idauth

package
v0.14.11 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 20, 2023 License: Apache-2.0 Imports: 20 Imported by: 0

Documentation

Overview

Package idauth is an authentication plugin based on libp2p peer IDs. The public key is extracted from the ID and the authentication payload is a signature of the ID corresponding to the private key.

Index

Constants

View Source
const (
	// DefaultTimeSkew is the default time skew.
	DefaultTimeSkew = 1
	// DefaultRemoteFetchRetryInterval is the default remote fetch retry interval.
	DefaultRemoteFetchRetryInterval = 3 * time.Second
	// DefaultRemoteFetchRetries is the default number of remote fetch retries.
	DefaultRemoteFetchRetries = 5
	// DefaultWatchInterval is the default watch interval.
	DefaultWatchInterval = time.Minute
	// InlineSource is the source key for inline IDs.
	InlineSource = "inline"
)

Variables

View Source
var Now = time.Now

Now returns the current time.

Functions

func MustNewAuthSignature added in v0.12.3

func MustNewAuthSignature(key crypto.PrivateKey) string

MustNewAuthSignature is like NewAuthSignature but panics on error.

func NewAuthSignature added in v0.12.3

func NewAuthSignature(key crypto.PrivateKey) (string, error)

NewAuthSignature returns a signature for the given key and the current time. The returned signature is base64 encoded.

func NewCreds

func NewCreds(key crypto.PrivateKey) grpc.DialOption

NewCreds returns a DialOption that sets the ID auth credentials.

Types

type AllowedIDs

type AllowedIDs map[string]map[string]struct{}

AllowedIDs is a map of source files to a set of the allowed IDs in that file.

func (AllowedIDs) HasID

func (a AllowedIDs) HasID(id string) bool

HasID returns true if the given ID is in the allowed IDs.

type Config

type Config struct {
	// TimeSkew is the maximum allowed time skew between the client and server
	// as a multiple of 30 seconds. Defaults to 1.
	TimeSkew int `mapstructure:"time-skew,omitempty" koanf:"time-skew,omitempty"`
	// AllowedIDs is a list of allowed peer IDs.
	AllowedIDs []string `mapstructure:"allowed-ids,omitempty" koanf:"allowed-ids,omitempty"`
	// IDFiles are paths to files containing lists of allowed peer IDs.
	// These can be local files or files in a remote HTTP(S) location.
	IDFiles []string `mapstructure:"id-files,omitempty" koanf:"id-files,omitempty"`
	// WatchIDFiles indicates that the ID files should be watched for changes.
	WatchIDFiles bool `mapstructure:"watch-id-files,omitempty" koanf:"watch-id-files,omitempty"`
	// WatchInterval is the interval to poll for changes to remote ID files. Local files
	// use the filesystem's native change notification mechanism.
	WatchInterval time.Duration `mapstructure:"watch-interval,omitempty" koanf:"watch-interval,omitempty"`
	// RemoteFetchRetries is the number of times to retry fetching a remote ID file.
	RemoteFetchRetries int `mapstructure:"remote-fetch-retries,omitempty" koanf:"remote-fetch-retries,omitempty"`
	// RemoteFetchRetryInterval is the interval to wait between retries to fetch a remote ID file.
	RemoteFetchRetryInterval time.Duration `mapstructure:"remote-fetch-retry-interval,omitempty" koanf:"remote-fetch-retry-interval,omitempty"`
	// InsecureAllowAll allows all peer IDs. This is insecure and should only be used for testing.
	InsecureAllowAll bool `mapstructure:"insecure-allow-all,omitempty" koanf:"insecure-allow-all,omitempty"`
}

Config is the configuration for the ID auth plugin.

func NewDefaultConfig added in v0.13.0

func NewDefaultConfig() Config

NewDefaultConfig returns a new default config.

func (*Config) AsMapStructure

func (c *Config) AsMapStructure() map[string]any

func (*Config) BindFlags

func (c *Config) BindFlags(prefix string, fs *pflag.FlagSet)

BindFlags binds the config flags to the given flag set.

func (*Config) CurrentSigData

func (c *Config) CurrentSigData(id string) [][]byte

CurrentSigData returns the current expected signature data based on the configured time skew.

func (*Config) Default

func (c *Config) Default() Config

Default sets the default values for the config.

func (*Config) SetMapStructure

func (c *Config) SetMapStructure(in map[string]any)

type Plugin

type Plugin struct {
	v1.UnimplementedPluginServer
	v1.UnimplementedAuthPluginServer
	// contains filtered or unexported fields
}

Plugin is the ID auth plugin.

func NewWithConfig added in v0.13.0

func NewWithConfig(ctx context.Context, config Config) (*Plugin, error)

NewWithConfig returns a preconfigured plugin. Close should be called on the plugin when it is no longer needed.

func (*Plugin) Authenticate

func (*Plugin) Close

func (p *Plugin) Close(ctx context.Context, req *emptypb.Empty) (*emptypb.Empty, error)

func (*Plugin) Configure

func (p *Plugin) Configure(ctx context.Context, req *v1.PluginConfiguration) (*emptypb.Empty, error)

func (*Plugin) GetInfo

func (p *Plugin) GetInfo(context.Context, *emptypb.Empty) (*v1.PluginInfo, error)

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL