Home Download Docs Code Community
import "perkeep/pkg/auth"
Overview
Index

Overview ▾

Package auth implements Camlistore authentication.

Index

Constants
Variables
func AddMode(am AuthMode)
func Allowed(req *http.Request, op Operation) bool
func AllowedWithAuth(am AuthMode, req *http.Request, op Operation) bool
func DiscoveryToken() string
func IsLocalhost(req *http.Request) bool
func RandToken(size int) string
func RegisterAuth(name string, ctor AuthConfigParser)
func RequireAuth(h http.Handler, op Operation) http.Handler
func SendUnauthorized(rw http.ResponseWriter, req *http.Request)
func SetMode(m AuthMode)
func Token() string
func TriedAuthorization(req *http.Request) bool
type AuthConfigParser
type AuthMode
    func FromConfig(authConfig string) (AuthMode, error)
    func FromEnv() (AuthMode, error)
    func NewBasicAuth(username, password string) AuthMode
    func NewTokenAuth(token string) (AuthMode, error)
    func TokenOrNone(token string) (AuthMode, error)
type DevAuth
    func (da *DevAuth) AddAuthHeader(req *http.Request)
    func (da *DevAuth) AllowedAccess(req *http.Request) Operation
type Handler
    func (h Handler) ServeHTTP(w http.ResponseWriter, r *http.Request)
type Localhost
    func (Localhost) AllowedAccess(req *http.Request) (out Operation)
type None
    func (None) AddAuthHeader(req *http.Request)
    func (None) AllowedAccess(req *http.Request) Operation
type Operation
type UnauthorizedSender
type UserPass
    func (up *UserPass) AddAuthHeader(req *http.Request)
    func (up *UserPass) AllowedAccess(req *http.Request) Operation

Package files

auth.go tailscaleauth.go

Constants

const (
    OpUpload Operation = 1 << iota
    OpStat
    OpGet
    OpEnumerate
    OpRemove
    OpSign
    // OpDiscovery note: since we disclose an OpAll token in the discovery
    // response, please bear in mind that granting OpDiscovery is in effect the
    // same as granting OpAll for now.
    OpDiscovery
    OpRead   = OpEnumerate | OpStat | OpGet | OpDiscovery
    OpRW     = OpUpload | OpEnumerate | OpStat | OpGet // Not Remove
    OpVivify = OpUpload | OpStat | OpGet | OpDiscovery
    OpAll    = OpUpload | OpEnumerate | OpStat | OpRemove | OpGet | OpSign | OpDiscovery
)
const OmitAuthToken = "OmitAuthToken"

Variables

var ErrNoAuth = errors.New("auth: no configured authentication")

ErrNoAuth is returned when there is no configured authentication.

func AddMode

func AddMode(am AuthMode)

AddMode adds the given authentication mode to the list of modes that future requests can authenticate against.

func Allowed

func Allowed(req *http.Request, op Operation) bool

Allowed returns whether the given request has access to perform all the operations in op.

func AllowedWithAuth

func AllowedWithAuth(am AuthMode, req *http.Request, op Operation) bool

AllowedWithAuth returns whether the given request has access to perform all the operations in op against am.

func DiscoveryToken

func DiscoveryToken() string

DiscoveryToken returns OmitAuthToken if the first registered auth mode is of type None, and Token() otherwise.

func IsLocalhost

func IsLocalhost(req *http.Request) bool

func RandToken

func RandToken(size int) string

RandToken genererates (with crypto/rand.Read) and returns a token that is the hex version (2x size) of size bytes of randomness.

func RegisterAuth

func RegisterAuth(name string, ctor AuthConfigParser)

RegisterAuth registers a new authentication scheme.

func RequireAuth

func RequireAuth(h http.Handler, op Operation) http.Handler

RequireAuth wraps a function with another function that enforces HTTP Basic Auth and checks if the operations in op are all permitted.

func SendUnauthorized

func SendUnauthorized(rw http.ResponseWriter, req *http.Request)

func SetMode

func SetMode(m AuthMode)

SetMode sets the given authentication mode as the only allowed one for future requests. That is, it replaces all modes that were previously added.

func Token

func Token() string

Token returns a 20 byte token generated (only once, then cached) with RandToken. This token is used for authentication by the Camlistore web UI and its websockets, therefore it should be handled with care.

func TriedAuthorization

func TriedAuthorization(req *http.Request) bool

type AuthConfigParser

type AuthConfigParser func(arg string) (AuthMode, error)

An AuthConfigParser parses a registered authentication type's option and returns an AuthMode.

type AuthMode

type AuthMode interface {
    // AllowedAccess returns a bitmask of all operations
    // this user/request is allowed to do.
    AllowedAccess(req *http.Request) Operation
    // AddAuthHeader inserts in req the credentials needed
    // for a client to authenticate.
    AddAuthHeader(req *http.Request)
}

An AuthMode is the interface implemented by diffent authentication schemes.

func FromConfig

func FromConfig(authConfig string) (AuthMode, error)

FromConfig parses authConfig and accordingly sets up the AuthMode that will be used for all upcoming authentication exchanges. The supported modes are UserPass and DevAuth. UserPass requires an authConfig of the kind "userpass:joe:ponies".

If the input string is empty, the error will be ErrNoAuth.

func FromEnv

func FromEnv() (AuthMode, error)

func NewBasicAuth

func NewBasicAuth(username, password string) AuthMode

NewBasicAuth returns a UserPass Authmode, adequate to support HTTP basic authentication.

func NewTokenAuth

func NewTokenAuth(token string) (AuthMode, error)

NewTokenAuth returns an Authmode similar to HTTP Basic Auth, which is only relying on token instead of a username and password.

func TokenOrNone

func TokenOrNone(token string) (AuthMode, error)

TokenOrNone returns a token auth mode if token is not OmitAuthToken, and otherwise a None auth mode.

type DevAuth

type DevAuth struct {
    Password string
    // Password for the vivify mode, automatically set to "vivi" + Password
    VivifyPass *string
}

DevAuth is used for development. It has one password and one vivify password, but also accepts all passwords from localhost. Usernames are ignored.

func (*DevAuth) AddAuthHeader

func (da *DevAuth) AddAuthHeader(req *http.Request)

func (*DevAuth) AllowedAccess

func (da *DevAuth) AllowedAccess(req *http.Request) Operation

type Handler

type Handler struct {
    http.Handler
}

func (Handler) ServeHTTP

func (h Handler) ServeHTTP(w http.ResponseWriter, r *http.Request)

ServeHTTP serves only if this request and auth mode are allowed all Operations.

type Localhost

type Localhost struct {
    None
}

func (Localhost) AllowedAccess

func (Localhost) AllowedAccess(req *http.Request) (out Operation)

type None

type None struct{}

func (None) AddAuthHeader

func (None) AddAuthHeader(req *http.Request)

func (None) AllowedAccess

func (None) AllowedAccess(req *http.Request) Operation

type Operation

type Operation int

Operation represents a bitmask of operations. See the OpX constants.

type UnauthorizedSender

type UnauthorizedSender interface {
    // SendUnauthorized sends an unauthorized response,
    // and returns whether it handled it.
    SendUnauthorized(http.ResponseWriter, *http.Request) (handled bool)
}

UnauthorizedSender may be implemented by AuthModes which want to handle sending unauthorized.

type UserPass

type UserPass struct {
    Username, Password string
    OrLocalhost        bool // if true, allow localhost ident auth too

    // VivifyPass, if not nil, is the alternative password used (only) for the vivify operation.
    // It is checked when uploading, but Password takes precedence.
    VivifyPass *string
}

UserPass is used when the auth string provided in the config is of the kind "userpass:username:pass" Possible options appended to the config string are "+localhost" and "vivify=pass", where pass will be the alternative password which only allows the vivify operation.

func (*UserPass) AddAuthHeader

func (up *UserPass) AddAuthHeader(req *http.Request)

func (*UserPass) AllowedAccess

func (up *UserPass) AllowedAccess(req *http.Request) Operation
Website layout inspired by memcached.
Content by the authors.