acl

package
v0.0.5 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 9, 2024 License: CC0-1.0, CC0-1.0, MIT Imports: 12 Imported by: 0

Documentation

Index

Constants

View Source
const (
	Kind        = kind.ACLEvent
	ReplacesTag = "replaces"
	ExpiryTag   = "expiry"
)

Variables

View Source
var RoleStrings = []string{
	"owner",
	"admin",
	"writer",
	"reader",
	"denied",
	"none",
}

RoleStrings are the human readable form of the role enums.

Functions

This section is empty.

Types

type Entry

type Entry struct {
	// EventID is the event ID that creates the Entry.
	EventID *eventid.T
	// Role is the role now in force for the pubkey for this Entry.
	Role Role
	// Pubkey is the public key that associates with the Role.
	Pubkey *pubkey.T
	// AuthKey is the public key of the user with Admin or Owner
	// that requested the change.
	AuthKey *pubkey.T
	// Replaces specifies the event ID (if any) that this entry replaces.
	Replaces *eventid.T
	// Created is the created_at field of the event ID of this pubkey being
	// first added to the ACL
	Created timestamp.T
	// LastModified is the created at of the most recent event that altered
	// this Entry.
	LastModified timestamp.T
	// Expires is the unix timestamp after which this entry is no longer in
	// force and in effect reverts to None.
	Expires timestamp.T
}

Entry is

func (*Entry) ToEvent

func (a *Entry) ToEvent() (ev *event.T)

ToEvent converts an Entry into a raw ACL event.T.

note that these are always generated by the ACL configuration interface in the relay, after first finding any existing entry to replace.

The ACL control will generate the entry after scanning the existing acl.T and then this event will be saved in the database after processing it through FromEvent.

type Role

type Role int
const (
	// Owner is the role of a user who has all privileges except for
	// altering others with the same role.
	Owner Role = iota
	// Admin is the role that can change all lower roles except for adding
	// and removing administrators.
	Admin
	// Writer is a user who has the right to add events to the relay.
	Writer
	// Reader is a user who may search and retrieve events from the relay.
	Reader
	// Denied is a blacklisted user who may not read from or write to the
	// relay.
	Denied
	// None is the tombstone event that puts the user in the same role as an
	// unauthenticated user (which may mean the same as Denied in effect).
	None
)

ACL roles

type T

type T struct {
	sync.Mutex
	// contains filtered or unexported fields
}

T is the state information of the relay's Access Control List (ACL).

func (*T) AddEntry

func (ae *T) AddEntry(entry *Entry) (err error)

AddEntry adds or modifies an entry in the acl.T.

func (*T) DeleteEntry

func (ae *T) DeleteEntry(pub *pubkey.T) (err error)

DeleteEntry removes a record from the acl.T.

It is not possible to modify or delete an entry with the Owner role.

This will generally be run in response to an event that reverts a user role to None, to contain the size of the database as the number of formerly privileged users grows in the database. Old records that exceed storage limits can be later garbage collected and the events removed eliminating the record from the initial process of populating the acl.T from Kind events.

func (*T) Find

func (ae *T) Find(pub *pubkey.T) (e *Entry)

Find an Entry in the acl.T that has the matching public key.

func (*T) FromEvent

func (ae *T) FromEvent(ev *event.T) (e *Entry, err error)

FromEvent processes an event.T and imports it into the acl.T.

The ACL control system will in fact generate an Entry first, run Entry.ToEvent to derive a properly formatted event, sign it, and then run FromEvent to validate it after which it will then sign it and store the event into the database so it is available for searches and for initializing the acl.T at startup to configure the ACL.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL