authdb

package
v1.66.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 10, 2023 License: AGPL-3.0 Imports: 15 Imported by: 4

Documentation

Index

Constants

View Source 
const EncKeySizeEncoded = 28

EncKeySizeEncoded is size in base32 bytes + magic byte.

View Source 
const KeyHashSizeEncoded = 64

KeyHashSizeEncoded is the length of a hex encoded KeyHash.

Variables

View Source 
var (

	// NotFound is returned when a record is not found.
	NotFound = errs.Class("not found")

	// ErrAccessGrant occurs when an invalid access grant is given.
	ErrAccessGrant = errs.Class("access grant")
)
View Source 
var Invalid = errs.Class("invalid")

Invalid is the class of error that is returned for invalid records.

View Source 
var KeyHashError = errs.Class("key hash")

KeyHashError is a class of key hash errors.

Functions

This section is empty.

Types

type Database 

type Database struct {
	// contains filtered or unexported fields
}

Database wraps Storage implementation and uses it to store encrypted accesses and secrets.

func NewDatabase 

func NewDatabase(storage Storage, allowedSatelliteURLs map[storj.NodeURL]struct{}) *Database

NewDatabase constructs a Database. allowedSatelliteAddresses should contain the full URL (with a node ID), including port, for each satellite we allow for incoming access grants.

func (*Database) Get 

func (db *Database) Get(ctx context.Context, accessKeyID EncryptionKey) (accessGrant string, public bool, secretKey SecretKey, err error)

Get retrieves an access grant and secret key, looked up by the hash of the access key, and then decrypted.

func (*Database) HealthCheck 

func (db *Database) HealthCheck(ctx context.Context) (err error)

HealthCheck ensures the underlying storage backend works and returns an error otherwise.

func (*Database) Put 

func (db *Database) Put(ctx context.Context, key EncryptionKey, accessGrant string, public bool) (secretKey SecretKey, err error)

Put encrypts the access grant with the key and stores it under the hash of the encryption key. It rejects access grants with expiration times that are before a minute from now.

func (*Database) SetAllowedSatellites 

func (db *Database) SetAllowedSatellites(allowedSatelliteURLs map[storj.NodeURL]struct{})

SetAllowedSatellites updates the allowed satellites list from configuration values.

type EncryptionKey 

type EncryptionKey [16]byte

EncryptionKey is an encryption key that an access/secret are encrypted with.

func NewEncryptionKey 

func NewEncryptionKey() (EncryptionKey, error)

NewEncryptionKey returns a new random EncryptionKey with initial version byte.

func (*EncryptionKey) FromBase32 

func (k *EncryptionKey) FromBase32(encoded string) error

FromBase32 loads the EncryptionKey from a lowercase RFC 4648 base32 string.

func (*EncryptionKey) FromBinary 

func (k *EncryptionKey) FromBinary(data []byte) error

FromBinary reads the key from binary which must include the version byte.

func (EncryptionKey) Hash 

func (k EncryptionKey) Hash() KeyHash

Hash returns the KeyHash for the EncryptionKey.

func (EncryptionKey) ToBase32 

func (k EncryptionKey) ToBase32() string

ToBase32 returns the EncryptionKey as a lowercase RFC 4648 base32 string.

func (EncryptionKey) ToBinary 

func (k EncryptionKey) ToBinary() []byte

ToBinary returns the EncryptionKey including the version byte.

func (EncryptionKey) ToStorjKey 

func (k EncryptionKey) ToStorjKey() storj.Key

ToStorjKey returns the storj.Key equivalent for the EncryptionKey.

type KeyHash 

type KeyHash [32]byte

KeyHash is the key under which Records are saved.

func (KeyHash) Bytes 

func (kh KeyHash) Bytes() []byte

Bytes returns the bytes for key hash.

func (*KeyHash) FromHex 

func (kh *KeyHash) FromHex(encoded string) error

FromHex sets the key hash from a hex encoded string.

func (*KeyHash) SetBytes 

func (kh *KeyHash) SetBytes(v []byte) error

SetBytes sets the key hash from bytes.

func (KeyHash) ToHex 

func (kh KeyHash) ToHex() string

ToHex converts a key hash to a hex encoded string.

type Record 

type Record struct {
	SatelliteAddress     string
	MacaroonHead         []byte // 32 bytes probably
	EncryptedSecretKey   []byte
	EncryptedAccessGrant []byte
	ExpiresAt            *time.Time
	Public               bool // if true, knowledge of secret key is not required
}

Record holds encrypted credentials alongside metadata.

type SecretKey 

type SecretKey [32]byte

SecretKey is the secret key used to sign requests.

func (SecretKey) ToBase32 

func (s SecretKey) ToBase32() string

ToBase32 returns the SecretKey as a lowercase RFC 4648 base32 string.

func (SecretKey) ToBinary 

func (s SecretKey) ToBinary() []byte

ToBinary returns the SecretKey including the version byte.

type Storage 

type Storage interface {
	// Put stores the record.
	// It is an error if the key already exists.
	Put(ctx context.Context, keyHash KeyHash, record *Record) (err error)

	// Get retrieves the record.
	// It returns (nil, nil) if the key does not exist.
	// If the record is invalid, the error contains why.
	Get(ctx context.Context, keyHash KeyHash) (record *Record, err error)

	// HealthCheck ensures the storage backend works and returns an error
	// otherwise.
	HealthCheck(ctx context.Context) error

	// Run runs the storage backend.
	Run(ctx context.Context) error

	// Close closes the storage backend.
	Close() error
}

Storage is meant to be the storage backend for Auth Service's database, with the ability to store and retrieve records saved under key hashes.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.