macaroon

package

v0.11.6 Latest Latest Go to latest Published: May 21, 2019 License: AGPL-3.0 Imports: 15 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/storj/storj

Links

Open Source Insights

Documentation ¶

Index ¶

Variables
func NewSecret() (secret []byte, err error)
type APIKey
- func NewAPIKey(secret []byte) (*APIKey, error)
- func ParseAPIKey(key string) (*APIKey, error)
type Action
type ActionType
type Caveat
type Macaroon
- func NewUnrestricted(secret []byte) (*Macaroon, error)
- func ParseMacaroon(data []byte) (*Macaroon, error)

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	// Error is a general API Key error
	Error = errs.Class("api key error")
	// ErrFormat means that the structural formatting of the API Key is invalid
	ErrFormat = errs.Class("api key format error")
	// ErrInvalid means that the API Key is improperly signed
	ErrInvalid = errs.Class("api key invalid error")
	// ErrUnauthorized means that the API key does not grant the requested permission
	ErrUnauthorized = errs.Class("api key unauthorized error")
	// ErrRevoked means the API key has been revoked
	ErrRevoked = errs.Class("api key revocation error")
)

Functions ¶

func NewSecret ¶

func NewSecret() (secret []byte, err error)

NewSecret generates cryptographically random 32 bytes

Types ¶

type APIKey ¶

type APIKey struct {
	// contains filtered or unexported fields
}

APIKey implements a Macaroon-backed Storj-v3 API key.

func NewAPIKey ¶

func NewAPIKey(secret []byte) (*APIKey, error)

NewAPIKey generates a brand new unrestricted API key given the provided server project secret

func ParseAPIKey ¶

func ParseAPIKey(key string) (*APIKey, error)

ParseAPIKey parses a given api key string and returns an APIKey if the APIKey was correctly formatted. It does not validate the key.

func (*APIKey) Check ¶

func (a *APIKey) Check(secret []byte, action Action, revoked [][]byte) error

Check makes sure that the key authorizes the provided action given the root project secret and any possible revocations, returning an error if the action is not authorized. 'revoked' is a list of revoked heads.

func (*APIKey) Head ¶

func (a *APIKey) Head() []byte

Head returns the identifier for this macaroon's root ancestor.

func (*APIKey) Restrict ¶

func (a *APIKey) Restrict(caveat Caveat) (*APIKey, error)

Restrict generates a new APIKey with the provided Caveat attached.

func (*APIKey) Serialize ¶

func (a *APIKey) Serialize() (string, error)

Serialize serializes the API Key to a string

func (*APIKey) Tail ¶

func (a *APIKey) Tail() []byte

Tail returns the identifier for this macaroon only.

type Action ¶

type Action struct {
	Op            ActionType
	Bucket        []byte
	EncryptedPath []byte
	Time          time.Time
}

Action specifies the specific operation being performed that the Macaroon will validate

type ActionType ¶

type ActionType int

ActionType specifies the operation type being performed that the Macaroon will validate

const (

	// ActionRead specifies a read operation
	ActionRead ActionType
	// ActionWrite specifies a read operation
	ActionWrite
	// ActionList specifies a read operation
	ActionList
	// ActionDelete specifies a read operation
	ActionDelete
)

type Caveat ¶

type Caveat struct {
	// if any of these three are set, disallow that type of access
	DisallowReads   bool `protobuf:"varint,1,opt,name=disallow_reads,json=disallowReads,proto3" json:"disallow_reads,omitempty"`
	DisallowWrites  bool `protobuf:"varint,2,opt,name=disallow_writes,json=disallowWrites,proto3" json:"disallow_writes,omitempty"`
	DisallowLists   bool `protobuf:"varint,3,opt,name=disallow_lists,json=disallowLists,proto3" json:"disallow_lists,omitempty"`
	DisallowDeletes bool `protobuf:"varint,4,opt,name=disallow_deletes,json=disallowDeletes,proto3" json:"disallow_deletes,omitempty"`
	// if one of these two lists are not empty, restrict accesses
	// to the given values
	Buckets               [][]byte `protobuf:"bytes,10,rep,name=buckets,proto3" json:"buckets,omitempty"`
	EncryptedPathPrefixes [][]byte `` /* 127-byte string literal not displayed */
	// if set, the validity time window
	NotAfter             *time.Time `protobuf:"bytes,20,opt,name=not_after,json=notAfter,proto3,stdtime" json:"not_after,omitempty"`
	NotBefore            *time.Time `protobuf:"bytes,21,opt,name=not_before,json=notBefore,proto3,stdtime" json:"not_before,omitempty"`
	XXX_NoUnkeyedLiteral struct{}   `json:"-"`
	XXX_unrecognized     []byte     `json:"-"`
	XXX_sizecache        int32      `json:"-"`
}

func (*Caveat) Allows ¶

func (c *Caveat) Allows(action Action) bool

Allows returns true if the provided action is allowed by the caveat.

func (*Caveat) Descriptor ¶

func (*Caveat) Descriptor() ([]byte, []int)

func (*Caveat) GetBuckets ¶

func (m *Caveat) GetBuckets() [][]byte

func (*Caveat) GetDisallowDeletes ¶

func (m *Caveat) GetDisallowDeletes() bool

func (*Caveat) GetDisallowLists ¶

func (m *Caveat) GetDisallowLists() bool

func (*Caveat) GetDisallowReads ¶

func (m *Caveat) GetDisallowReads() bool

func (*Caveat) GetDisallowWrites ¶

func (m *Caveat) GetDisallowWrites() bool

func (*Caveat) GetEncryptedPathPrefixes ¶

func (m *Caveat) GetEncryptedPathPrefixes() [][]byte

func (*Caveat) GetNotAfter ¶

func (m *Caveat) GetNotAfter() *time.Time

func (*Caveat) GetNotBefore ¶

func (m *Caveat) GetNotBefore() *time.Time

func (*Caveat) ProtoMessage ¶

func (*Caveat) ProtoMessage()

func (*Caveat) Reset ¶

func (m *Caveat) Reset()

func (*Caveat) String ¶

func (m *Caveat) String() string

func (*Caveat) XXX_DiscardUnknown ¶

func (m *Caveat) XXX_DiscardUnknown()

func (*Caveat) XXX_Marshal ¶

func (m *Caveat) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*Caveat) XXX_Merge ¶

func (m *Caveat) XXX_Merge(src proto.Message)

func (*Caveat) XXX_Size ¶

func (m *Caveat) XXX_Size() int

func (*Caveat) XXX_Unmarshal ¶

func (m *Caveat) XXX_Unmarshal(b []byte) error

type Macaroon ¶

type Macaroon struct {
	// contains filtered or unexported fields
}

Macaroon is a struct that determine contextual caveats and authorization

func NewUnrestricted ¶

func NewUnrestricted(secret []byte) (*Macaroon, error)

NewUnrestricted creates Macaroon with random Head and generated Tail

func ParseMacaroon ¶

func ParseMacaroon(data []byte) (*Macaroon, error)

ParseMacaroon converts binary to macaroon

func (*Macaroon) AddFirstPartyCaveat ¶

func (m *Macaroon) AddFirstPartyCaveat(c []byte) (macaroon *Macaroon, err error)

AddFirstPartyCaveat creates signed macaroon with appended caveat

func (*Macaroon) CaveatLen ¶

func (m *Macaroon) CaveatLen() int

CaveatLen returns the number of caveats this macaroon has

func (*Macaroon) Caveats ¶

func (m *Macaroon) Caveats() (caveats [][]byte)

Caveats returns copy of macaroon caveats

func (*Macaroon) Copy ¶

func (m *Macaroon) Copy() *Macaroon

Copy return copy of macaroon

func (*Macaroon) Head ¶

func (m *Macaroon) Head() (head []byte)

Head returns copy of macaroon head

func (*Macaroon) Serialize ¶

func (m *Macaroon) Serialize() (data []byte)

Serialize converts macaroon to binary format

func (*Macaroon) Tail ¶

func (m *Macaroon) Tail() (tail []byte)

Tail returns copy of macaroon tail

func (*Macaroon) Tails ¶

func (m *Macaroon) Tails(secret []byte) [][]byte

Tails returns all ancestor tails up to and including the current tail

func (*Macaroon) Validate ¶

func (m *Macaroon) Validate(secret []byte) (ok bool)

Validate reconstructs with all caveats from the secret and compares tails, returning true if the tails match

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL