const (
SERBINPREFIX = "CTXUSER-BIN-"
SERSTRPREFIX = "CTXUSER-STR-"
)
func CurrentUserString(ctx context.Context) string
returns "User ID (email)"
func DISContext(t time.Duration) context.Context
return a context with token and/or from environment or so this function is obsolete and deprecated. use authremote.Context() instead
func DISContextForSignedUser(su *auth.SignedUser) (context.Context, error)
this will create a context for a userobject. if the userobject is signed, it will "just work" this function is obsolete and deprecated. use authremote.Context() instead
func DISGetSignedSession(ctx context.Context) *auth.SignedSession
get signed session from context or nil if none
func Description(user *apb.User) string
func ForkContext(ictx context.Context) (context.Context, error)
func GetCreatingService(uctx context.Context) *apb.User
get the service which created this context
func GetOrganisationID(uctx context.Context) string
get the OrganisationID in this context
func GetService(uctx context.Context) *apb.User
get the service which directly called us
func GetServiceIDByName(servicename string) string
sometimes a service needs to verify if it is being called by a specific service. This often implies permissions to access certain privileged bits of information. The assumption is, that service A authenticates a user and calls service B, either immediately after or some time later. In this case service B "trusts" service A. The security implication of this model is, that service B must be able to ensure service A really is who they say they are (the auth server signature should be used for this purpose) and service A has not been replaced with a different service of the same name. For this purpose, in this case, the service to userid mappings are hardcoded into the file so to match the "yacloud" default. If someone wishes to run their own yacloud the mapping can be overriden. This then is not a programmatic option, but a configuration (administrator) option. A file in /opt/yacloud/config/service_map.yaml, if exists, will be parsed on startup and used to provide this information. Any lookup for a servicename that does not exist will lead to a panic() (because it is a fatal error!). The intention of this function is to provide a means to create a common method of looking up this information, so that, in future, perhaps a good and secure way can be found to automatically map this through a combination of registry/auth-server lookups or similar.
func GetSessionToken(ctx context.Context) string
get session token from context or "" if none
func GetSignedService(uctx context.Context) *apb.SignedUser
get the user in this context
func GetSignedUser(uctx context.Context) *apb.SignedUser
get the user in this context
func GetUser(uctx context.Context) *apb.User
get the user in this context
func IsInGroup(ctx context.Context, groupid string) bool
return true if user (from context) is part of group specified by groupid
func IsInGroupByUser(user *apb.User, groupid string) bool
* return true if user is in this group
func IsInGroups(ctx context.Context, groupids string) bool
return true if user (from context) is part of at least one of the groups specified by groupids. groupids is a comma delimited list of groupids
func IsInGroupsByUser(user *apb.User, groupids string) bool
return true if user is in any of the groups (comma delimited list of ids)
func IsRoot(ctx context.Context) bool
func IsRootUser(user *apb.User) bool
func IsService(ctx context.Context, serviceids string) bool
return true if service in context is one of the serviceids. serviceids comma delimited
func PrintSignedUser(uu *apb.SignedUser)
func PrintUser(u *apb.User)
func RecreateContextWithTimeout(t time.Duration, bs []byte) (context.Context, error)
this recreates a context from a previously stored state (see SerialiseContext())
func SerialiseContext(ctx context.Context) ([]byte, error)
func SerialiseContextToString(ctx context.Context) (string, error)
func ServiceMapToYaml(m map[string]string) []byte
func SignedDescription(user *apb.SignedUser) string
one line description of the user/caller
func UserIDString(user *apb.User) string
print the userid and description