identityserver

package
v3.16.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 17, 2021 License: Apache-2.0 Imports: 51 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func GenerateAPIKey added in v3.10.6

func GenerateAPIKey(ctx context.Context, name string, expiresAt *time.Time, rights ...ttnpb.Right) (key *ttnpb.APIKey, token string, err error)

GenerateAPIKey generates a new API key with the given name for the set of rights

func GenerateCSPString added in v3.15.2

func GenerateCSPString(config *oauth.Config, nonce string) string

GenerateCSPString returns a Content-Security-Policy header value for OAuth and Account app template.

Types

type Config

type Config struct {
	DatabaseURI      string `name:"database-uri" description:"Database connection URI"`
	UserRegistration struct {
		Enabled    bool `name:"enabled" description:"Enable user registration"`
		Invitation struct {
			Required bool          `name:"required" description:"Require invitations for new users"`
			TokenTTL time.Duration `name:"token-ttl" description:"TTL of user invitation tokens"`
		} `name:"invitation"`
		ContactInfoValidation struct {
			Required bool          `name:"required" description:"Require contact info validation for new users"`
			TokenTTL time.Duration `name:"token-ttl" description:"TTL of contact info validation tokens"`
		} `name:"contact-info-validation"`
		AdminApproval struct {
			Required bool `name:"required" description:"Require admin approval for new users"`
		} `name:"admin-approval"`
		PasswordRequirements struct {
			MinLength    int  `name:"min-length" description:"Minimum password length"`
			MaxLength    int  `name:"max-length" description:"Maximum password length"`
			MinUppercase int  `name:"min-uppercase" description:"Minimum number of uppercase letters"`
			MinDigits    int  `name:"min-digits" description:"Minimum number of digits"`
			MinSpecial   int  `name:"min-special" description:"Minimum number of special characters"`
			RejectUserID bool `name:"reject-user-id" description:"Reject passwords that contain user ID"`
			RejectCommon bool `name:"reject-common" description:"Reject common passwords"`
		} `name:"password-requirements"`
	} `name:"user-registration"`
	AuthCache struct {
		MembershipTTL time.Duration `name:"membership-ttl" description:"TTL of membership caches"`
	} `name:"auth-cache"`
	OAuth          oauth.Config `name:"oauth"`
	ProfilePicture struct {
		DisableUpload bool   `name:"disable-upload" description:"Disable uploading profile pictures"`
		UseGravatar   bool   `name:"use-gravatar" description:"Use Gravatar fallback for users without profile picture"`
		Bucket        string `name:"bucket" description:"Bucket used for storing profile pictures"`
		BucketURL     string `name:"bucket-url" description:"Base URL for public bucket access"`
	} `name:"profile-picture"`
	EndDevicePicture struct {
		DisableUpload bool   `name:"disable-upload" description:"Disable uploading end device pictures"`
		Bucket        string `name:"bucket" description:"Bucket used for storing end device pictures"`
		BucketURL     string `name:"bucket-url" description:"Base URL for public bucket access"`
	} `name:"end-device-picture"`
	UserRights struct {
		CreateApplications  bool `name:"create-applications" description:"Allow non-admin users to create applications in their user account"`
		CreateClients       bool `name:"create-clients" description:"Allow non-admin users to create OAuth clients in their user account"`
		CreateGateways      bool `name:"create-gateways" description:"Allow non-admin users to create gateways in their user account"`
		CreateOrganizations bool `name:"create-organizations" description:"Allow non-admin users to create organizations in their user account"`
	} `name:"user-rights"`
	AdminRights struct {
		All bool `name:"all" description:"Grant all rights to admins, including _KEYS and _ALL"`
	} `name:"admin-rights"`
	LoginTokens struct {
		Enabled  bool          `name:"enabled" description:"enable users requesting login tokens"`
		TokenTTL time.Duration `name:"token-ttl" description:"TTL of login tokens"`
	} `name:"login-tokens"`
	Email struct {
		email.Config `name:",squash"`
		SendGrid     sendgrid.Config      `name:"sendgrid"`
		SMTP         smtp.Config          `name:"smtp"`
		Templates    emailTemplatesConfig `name:"templates"`
	} `name:"email"`
	Gateways struct {
		EncryptionKeyID string `name:"encryption-key-id" description:"ID of the key used to encrypt gateway secrets at rest"`
	} `name:"gateways"`
	Delete struct {
		Restore time.Duration `name:"restore" description:"How long after soft-deletion an entity can be restored"`
	} `name:"delete"`
	DevEUIBlock struct {
		Enabled          bool                 `name:"enabled" description:"Enable DevEUI address issuing from IEEE MAC block"`
		ApplicationLimit int                  `name:"application-limit" description:"Maximum DevEUI addresses to be issued per application"`
		Prefix           ttntypes.EUI64Prefix `name:"prefix" description:"DevEUI block prefix"`
		InitCounter      int64                `name:"init-counter" description:"Initial counter value for the addresses to be issued (default 0)"`
	} `name:"dev-eui-block" description:"IEEE MAC block used to issue DevEUIs to devices that are not yet programmed"`
	Network struct {
		NetID    ttntypes.NetID `name:"net-id" description:"NetID of this network"`
		TenantID string         `name:"tenant-id" description:"Tenant ID in the host NetID"`
	} `name:"network"`
}

Config for the Identity Server

type IdentityServer

type IdentityServer struct {
	*component.Component
	// contains filtered or unexported fields
}

IdentityServer implements the Identity Server component.

