Documentation ¶
Overview ¶
Package identityserver handles the database operations for The Things Stack.
Index ¶
- func GenerateAPIKey(ctx context.Context, name string, expiresAt *time.Time, rights ...ttnpb.Right) (key *ttnpb.APIKey, token string, err error)
- func GenerateCSPString(config *oauth.Config, nonce string) string
- type Config
- type IdentityServer
- func (is *IdentityServer) ApplicationRights(ctx context.Context, appIDs *ttnpb.ApplicationIdentifiers) (*ttnpb.Rights, error)
- func (is *IdentityServer) AuthInfo(ctx context.Context) (*ttnpb.AuthInfoResponse, error)
- func (is *IdentityServer) ClientRights(ctx context.Context, cliIDs *ttnpb.ClientIdentifiers) (*ttnpb.Rights, error)
- func (is *IdentityServer) Close()
- func (is *IdentityServer) Context() context.Context
- func (is *IdentityServer) GatewayRights(ctx context.Context, gtwIDs *ttnpb.GatewayIdentifiers) (*ttnpb.Rights, error)
- func (is *IdentityServer) GetConfiguration(ctx context.Context, _ *ttnpb.GetIsConfigurationRequest) (*ttnpb.GetIsConfigurationResponse, error)
- func (is *IdentityServer) IsAdmin(ctx context.Context) bool
- func (is *IdentityServer) OrganizationRights(ctx context.Context, orgIDs *ttnpb.OrganizationIdentifiers) (*ttnpb.Rights, error)
- func (is *IdentityServer) RegisterHandlers(s *runtime.ServeMux, conn *grpc.ClientConn)
- func (is *IdentityServer) RegisterInterop(srv *interop.Server)
- func (is *IdentityServer) RegisterServices(s *grpc.Server)
- func (is *IdentityServer) RequireAdmin(ctx context.Context) error
- func (is *IdentityServer) RequireAdminForFieldUpdate(ctx context.Context, fields, adminFields []string) error
- func (is *IdentityServer) RequireAuthenticated(ctx context.Context) error
- func (*IdentityServer) Roles() []ttnpb.ClusterRole
- func (is *IdentityServer) SendEmail(ctx context.Context, message *email.Message) (err error)
- func (is *IdentityServer) SendNotificationEmailToUserIDs(ctx context.Context, notification *ttnpb.Notification, ...) error
- func (is *IdentityServer) SendNotificationEmailToUsers(ctx context.Context, notification *ttnpb.Notification, ...) error
- func (is *IdentityServer) SendTemplateEmailToUserIDs(ctx context.Context, templateName string, ...) error
- func (is *IdentityServer) SendTemplateEmailToUsers(ctx context.Context, templateName string, ...) error
- func (is *IdentityServer) SetRedisCache(redis *redis.Client)
- func (is *IdentityServer) UniversalRights(ctx context.Context) *ttnpb.Rights
- func (is *IdentityServer) UserRights(ctx context.Context, userIDs *ttnpb.UserIdentifiers) (*ttnpb.Rights, error)
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
Types ¶
type Config ¶
type Config struct { DatabaseURI string `name:"database-uri" description:"Database connection URI"` UserRegistration struct { Enabled bool `name:"enabled" description:"Enable user registration"` Invitation struct { Required bool `name:"required" description:"Require invitations for new users"` TokenTTL time.Duration `name:"token-ttl" description:"TTL of user invitation tokens"` } `name:"invitation"` ContactInfoValidation struct { Required bool `name:"required" description:"Require contact info validation for new users"` TokenTTL time.Duration `name:"token-ttl" description:"TTL of contact info validation tokens"` RetryInterval time.Duration `name:"retry-interval" description:"Minimum interval for resending contact info validation emails"` // nolint:lll } `name:"contact-info-validation"` AdminApproval struct { Required bool `name:"required" description:"Require admin approval for new users"` } `name:"admin-approval"` PasswordRequirements struct { MinLength int `name:"min-length" description:"Minimum password length"` MaxLength int `name:"max-length" description:"Maximum password length"` MinUppercase int `name:"min-uppercase" description:"Minimum number of uppercase letters"` MinDigits int `name:"min-digits" description:"Minimum number of digits"` MinSpecial int `name:"min-special" description:"Minimum number of special characters"` RejectUserID bool `name:"reject-user-id" description:"Reject passwords that contain user ID"` RejectCommon bool `name:"reject-common" description:"Reject