| 12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364 |
- package auth
- import "errors"
- // Auther is a generic interface to implement password-based authentication and authorization
- type Auther interface {
- Authenticate(user, pass string) (*User, error)
- Authorize(user *User, topic string, perm Permission) error
- }
- type Manager interface {
- AddUser(username, password string, role Role) error
- RemoveUser(username string) error
- Users() ([]*User, error)
- User(username string) (*User, error)
- ChangePassword(username, password string) error
- ChangeRole(username string, role Role) error
- DefaultAccess() (read bool, write bool)
- AllowAccess(username string, topic string, read bool, write bool) error
- ResetAccess(username string, topic string) error
- }
- type User struct {
- Name string
- Hash string // password hash (bcrypt)
- Role Role
- Grants []Grant
- }
- type Grant struct {
- Topic string
- Read bool
- Write bool
- }
- type Permission int
- const (
- PermissionRead = Permission(1)
- PermissionWrite = Permission(2)
- )
- type Role string
- const (
- RoleAdmin = Role("admin")
- RoleUser = Role("user")
- RoleAnonymous = Role("anonymous")
- )
- const (
- Everyone = "*"
- )
- func AllowedRole(role Role) bool {
- return role == RoleUser || role == RoleAdmin
- }
- var (
- ErrUnauthenticated = errors.New("unauthenticated")
- ErrUnauthorized = errors.New("unauthorized")
- ErrInvalidArgument = errors.New("invalid argument")
- ErrNotFound = errors.New("not found")
- )
|