The Identity Server exposes the Registry and Access services for Applications, OAuth clients, Gateways, Organizations and Users.

func New

func New(c *component.Component, config *Config) (is *IdentityServer, err error)

New returns new *IdentityServer.

func (*IdentityServer) ApplicationRights

func (is *IdentityServer) ApplicationRights(ctx context.Context, appIDs ttnpb.ApplicationIdentifiers) (*ttnpb.Rights, error)

ApplicationRights returns the rights the caller has on the given application.

func (*IdentityServer) AuthInfo added in v3.12.0

func (is *IdentityServer) AuthInfo(ctx context.Context) (*ttnpb.AuthInfoResponse, error)

AuthInfo implements rights.AuthInfoFetcher.

func (*IdentityServer) ClientRights

func (is *IdentityServer) ClientRights(ctx context.Context, cliIDs ttnpb.ClientIdentifiers) (*ttnpb.Rights, error)

ClientRights returns the rights the caller has on the given client.

func (*IdentityServer) Context

func (is *IdentityServer) Context() context.Context

Context returns the context of the Identity Server.

func (*IdentityServer) GatewayRights

func (is *IdentityServer) GatewayRights(ctx context.Context, gtwIDs ttnpb.GatewayIdentifiers) (*ttnpb.Rights, error)

GatewayRights returns the rights the caller has on the given gateway. The query for the gateway only considers the Gateway ID and not the EUI (if provided).

func (*IdentityServer) GetConfiguration added in v3.9.0

GetConfiguration implements the RPC that returns the configuration of the Identity Server.

func (*IdentityServer) IsAdmin

func (is *IdentityServer) IsAdmin(ctx context.Context) bool

IsAdmin returns whether the caller is an admin.

func (*IdentityServer) OrganizationRights

func (is *IdentityServer) OrganizationRights(ctx context.Context, orgIDs ttnpb.OrganizationIdentifiers) (*ttnpb.Rights, error)

OrganizationRights returns the rights the caller has on the given organization.

func (*IdentityServer) RegisterHandlers

func (is *IdentityServer) RegisterHandlers(s *runtime.ServeMux, conn *grpc.ClientConn)

RegisterHandlers registers gRPC handlers.

func (*IdentityServer) RegisterInterop added in v3.15.2

func (is *IdentityServer) RegisterInterop(srv *interop.Server)

RegisterInterop registers the LoRaWAN Backend Interfaces interoperability services.

func (*IdentityServer) RegisterServices

func (is *IdentityServer) RegisterServices(s *grpc.Server)

RegisterServices registers services provided by is at s.

func (*IdentityServer) RequireAdmin

func (is *IdentityServer) RequireAdmin(ctx context.Context) error

RequireAdmin returns an error when the caller is not an admin.

func (*IdentityServer) RequireAuthenticated

func (is *IdentityServer) RequireAuthenticated(ctx context.Context) error

RequireAuthenticated checks the request context for authentication presence and returns an error if there is none.

func (*IdentityServer) Roles

func (is *IdentityServer) Roles() []ttnpb.ClusterRole

Roles returns the roles that the Identity Server fulfills.

func (*IdentityServer) SendAdminsEmail added in v3.9.0

func (is *IdentityServer) SendAdminsEmail(ctx context.Context, makeMessage func(emails.Data) email.MessageData) error

SendAdminsEmail sends an email to the admins of the network.

func (*IdentityServer) SendContactsEmail

func (is *IdentityServer) SendContactsEmail(ctx context.Context, ids ttnpb.IDStringer, makeMessage func(emails.Data) email.MessageData) error

SendContactsEmail sends an email to the contacts of the given entity.

func (*IdentityServer) SendEmail

func (is *IdentityServer) SendEmail(ctx context.Context, f func(emails.Data) email.MessageData) (err error)

SendEmail sends an email.

func (*IdentityServer) SendUserEmail

func (is *IdentityServer) SendUserEmail(ctx context.Context, userIDs *ttnpb.UserIdentifiers, makeMessage func(emails.Data) email.MessageData) error

SendUserEmail sends an email to the given user.

func (*IdentityServer) SetRedisCache

func (is *IdentityServer) SetRedisCache(redis *redis.Client)

SetRedisCache configures the given redis instance for caching.

func (*IdentityServer) UniversalRights

func (is *IdentityServer) UniversalRights(ctx context.Context) *ttnpb.Rights

UniversalRights returns the universal rights (that apply to any entity or outside entity scope) contained in the request context. This is used to determine admin rights.

func (*IdentityServer) UserRights

func (is *IdentityServer) UserRights(ctx context.Context, userIDs ttnpb.UserIdentifiers) (*ttnpb.Rights, error)

UserRights returns the rights the caller has on the given user.

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL