blasphem/pkg/auth/user.go

64 lines
1.1 KiB
Go
Raw Permalink Normal View History

2022-11-12 13:34:39 -05:00
package auth
2022-12-19 02:42:01 -05:00
import (
"net"
"net/http"
)
2022-11-12 13:34:39 -05:00
2022-11-12 15:56:17 -05:00
type UserID string
type GroupID string
type CredID string
2022-11-12 13:34:39 -05:00
2022-11-13 11:55:10 -05:00
type Group struct {
ID GroupID `json:"id"`
Name string `json:"name"`
}
2022-11-12 13:34:39 -05:00
type User struct {
2022-11-12 17:42:51 -05:00
ID UserID `json:"id"`
GroupIDs []GroupID `json:"group_ids"`
Data interface{} `json:"data,omitempty"`
2022-11-12 13:34:39 -05:00
UserMetadata
2022-12-18 09:55:08 -05:00
2022-12-19 02:42:01 -05:00
Creds []*Credentials `json:"-"`
RefreshTokens []*RefreshToken `json:"-"`
2022-11-12 13:34:39 -05:00
}
type UserMetadata struct {
2022-11-12 17:42:51 -05:00
Owner bool `json:"is_owner"`
2022-11-13 11:55:10 -05:00
Active bool `json:"is_active"`
2022-11-12 17:42:51 -05:00
Name string `json:"name"`
2022-11-13 11:55:10 -05:00
SystemGenerated bool `json:"system_generated"`
LocalOnly bool `json:"local_only"`
2022-11-12 13:34:39 -05:00
}
2022-12-19 02:42:01 -05:00
func (u *User) allowedToAuth(r *http.Request) error {
2022-11-12 13:34:39 -05:00
if !u.Active {
2022-11-12 17:58:24 -05:00
return ErrDisabled
2022-11-12 13:34:39 -05:00
}
2022-12-19 02:42:01 -05:00
if !u.LocalOnly {
return nil
}
ip := net.ParseIP(r.RemoteAddr)
if ip == nil {
return ErrInvalidIP
}
if ip.IsLoopback() || ip.IsPrivate() || ip.IsLinkLocalUnicast() {
return nil
}
return ErrUserAuthRemote
2022-11-12 13:34:39 -05:00
}
2022-12-18 09:55:08 -05:00
func (a *Authenticator) getOrCreateUser(c *Credentials) (*User, error) {
2022-11-12 17:50:01 -05:00
u := a.store.User(c.UserID)
if u == nil {
2022-11-12 17:58:24 -05:00
return nil, ErrInvalidAuth
2022-11-12 17:50:01 -05:00
}
return u, nil
2022-11-12 13:34:39 -05:00
}