common passwords"` } `name:"password-requirements"` } `name:"user-registration"` AuthCache struct { MembershipTTL time.Duration `name:"membership-ttl" description:"TTL of membership caches"` } `name:"auth-cache"` OAuth oauth.Config `name:"oauth"` ProfilePicture struct { DisableUpload bool `name:"disable-upload" description:"Disable uploading profile pictures"` UseGravatar bool `name:"use-gravatar" description:"Use Gravatar fallback for users without profile picture"` Bucket string `name:"bucket" description:"Bucket used for storing profile pictures"` BucketURL string `name:"bucket-url" description:"Base URL for public bucket access"` } `name:"profile-picture"` EndDevicePicture struct { DisableUpload bool `name:"disable-upload" description:"Disable uploading end device pictures"` Bucket string `name:"bucket" description:"Bucket used for storing end device pictures"` BucketURL string `name:"bucket-url" description:"Base URL for public bucket access"` } `name:"end-device-picture"` UserRights struct { CreateApplications bool `name:"create-applications" description:"Allow non-admin users to create applications in their user account"` CreateClients bool `name:"create-clients" description:"Allow non-admin users to create OAuth clients in their user account"` CreateGateways bool `name:"create-gateways" description:"Allow non-admin users to create gateways in their user account"` CreateOrganizations bool `name:"create-organizations" description:"Allow non-admin users to create organizations in their user account"` } `name:"user-rights"` AdminRights struct { All bool `name:"all" description:"Grant all rights to admins, including _KEYS and _ALL"` } `name:"admin-rights"` CollaboratorRights struct { SetOthersAsContacts bool `name:"set-others-as-contacts" description:"Allow users to set other users as entity contacts"` // nolint:lll } `name:"collaborator-rights"` LoginTokens struct { Enabled bool `name:"enabled" description:"enable users requesting login tokens"` TokenTTL time.Duration `name:"token-ttl" description:"TTL of login tokens"` } `name:"login-tokens"` Email struct { email.Config `name:",squash"` Provider string `name:"provider" description:"Email provider to use"` Dir string `name:"dir" description:"Directory to write emails to if the dir provider is used (development only)"` // nolint:lll SendGrid sendgrid.Config `name:"sendgrid"` SMTP smtp.Config `name:"smtp"` Templates emailTemplatesConfig `name:"templates"` } `name:"email"` EndDevices struct { EncryptionKeyID string `name:"encryption-key-id" description:"ID of the key used to encrypt end device secrets at rest"` //nolint:lll } `name:"end-devices"` Gateways struct { EncryptionKeyID string `name:"encryption-key-id" description:"ID of the key used to encrypt gateway secrets at rest"` TokenValidity time.Duration `name:"token-validity" description:"Time in seconds after creation when a gateway token is valid"` //nolint:lll } `name:"gateways"` Delete struct { Restore time.Duration `name:"restore" description:"How long after soft-deletion an entity can be restored"` } `name:"delete"` DevEUIBlock struct { Enabled bool `name:"enabled" description:"Enable DevEUI address issuing from IEEE MAC block"` ApplicationLimit int `name:"application-limit" description:"Maximum DevEUI addresses to be issued per application"` Prefix ttntypes.EUI64Prefix `name:"prefix" description:"DevEUI block prefix"` InitCounter int64 `name:"init-counter" description:"Initial counter value for the addresses to be issued (default 0)"` } `name:"dev-eui-block" description:"IEEE MAC block used to issue DevEUIs to devices that are not yet programmed"` Network struct { NetID ttntypes.NetID `name:"net-id" description:"NetID of this network"` NSID *ttntypes.EUI64 `name:"ns-id" description:"NSID of this network (EUI)"` TenantID string `name:"tenant-id" description:"Tenant ID"` } `name:"network"` TelemetryQueue telemetry.TaskQueue `name:"-"` Pagination struct { DefaultLimit uint32 `name:"default-limit" description:"The default limit applied to paginated requests if not specified"` // nolint:lll } `name:"pagination" description:"Pagination settings"` }
Config for the Identity Server.
type IdentityServer ¶
type IdentityServer struct { ttnpb.UnimplementedIsServer *component.Component // contains filtered or unexported fields }
IdentityServer implements the Identity Server component.
The Identity Server exposes the Registry and Access services for Applications, OAuth clients, Gateways, Organizations and Users.
func New ¶
func New(c *component.Component, config *Config) (is *IdentityServer, err error)
New returns new *IdentityServer.
func (*IdentityServer) ApplicationRights ¶
func (is *IdentityServer) ApplicationRights(ctx context.Context, appIDs *ttnpb.ApplicationIdentifiers) (*ttnpb.Rights, error)
ApplicationRights returns the rights the caller has on the given application.
func (*IdentityServer) AuthInfo ¶ added in v3.12.0
func (is *IdentityServer) AuthInfo(ctx context.Context) (*ttnpb.AuthInfoResponse, error)
AuthInfo implements rights.AuthInfoFetcher.
func (*IdentityServer) ClientRights ¶
func (is *IdentityServer) ClientRights(ctx context.Context, cliIDs *ttnpb.ClientIdentifiers) (*ttnpb.Rights, error)
ClientRights returns the rights the caller has on the given client.
func (*IdentityServer) Close ¶ added in v3.19.0
func (is *IdentityServer) Close()
Close closes the Identity Server database connections and the underlying component.
func (*IdentityServer) Context ¶
func (is *IdentityServer) Context() context.Context
Context returns the context of the Identity Server.
func (*IdentityServer) GatewayRights ¶
func (is *IdentityServer) GatewayRights(ctx context.Context, gtwIDs *ttnpb.GatewayIdentifiers) (*ttnpb.Rights, error)
GatewayRights returns the rights the caller has on the given gateway. The query for the gateway only considers the Gateway ID and not the EUI (if provided).
func (*IdentityServer) GetConfiguration ¶ added in v3.9.0
func (is *IdentityServer) GetConfiguration(ctx context.Context, _ *ttnpb.GetIsConfigurationRequest) (*ttnpb.GetIsConfigurationResponse, error)
GetConfiguration implements the RPC that returns the configuration of the Identity Server.
func (*IdentityServer) IsAdmin ¶
func (is *IdentityServer) IsAdmin(ctx context.Context) bool
IsAdmin returns whether the caller is an admin.
func (*IdentityServer) OrganizationRights ¶
func (is *IdentityServer) OrganizationRights(ctx context.Context, orgIDs *ttnpb.OrganizationIdentifiers) (*ttnpb.Rights, error)
OrganizationRights returns the rights the caller has on the given organization.
func (*IdentityServer) RegisterHandlers ¶
func (is *IdentityServer) RegisterHandlers(s *runtime.ServeMux, conn *grpc.ClientConn)
RegisterHandlers registers gRPC handlers.
func (*IdentityServer) RegisterInterop ¶ added in v3.15.2
func (is *IdentityServer) RegisterInterop(srv *interop.Server)
RegisterInterop registers the LoRaWAN Backend Interfaces interoperability services.
func (*IdentityServer) RegisterServices ¶
func (is *IdentityServer) RegisterServices(s *grpc.Server)
RegisterServices registers services provided by is at s.
func (*IdentityServer) RequireAdmin ¶
func (is *IdentityServer) RequireAdmin(ctx context.Context) error
RequireAdmin returns an error when the caller is not an admin.
func (*IdentityServer) RequireAdminForFieldUpdate ¶ added in v3.21.0
func (is *IdentityServer) RequireAdminForFieldUpdate(ctx context.Context, fields, adminFields []string) error
RequireAdminForFieldUpdate returns an error when the caller tries to update an admin-only field.
func (*IdentityServer) RequireAuthenticated ¶
func (is *IdentityServer) RequireAuthenticated(ctx context.Context) error
RequireAuthenticated checks the request context for authentication presence and returns an error if there is none.
func (*IdentityServer) Roles ¶
func (*IdentityServer) Roles() []ttnpb.ClusterRole
Roles returns the roles that the Identity Server fulfills.
func (*IdentityServer) SendNotificationEmailToUserIDs ¶ added in v3.19.2
func (is *IdentityServer) SendNotificationEmailToUserIDs(ctx context.Context, notification *ttnpb.Notification, receiverIDs ...*ttnpb.UserIdentifiers) error
SendNotificationEmailToUserIDs looks up the users and sends them a notification email.
func (*IdentityServer) SendNotificationEmailToUsers ¶ added in v3.19.2
func (is *IdentityServer) SendNotificationEmailToUsers(ctx context.Context, notification *ttnpb.Notification, receivers ...*ttnpb.User) error
SendNotificationEmailToUsers sends a notification email to users.
func (*IdentityServer) SendTemplateEmailToUserIDs ¶ added in v3.19.2
func (is *IdentityServer) SendTemplateEmailToUserIDs( ctx context.Context, templateName string, dataBuilder email.TemplateDataBuilder, receiverIDs ...*ttnpb.UserIdentifiers, ) error
SendTemplateEmailToUserIDs looks up the users and sends them an email.
func (*IdentityServer) SendTemplateEmailToUsers ¶ added in v3.19.2
func (is *IdentityServer) SendTemplateEmailToUsers( ctx context.Context, templateName string, dataBuilder email.TemplateDataBuilder, receivers ...*ttnpb.User, ) error
SendTemplateEmailToUsers sends an email to users.
func (*IdentityServer) SetRedisCache ¶
func (is *IdentityServer) SetRedisCache(redis *redis.Client)
SetRedisCache configures the given redis instance for caching.
func (*IdentityServer) UniversalRights ¶
func (is *IdentityServer) UniversalRights(ctx context.Context) *ttnpb.Rights
UniversalRights returns the universal rights (that apply to any entity or outside entity scope) contained in the request context. This is used to determine admin rights.
func (*IdentityServer) UserRights ¶
func (is *IdentityServer) UserRights(ctx context.Context, userIDs *ttnpb.UserIdentifiers) (*ttnpb.Rights, error)
UserRights returns the rights the caller has on the given user.
Source Files ¶
- api_key_utils.go
- application_access.go
- application_registry.go
- client_access.go
- client_registry.go
- config.go
- contact_info_registry.go
- email.go
- email_validation_registry.go
- end_device_registry.go
- entity_access.go
- errors.go
- gateway_access.go
- gateway_registry.go
- http_interop.go
- identityserver.go
- invitation_registry.go
- notification_registry.go
- oauth_registry.go
- observability.go
- organization_access.go
- organization_registry.go
- picture.go
- registry_search.go
- rights.go
- store.go
- telemetry.go
- user_access.go
- user_bookmark_registry.go
- user_registry.go
- user_session_registry.go
- utils.go
Directories ¶
Path | Synopsis |
---|---|
Package blocklist implements a list of forbidden IDs.
|
Package blocklist implements a list of forbidden IDs. |
Package store implements the Identity Server store interfaces using the bun library.
|
Package store implements the Identity Server store interfaces using the bun library. |
Package mockis provides a mock structure to the Identity Server.
|
Package mockis provides a mock structure to the Identity Server. |
Package store defines the interfaces implemented by Identity Server store implementations.
|
Package store defines the interfaces implemented by Identity Server store implementations. |
migrations
Package migrations contains Identity Server store migrations.
|
Package migrations contains Identity Server store migrations. |