ntfy/auth/auth.go

package auth

import "errors"

// Auther is a generic interface to implement password-based authentication and authorization
type Auther interface {
	Authenticate(user, pass string) (*User, error)
	Authorize(user *User, topic string, perm Permission) error
}

type Manager interface {
	AddUser(username, password string, role Role) error
	RemoveUser(username string) error
	Users() ([]*User, error)
	User(username string) (*User, error)
	ChangePassword(username, password string) error
	ChangeRole(username string, role Role) error
	DefaultAccess() (read bool, write bool)
	AllowAccess(username string, topic string, read bool, write bool) error
	ResetAccess(username string, topic string) error
}

type User struct {
	Name   string
	Hash   string // password hash (bcrypt)
	Role   Role
	Grants []Grant
}

type Grant struct {
	Topic string
	Read  bool
	Write bool
}

type Permission int

const (
	PermissionRead  = Permission(1)
	PermissionWrite = Permission(2)
)

type Role string

const (
	RoleAdmin     = Role("admin")
	RoleUser      = Role("user")
	RoleAnonymous = Role("anonymous")
)

const (
	Everyone = "*"
)

func AllowedRole(role Role) bool {
	return role == RoleUser || role == RoleAdmin
}

var (
	ErrUnauthenticated = errors.New("unauthenticated")
	ErrUnauthorized    = errors.New("unauthorized")
	ErrInvalidArgument = errors.New("invalid argument")
	ErrNotFound        = errors.New("not found")
)
Move to package 2022-01-23 00:02:16 -05:00			`package auth`

			`import "errors"`

More auth CLi 2022-01-23 00:54:18 -05:00			`// Auther is a generic interface to implement password-based authentication and authorization`
			`type Auther interface {`
Move to package 2022-01-23 00:02:16 -05:00			`Authenticate(user, pass string) (*User, error)`
			`Authorize(user *User, topic string, perm Permission) error`
			`}`

More auth CLi 2022-01-23 00:54:18 -05:00			`type Manager interface {`
			`AddUser(username, password string, role Role) error`
			`RemoveUser(username string) error`
Auth CLI, continued 2022-01-23 23:02:39 -05:00			`Users() ([]*User, error)`
			`User(username string) (*User, error)`
More auth CLi 2022-01-23 00:54:18 -05:00			`ChangePassword(username, password string) error`
More CLI for access control 2022-01-23 15:30:30 -05:00			`ChangeRole(username string, role Role) error`
More auth 2022-01-24 00:54:28 -05:00			`DefaultAccess() (read bool, write bool)`
More CLI for access control 2022-01-23 15:30:30 -05:00			`AllowAccess(username string, topic string, read bool, write bool) error`
			`ResetAccess(username string, topic string) error`
More auth CLi 2022-01-23 00:54:18 -05:00			`}`

Move to package 2022-01-23 00:02:16 -05:00			`type User struct {`
Auth CLI, continued 2022-01-23 23:02:39 -05:00			`Name string`
Tests 2022-01-25 21:57:28 -05:00			`Hash string // password hash (bcrypt)`
Auth CLI, continued 2022-01-23 23:02:39 -05:00			`Role Role`
			`Grants []Grant`
			`}`

			`type Grant struct {`
			`Topic string`
			`Read bool`
			`Write bool`
Move to package 2022-01-23 00:02:16 -05:00			`}`

			`type Permission int`

			`const (`
			`PermissionRead = Permission(1)`
			`PermissionWrite = Permission(2)`
			`)`

			`type Role string`

			`const (`
More auth 2022-01-24 00:54:28 -05:00			`RoleAdmin = Role("admin")`
			`RoleUser = Role("user")`
			`RoleAnonymous = Role("anonymous")`
Move to package 2022-01-23 00:02:16 -05:00			`)`

More auth 2022-01-24 00:54:28 -05:00			`const (`
			`Everyone = "*"`
			`)`
More CLI for access control 2022-01-23 15:30:30 -05:00
			`func AllowedRole(role Role) bool {`
			`return role == RoleUser \|\| role == RoleAdmin`
			`}`

Auth CLI, continued 2022-01-23 23:02:39 -05:00			`var (`
Tests 2022-01-25 21:57:28 -05:00			`ErrUnauthenticated = errors.New("unauthenticated")`
			`ErrUnauthorized = errors.New("unauthorized")`
			`ErrInvalidArgument = errors.New("invalid argument")`
			`ErrNotFound = errors.New("not found")`
Auth CLI, continued 2022-01-23 23:02:39 -05:00			`)`