63 lines
1.1 KiB
Go
63 lines
1.1 KiB
Go
package auth
|
|
|
|
import (
|
|
"net"
|
|
"net/http"
|
|
)
|
|
|
|
type UserID string
|
|
type GroupID string
|
|
type CredID string
|
|
|
|
type Group struct {
|
|
ID GroupID `json:"id"`
|
|
Name string `json:"name"`
|
|
}
|
|
|
|
type User struct {
|
|
ID UserID `json:"id"`
|
|
GroupIDs []GroupID `json:"group_ids"`
|
|
Data interface{} `json:"data,omitempty"`
|
|
UserMetadata
|
|
|
|
Creds []*Credentials `json:"-"`
|
|
RefreshTokens []*RefreshToken `json:"-"`
|
|
}
|
|
|
|
type UserMetadata struct {
|
|
Owner bool `json:"is_owner"`
|
|
Active bool `json:"is_active"`
|
|
Name string `json:"name"`
|
|
SystemGenerated bool `json:"system_generated"`
|
|
LocalOnly bool `json:"local_only"`
|
|
}
|
|
|
|
func (u *User) allowedToAuth(r *http.Request) error {
|
|
if !u.Active {
|
|
return ErrDisabled
|
|
}
|
|
|
|
if !u.LocalOnly {
|
|
return nil
|
|
}
|
|
|
|
ip := net.ParseIP(r.RemoteAddr)
|
|
if ip == nil {
|
|
return ErrInvalidIP
|
|
}
|
|
|
|
if ip.IsLoopback() || ip.IsPrivate() || ip.IsLinkLocalUnicast() {
|
|
return nil
|
|
}
|
|
|
|
return ErrUserAuthRemote
|
|
}
|
|
|
|
func (a *authenticator) getOrCreateUser(c *Credentials) (*User, error) {
|
|
u := a.store.User(c.UserID)
|
|
if u == nil {
|
|
return nil, ErrInvalidAuth
|
|
}
|
|
|
|
return u, nil
|
|
}
|