Documentation
¶
Index ¶
- Variables
- func NewSecret() (secret []byte, err error)
- type APIKey
- type Action
- type ActionType
- type Caveat
- func (c *Caveat) Allows(action Action) bool
- func (*Caveat) Descriptor() ([]byte, []int)
- func (m *Caveat) GetAllowedPaths() []*Caveat_Path
- func (m *Caveat) GetDisallowDeletes() bool
- func (m *Caveat) GetDisallowLists() bool
- func (m *Caveat) GetDisallowReads() bool
- func (m *Caveat) GetDisallowWrites() bool
- func (m *Caveat) GetNonce() []byte
- func (m *Caveat) GetNotAfter() *time.Time
- func (m *Caveat) GetNotBefore() *time.Time
- func (*Caveat) ProtoMessage()
- func (m *Caveat) Reset()
- func (m *Caveat) String() string
- func (m *Caveat) XXX_DiscardUnknown()
- func (m *Caveat) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
- func (m *Caveat) XXX_Merge(src proto.Message)
- func (m *Caveat) XXX_Size() int
- func (m *Caveat) XXX_Unmarshal(b []byte) error
- type Caveat_Path
- func (*Caveat_Path) Descriptor() ([]byte, []int)
- func (m *Caveat_Path) GetBucket() []byte
- func (m *Caveat_Path) GetEncryptedPathPrefix() []byte
- func (*Caveat_Path) ProtoMessage()
- func (m *Caveat_Path) Reset()
- func (m *Caveat_Path) String() string
- func (m *Caveat_Path) XXX_DiscardUnknown()
- func (m *Caveat_Path) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
- func (m *Caveat_Path) XXX_Merge(src proto.Message)
- func (m *Caveat_Path) XXX_Size() int
- func (m *Caveat_Path) XXX_Unmarshal(b []byte) error
- type Macaroon
- func (m *Macaroon) AddFirstPartyCaveat(c []byte) (macaroon *Macaroon, err error)
- func (m *Macaroon) CaveatLen() int
- func (m *Macaroon) Caveats() (caveats [][]byte)
- func (m *Macaroon) Copy() *Macaroon
- func (m *Macaroon) Head() (head []byte)
- func (m *Macaroon) Serialize() (data []byte)
- func (m *Macaroon) Tail() (tail []byte)
- func (m *Macaroon) Tails(secret []byte) [][]byte
- func (m *Macaroon) Validate(secret []byte) (ok bool)
Constants ¶
This section is empty.
Variables ¶
View Source
var ( // Error is a general API Key error Error = errs.Class("api key error") // ErrFormat means that the structural formatting of the API Key is invalid ErrFormat = errs.Class("api key format error") // ErrInvalid means that the API Key is improperly signed ErrInvalid = errs.Class("api key invalid error") ErrUnauthorized = errs.Class("api key unauthorized error") // ErrRevoked means the API key has been revoked ErrRevoked = errs.Class("api key revocation error") )
Functions ¶
Types ¶
type APIKey ¶
type APIKey struct {
// contains filtered or unexported fields
}
APIKey implements a Macaroon-backed Storj-v3 API key.
func NewAPIKey ¶
NewAPIKey generates a brand new unrestricted API key given the provided server project secret
func ParseAPIKey ¶
ParseAPIKey parses a given api key string and returns an APIKey if the APIKey was correctly formatted. It does not validate the key.
func (*APIKey) Check ¶
func (a *APIKey) Check(ctx context.Context, secret []byte, action Action, revoked [][]byte) (err error)
Check makes sure that the key authorizes the provided action given the root project secret and any possible revocations, returning an error if the action is not authorized. 'revoked' is a list of revoked heads.
type Action ¶
type Action struct {
Op ActionType
Bucket []byte
EncryptedPath []byte
Time time.Time
}
Action specifies the specific operation being performed that the Macaroon will validate
type ActionType ¶
type ActionType int
ActionType specifies the operation type being performed that the Macaroon will validate
const ( // ActionRead specifies a read operation ActionRead ActionType = 1 // ActionWrite specifies a read operation ActionWrite ActionType = 2 // ActionList specifies a read operation ActionList ActionType = 3 // ActionDelete specifies a read operation ActionDelete ActionType = 4 // ActionProjectInfo requests project-level information ActionProjectInfo ActionType = 5 )
type Caveat ¶
type Caveat struct {
// if any of these three are set, disallow that type of access
DisallowReads bool `protobuf:"varint,1,opt,name=disallow_reads,json=disallowReads,proto3" json:"disallow_reads,omitempty"`
DisallowWrites bool `protobuf:"varint,2,opt,name=disallow_writes,json=disallowWrites,proto3" json:"disallow_writes,omitempty"`
DisallowLists bool `protobuf:"varint,3,opt,name=disallow_lists,json=disallowLists,proto3" json:"disallow_lists,omitempty"`
DisallowDeletes bool `protobuf:"varint,4,opt,name=disallow_deletes,json=disallowDeletes,proto3" json:"disallow_deletes,omitempty"`
AllowedPaths []*Caveat_Path `protobuf:"bytes,10,rep,name=allowed_paths,json=allowedPaths,proto3" json:"allowed_paths,omitempty"`
// if set, the validity time window
NotAfter *time.Time `protobuf:"bytes,20,opt,name=not_after,json=notAfter,proto3,stdtime" json:"not_after,omitempty"`
NotBefore *time.Time `protobuf:"bytes,21,opt,name=not_before,json=notBefore,proto3,stdtime" json:"not_before,omitempty"`
// nonce is set to some random bytes so that you can make arbitrarily
// many restricted macaroons with the same (or no) restrictions.
Nonce []byte `protobuf:"bytes,30,opt,name=nonce,proto3" json:"nonce,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (*Caveat) Descriptor ¶
func (*Caveat) GetAllowedPaths ¶ added in v0.12.0
func (m *Caveat) GetAllowedPaths() []*Caveat_Path
func (*Caveat) GetDisallowDeletes ¶
func (*Caveat) GetDisallowLists ¶
func (*Caveat) GetDisallowReads ¶
func (*Caveat) GetDisallowWrites ¶
func (*Caveat) GetNotAfter ¶
func (*Caveat) GetNotBefore ¶
func (*Caveat) ProtoMessage ¶
func (*Caveat) ProtoMessage()
func (*Caveat) XXX_DiscardUnknown ¶
func (m *Caveat) XXX_DiscardUnknown()
func (*Caveat) XXX_Marshal ¶
func (*Caveat) XXX_Unmarshal ¶
type Caveat_Path ¶ added in v0.12.0
type Caveat_Path struct {
Bucket []byte `protobuf:"bytes,1,opt,name=bucket,proto3" json:"bucket,omitempty"`
EncryptedPathPrefix []byte `protobuf:"bytes,2,opt,name=encrypted_path_prefix,json=encryptedPathPrefix,proto3" json:"encrypted_path_prefix,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
If any entries exist, require all access to happen in at least one of them.
func (*Caveat_Path) Descriptor ¶ added in v0.12.0
func (*Caveat_Path) Descriptor() ([]byte, []int)
func (*Caveat_Path) GetBucket ¶ added in v0.12.0
func (m *Caveat_Path) GetBucket() []byte
func (*Caveat_Path) GetEncryptedPathPrefix ¶ added in v0.12.0
func (m *Caveat_Path) GetEncryptedPathPrefix() []byte
func (*Caveat_Path) ProtoMessage ¶ added in v0.12.0
func (*Caveat_Path) ProtoMessage()
func (*Caveat_Path) Reset ¶ added in v0.12.0
func (m *Caveat_Path) Reset()
func (*Caveat_Path) String ¶ added in v0.12.0
func (m *Caveat_Path) String() string
func (*Caveat_Path) XXX_DiscardUnknown ¶ added in v0.12.0
func (m *Caveat_Path) XXX_DiscardUnknown()
func (*Caveat_Path) XXX_Marshal ¶ added in v0.12.0
func (m *Caveat_Path) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
func (*Caveat_Path) XXX_Merge ¶ added in v0.12.0
func (m *Caveat_Path) XXX_Merge(src proto.Message)
func (*Caveat_Path) XXX_Size ¶ added in v0.12.0
func (m *Caveat_Path) XXX_Size() int
func (*Caveat_Path) XXX_Unmarshal ¶ added in v0.12.0
func (m *Caveat_Path) XXX_Unmarshal(b []byte) error
type Macaroon ¶
type Macaroon struct {
// contains filtered or unexported fields
}
Macaroon is a struct that determine contextual caveats and authorization
func NewUnrestricted ¶
NewUnrestricted creates Macaroon with random Head and generated Tail
func ParseMacaroon ¶
ParseMacaroon converts binary to macaroon
func (*Macaroon) AddFirstPartyCaveat ¶
AddFirstPartyCaveat creates signed macaroon with appended caveat
Source Files
Click to show internal directories.
Click to hide internal directories.