macaroon

package
v0.11.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 8, 2019 License: AGPL-3.0 Imports: 15 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	// Error is a general API Key error
	Error = errs.Class("api key error")
	// ErrFormat means that the structural formatting of the API Key is invalid
	ErrFormat = errs.Class("api key format error")
	// ErrInvalid means that the API Key is improperly signed
	ErrInvalid = errs.Class("api key invalid error")
	// ErrUnauthorized means that the API key does not grant the requested permission
	ErrUnauthorized = errs.Class("api key unauthorized error")
	// ErrRevoked means the API key has been revoked
	ErrRevoked = errs.Class("api key revocation error")
)

Functions

func NewSecret 

func NewSecret() (secret []byte, err error)

NewSecret generates cryptographically random 32 bytes

Types

type APIKey 

type APIKey struct {
	// contains filtered or unexported fields
}

APIKey implements a Macaroon-backed Storj-v3 API key.

func NewAPIKey 

func NewAPIKey(secret []byte) (*APIKey, error)

NewAPIKey generates a brand new unrestricted API key given the provided server project secret

func ParseAPIKey 

func ParseAPIKey(key string) (*APIKey, error)

ParseAPIKey parses a given api key string and returns an APIKey if the APIKey was correctly formatted. It does not validate the key.

func (*APIKey) Check 

func (a *APIKey) Check(secret []byte, action Action, revoked [][]byte) error

Check makes sure that the key authorizes the provided action given the root project secret and any possible revocations, returning an error if the action is not authorized. 'revoked' is a list of revoked heads.

func (*APIKey) Head 

func (a *APIKey) Head() []byte

Head returns the identifier for this macaroon's root ancestor.

func (*APIKey) Restrict 

func (a *APIKey) Restrict(caveat Caveat) (*APIKey, error)

Restrict generates a new APIKey with the provided Caveat attached.

func (*APIKey) Serialize 

func (a *APIKey) Serialize() (string, error)

Serialize serializes the API Key to a string

func (*APIKey) Tail 

func (a *APIKey) Tail() []byte

Tail returns the identifier for this macaroon only.

type Action 

type Action struct {
	Op            ActionType
	Bucket        []byte
	EncryptedPath []byte
	Time          time.Time
}

Action specifies the specific operation being performed that the Macaroon will validate

type ActionType 

type ActionType int

ActionType specifies the operation type being performed that the Macaroon will validate 

const (

	// ActionRead specifies a read operation
	ActionRead ActionType
	// ActionWrite specifies a read operation
	ActionWrite
	// ActionList specifies a read operation
	ActionList
	// ActionDelete specifies a read operation
	ActionDelete
)

type Caveat 

type Caveat struct {
	// if any of these three are set, disallow that type of access
	DisallowReads   bool `protobuf:"varint,1,opt,name=disallow_reads,json=disallowReads,proto3" json:"disallow_reads,omitempty"`
	DisallowWrites  bool `protobuf:"varint,2,opt,name=disallow_writes,json=disallowWrites,proto3" json:"disallow_writes,omitempty"`
	DisallowLists   bool `protobuf:"varint,3,opt,name=disallow_lists,json=disallowLists,proto3" json:"disallow_lists,omitempty"`
	DisallowDeletes bool `protobuf:"varint,4,opt,name=disallow_deletes,json=disallowDeletes,proto3" json:"disallow_deletes,omitempty"`
	// if one of these two lists are not empty, restrict accesses
	// to the given values
	Buckets               [][]byte `protobuf:"bytes,10,rep,name=buckets,proto3" json:"buckets,omitempty"`
	EncryptedPathPrefixes [][]byte `` /* 127-byte string literal not displayed */
	// if set, the validity time window
	NotAfter             *time.Time `protobuf:"bytes,20,opt,name=not_after,json=notAfter,proto3,stdtime" json:"not_after,omitempty"`
	NotBefore            *time.Time `protobuf:"bytes,21,opt,name=not_before,json=notBefore,proto3,stdtime" json:"not_before,omitempty"`
	XXX_NoUnkeyedLiteral struct{}   `json:"-"`
	XXX_unrecognized     []byte     `json:"-"`
	XXX_sizecache        int32      `json:"-"`
}

func (*Caveat) Allows 

func (c *Caveat) Allows(action Action) bool

Allows returns true if the provided action is allowed by the caveat.

func (*Caveat) Descriptor 

func (*Caveat) Descriptor() ([]byte, []int)

func (*Caveat) GetBuckets 

func (m *Caveat) GetBuckets() [][]byte

func (*Caveat) GetDisallowDeletes 

func (m *Caveat) GetDisallowDeletes() bool

func (*Caveat) GetDisallowLists 

func (m *Caveat) GetDisallowLists() bool

func (*Caveat) GetDisallowReads 

func (m *Caveat) GetDisallowReads() bool

func (*Caveat) GetDisallowWrites 

func (m *Caveat) GetDisallowWrites() bool

func (*Caveat) GetEncryptedPathPrefixes 

func (m *Caveat) GetEncryptedPathPrefixes() [][]byte

func (*Caveat) GetNotAfter 

func (m *Caveat) GetNotAfter() *time.Time

func (*Caveat) GetNotBefore 

func (m *Caveat) GetNotBefore() *time.Time

func (*Caveat) ProtoMessage 

func (*Caveat) ProtoMessage()

func (*Caveat) Reset 

func (m *Caveat) Reset()

func (*Caveat) String 

func (m *Caveat) String() string

func (*Caveat) XXX_DiscardUnknown 

func (m *Caveat) XXX_DiscardUnknown()

func (*Caveat) XXX_Marshal 

func (m *Caveat) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*Caveat) XXX_Merge 

func (m *Caveat) XXX_Merge(src proto.Message)

func (*Caveat) XXX_Size 

func (m *Caveat) XXX_Size() int

func (*Caveat) XXX_Unmarshal 

func (m *Caveat) XXX_Unmarshal(b []byte) error

type Macaroon 

type Macaroon struct {
	// contains filtered or unexported fields
}

Macaroon is a struct that determine contextual caveats and authorization

func NewUnrestricted 

func NewUnrestricted(secret []byte) (*Macaroon, error)

NewUnrestricted creates Macaroon with random Head and generated Tail

func ParseMacaroon 

func ParseMacaroon(data []byte) (*Macaroon, error)

ParseMacaroon converts binary to macaroon

func (*Macaroon) AddFirstPartyCaveat 

func (m *Macaroon) AddFirstPartyCaveat(c []byte) (macaroon *Macaroon, err error)

AddFirstPartyCaveat creates signed macaroon with appended caveat

func (*Macaroon) CaveatLen 

func (m *Macaroon) CaveatLen() int

CaveatLen returns the number of caveats this macaroon has

func (*Macaroon) Caveats 

func (m *Macaroon) Caveats() (caveats [][]byte)

Caveats returns copy of macaroon caveats

func (*Macaroon) Copy 

func (m *Macaroon) Copy() *Macaroon

Copy return copy of macaroon

func (*Macaroon) Head 

func (m *Macaroon) Head() (head []byte)

Head returns copy of macaroon head

func (*Macaroon) Serialize 

func (m *Macaroon) Serialize() (data []byte)

Serialize converts macaroon to binary format

func (*Macaroon) Tail 

func (m *Macaroon) Tail() (tail []byte)

Tail returns copy of macaroon tail

func (*Macaroon) Tails 

func (m *Macaroon) Tails(secret []byte) [][]byte

Tails returns all ancestor tails up to and including the current tail

func (*Macaroon) Validate 

func (m *Macaroon) Validate(secret []byte) (ok bool)

Validate reconstructs with all caveats from the secret and compares tails, returning true if the tails match

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.