root/golib
1
0
Fork 0
mirror of https://github.com/therootcompany/golib.git synced 2026-03-02 23:57:59 +00:00
Code Issues Projects Releases Wiki Activity

ref(auth/csvauth): create and adhere to Principle interface for verified credential

Browse Source
This commit is contained in:
AJ ONeal 2026-02-26 16:44:30 -07:00
parent 737f3b0057
commit d756f205b0
No known key found for this signature in database
2 changed files with 20 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
auth/csvauth/credential.go
View File

@ -14,6 +14,11 @@ type BasicAuthVerifier interface {
Verify(string, string) error Verify(string, string) error
} }
type Principle interface {
ID() string
Permissions() []string
}
const ( const (
// deprecated, misspelling of PurposeDefault // deprecated, misspelling of PurposeDefault
DefaultPurpose = "login" DefaultPurpose = "login"
@ -52,6 +57,17 @@ type Credential struct {
hashID string hashID string
} }
func (c *Credential) ID() string {
if c.Purpose == PurposeToken {
return c.Name + hashIDSep + c.hashID
}
return c.Name
}
func (c *Credential) Permissions() []string {
return c.Roles
}
func (c Credential) Secret() string { func (c Credential) Secret() string {
return string(c.plain) return string(c.plain)
} }
@ -215,3 +231,6 @@ func (c Credential) ToRecord() []string {
record := []string{purpose, name, paramList, salt, derived, strings.Join(c.Roles, " "), c.Extra} record := []string{purpose, name, paramList, salt, derived, strings.Join(c.Roles, " "), c.Extra}
return record return record
} }
var _ BasicAuthVerifier = (*Credential)(nil)
var _ Principle = (*Credential)(nil)

2
auth/csvauth/csvauth.go
View File

@ -368,7 +368,7 @@ func (a *Auth) gcmDecrypt(aes128key [16]byte, gcmNonce [12]byte, derived []byte)
// (because 'pass' is swapped with 'user' when 'pass' is empty) // (because 'pass' is swapped with 'user' when 'pass' is empty)
// - the resulting 'user' must match BasicAuthTokenNames ("", "api", and "apikey" are the defaults) // - the resulting 'user' must match BasicAuthTokenNames ("", "api", and "apikey" are the defaults)
// - then the token is (timing-safe) hashed to check if it exists, and then verified by its algorithm // - then the token is (timing-safe) hashed to check if it exists, and then verified by its algorithm
func (a *Auth) Authenticate(name, secret string) (*Credential, error) { func (a *Auth) Authenticate(name, secret string) (Principle, error) {
if name == "" && secret == "" { if name == "" && secret == "" {
return nil, ErrUnauthorized return nil, ErrUnauthorized
} }