefaultWatchInterval is the default watch interval.
	DefaultWatchInterval = time.Minute
	// InlineSource is the source key for inline IDs.
	InlineSource = "inline"
)

Variables ¶

View Source

var Now = time.Now

Now returns the current time.

Functions ¶

func MustNewAuthSignature ¶ added in v0.12.3

func MustNewAuthSignature(key crypto.PrivateKey) string

MustNewAuthSignature is like NewAuthSignature but panics on error.

func NewAuthSignature ¶ added in v0.12.3

func NewAuthSignature(key crypto.PrivateKey) (string, error)

NewAuthSignature returns a signature for the given key and the current time. The returned signature is base64 encoded.

func NewCreds ¶

func NewCreds(key crypto.PrivateKey) grpc.DialOption

NewCreds returns a DialOption that sets the ID auth credentials.

Types ¶

type AllowedIDs ¶

type AllowedIDs map[string]map[string]struct{}

AllowedIDs is a map of source files to a set of the allowed IDs in that file.

func (AllowedIDs) HasID ¶

func (a AllowedIDs) HasID(id string) bool

HasID returns true if the given ID is in the allowed IDs.

type Config ¶

type Config struct {
	// TimeSkew is the maximum allowed time skew between the client and server
	// as a multiple of 30 seconds. Defaults to 1.
	TimeSkew int `mapstructure:"time-skew,omitempty" koanf:"time-skew,omitempty"`
	// AllowedIDs is a list of allowed peer IDs.
	AllowedIDs []string `mapstructure:"allowed-ids,omitempty" koanf:"allowed-ids,omitempty"`
	// IDFiles are paths to files containing lists of allowed peer IDs.
	// These can be local files or files in a remote HTTP(S) location.
	IDFiles []string `mapstructure:"id-files,omitempty" koanf:"id-files,omitempty"`
	// WatchIDFiles indicates that the ID files should be watched for changes.
	WatchIDFiles bool `mapstructure:"watch-id-files,omitempty" koanf:"watch-id-files,omitempty"`
	// WatchInterval is the interval to poll for changes to remote ID files. Local files
	// use the filesystem's native change notification mechanism.
	WatchInterval time.Duration `mapstructure:"watch-interval,omitempty" koanf:"watch-interval,omitempty"`
	// RemoteFetchRetries is the number of times to retry fetching a remote ID file.
	RemoteFetchRetries int `mapstructure:"remote-fetch-retries,omitempty" koanf:"remote-fetch-retries,omitempty"`
	// RemoteFetchRetryInterval is the interval to wait between retries to fetch a remote ID file.
	RemoteFetchRetryInterval time.Duration `mapstructure:"remote-fetch-retry-interval,omitempty" koanf:"remote-fetch-retry-interval,omitempty"`
}

Config is the configuration for the ID auth plugin.

func (*Config) AsMapStructure ¶

func (c *Config) AsMapStructure() map[string]any

func (*Config) BindFlags ¶

func (c *Config) BindFlags(prefix string, fs *pflag.FlagSet)

BindFlags binds the config flags to the given flag set.

func (*Config) CurrentSigData ¶

func (c *Config) CurrentSigData(id string) [][]byte

CurrentSigData returns the current expected signature data based on the configured time skew.

func (*Config) Default ¶

func (c *Config) Default()

Default sets the default values for the config.

func (*Config) SetMapStructure ¶

func (c *Config) SetMapStructure(in map[string]any)

type Plugin ¶

type Plugin struct {
	v1.UnimplementedPluginServer
	v1.UnimplementedAuthPluginServer
	// contains filtered or unexported fields
}

Plugin is the ID auth plugin.

func (*Plugin) Authenticate ¶

func (p *Plugin) Authenticate(ctx context.Context, req *v1.AuthenticationRequest) (*v1.AuthenticationResponse, error)

func (*Plugin) Close ¶

func (p *Plugin) Close(ctx context.Context, req *emptypb.Empty) (*emptypb.Empty, error)

func (*Plugin) Configure ¶

func (p *Plugin) Configure(ctx context.Context, req *v1.PluginConfiguration) (*emptypb.Empty, error)

func (*Plugin) GetInfo ¶

func (p *Plugin) GetInfo(context.Context, *emptypb.Empty) (*v1.PluginInfo, error)

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL