ntfy/auth/auth.go

63 lines
1.3 KiB
Go
Raw Normal View History

2022-01-23 08:02:16 +03:00
package auth
import "errors"
2022-01-23 08:54:18 +03:00
// Auther is a generic interface to implement password-based authentication and authorization
type Auther interface {
2022-01-23 08:02:16 +03:00
Authenticate(user, pass string) (*User, error)
Authorize(user *User, topic string, perm Permission) error
}
2022-01-23 08:54:18 +03:00
type Manager interface {
AddUser(username, password string, role Role) error
RemoveUser(username string) error
2022-01-24 07:02:39 +03:00
Users() ([]*User, error)
User(username string) (*User, error)
2022-01-23 08:54:18 +03:00
ChangePassword(username, password string) error
2022-01-23 23:30:30 +03:00
ChangeRole(username string, role Role) error
2022-01-24 08:54:28 +03:00
DefaultAccess() (read bool, write bool)
2022-01-23 23:30:30 +03:00
AllowAccess(username string, topic string, read bool, write bool) error
ResetAccess(username string, topic string) error
2022-01-23 08:54:18 +03:00
}
2022-01-23 08:02:16 +03:00
type User struct {
2022-01-24 07:02:39 +03:00
Name string
Pass string // hashed
Role Role
Grants []Grant
}
type Grant struct {
Topic string
Read bool
Write bool
2022-01-23 08:02:16 +03:00
}
type Permission int
const (
PermissionRead = Permission(1)
PermissionWrite = Permission(2)
)
type Role string
const (
2022-01-24 08:54:28 +03:00
RoleAdmin = Role("admin")
RoleUser = Role("user")
RoleAnonymous = Role("anonymous")
2022-01-23 08:02:16 +03:00
)
2022-01-24 08:54:28 +03:00
const (
Everyone = "*"
)
2022-01-23 23:30:30 +03:00
func AllowedRole(role Role) bool {
return role == RoleUser || role == RoleAdmin
}
2022-01-24 07:02:39 +03:00
var (
ErrUnauthorized = errors.New("unauthorized")
ErrNotFound = errors.New("not found")
)