README
¶
Libraries for user and role management.
userdb
A simple user database, saved on disk as a text file.
Tab-separated file format:
- username
- argon2 hashed password
In some cases, the file may also contain database internal instructions, e.g., DELETE followed by a username.
Sample file:
angela $argon2id$v=19$m=65536,t=3,p=2$9e8pod5QJIVEXND92rjxnQ$IX0Oq3bNhfq4K9lZDUlIfLwH0ZAE0pDv/q55xi8Yasc
james $argon2id$v=19$m=65536,t=3,p=2$U4sN8dpRsI2TTEqImgWLig$VEhw7GHD0O8cW0Pl+CB26OHfIpbloBtfj/BsbFesU8c
roles
A simple database of roles/permissions, saved on disk as a text file.
Tab-separated file format:
- role name
- comma-separated list of users
In some cases, the file may also contain database internal instructions, e.g., DELETE followed by a role name.
Sample file:
member angela james
admin james
Documentation
¶
Overview ¶
Package userdb contains libraries for user and role databases (for user permissions)
Index ¶
- Constants
- Variables
- func Validate(userDB *UserDB, roleDB *RoleDB) error
- type RoleDB
- func (rdb *RoleDB) Authorized(role, userName string) bool
- func (rdb *RoleDB) CheckConstraints(role string, users []string) (bool, string)
- func (rdb *RoleDB) CreateRole(role string) error
- func (rdb *RoleDB) DeleteRole(role string) error
- func (rdb *RoleDB) DeleteUserRole(role, userName string) error
- func (rdb *RoleDB) GetRoles() []string
- func (rdb *RoleDB) InsertRole(role string, userNames []string) error
- func (rdb *RoleDB) ListRolesAndUsers() map[string][]string
- func (rdb *RoleDB) ListUsers(role string) ([]string, bool)
- func (rdb *RoleDB) RoleExists(role string) bool
- func (rdb *RoleDB) SaveFile() error
- type UserDB
- func (udb *UserDB) Authorized(userName, password string) (bool, error)
- func (udb *UserDB) CheckConstraints(userName, password string) (bool, string)
- func (udb *UserDB) DeleteUser(userName string) error
- func (udb *UserDB) GetPasswordHash(userName string) (string, error)
- func (udb *UserDB) GetUsers() []string
- func (udb *UserDB) InsertUser(userName, password string) error
- func (udb *UserDB) SaveFile() error
- func (udb *UserDB) UpdatePassword(userName string, password string) error
- func (udb *UserDB) UserExists(userName string) (bool, string)
Constants ¶
const FieldSeparator = "\t"
FieldSeparator separates fields in a file (for file reading/writing)
const ItemSeparator = " "
ItemSeparator separates items in a list (for file reading/writing)
Variables ¶
var ( //ErrInvalidHash error message for invalid hash format ErrInvalidHash = errors.New("the encoded hash is not in the correct format") // ErrIncompatibleVersion error message for incompatible version of argon2 ErrIncompatibleVersion = errors.New("incompatible version of argon2") )
Functions ¶
Types ¶
type RoleDB ¶
type RoleDB struct {
// Constraints is used to validate an input role + users
// returns true + empty string if the role/users are valid
// returns false + message if the role/users are invalid
Constraints func(role string, users []string) (bool, string)
// contains filtered or unexported fields
}
RoleDB a database of roles (username - roles)
func EmptyRoleDB ¶
EmptyRoleDB creates a new role database with the specified file name, which will be removed if it already exists
func ReadRoleDB ¶
ReadRoleDB reads a role db from file
func (*RoleDB) Authorized ¶
Authorized is used to check if a user has access to a specified role
func (*RoleDB) CheckConstraints ¶
CheckConstraints to check if the db entry is valid given certain constraints
func (*RoleDB) CreateRole ¶
CreateRole is used to insert a user into the database
func (*RoleDB) DeleteRole ¶
DeleteRole is used to delete a user role from the database
func (*RoleDB) DeleteUserRole ¶
DeleteUserRole is used to delete a user role from the database
func (*RoleDB) InsertRole ¶
InsertRole is used to insert a user into the database
func (*RoleDB) ListRolesAndUsers ¶
ListRolesAndUsers list all roles with users
func (*RoleDB) RoleExists ¶
RoleExists looks up the role with the specified name
type UserDB ¶
type UserDB struct {
// Constraints is used to validate an input user + password
// returns true + empty string if the user is valid
// returns false + message if the user is invalid
Constraints func(user string, password string) (bool, string)
// contains filtered or unexported fields
}
UserDB a database of users
func EmptyUserDB ¶
EmptyUserDB creates a new user database with the specified file name, which will be removed if it already exists
func ReadUserDB ¶
ReadUserDB reads a user db from file
func (*UserDB) Authorized ¶
Authorized is used to check if the password matches the specified user name
func (*UserDB) CheckConstraints ¶
CheckConstraints to check if the db entry is valid given certain constraints
func (*UserDB) DeleteUser ¶
DeleteUser is used to delete a user from the database
func (*UserDB) GetPasswordHash ¶
GetPasswordHash returns the password_hash value for userName. If no such value is found, the empty string is returned (along with a non-nil error value)
func (*UserDB) InsertUser ¶
InsertUser is used to insert a user into the database
func (*UserDB) UpdatePassword ¶
UpdatePassword updates the password for the specified user
Source Files