...

Source file src/golang.conradwood.net/go-easyops/auth/auth.go

Documentation: golang.conradwood.net/go-easyops/auth 

     1  /*
     2  This provides information about users and their groups and organisations.
     3  
     4  It provides many helper functions to determine if a user has certain permissions, is a root user or a service.
     5  it has helpers to print out user information.
     6  
     7  It works on a context to retrieve user and service information.
     8  
     9  Note that a 'service account' is also a 'user'. It is just marked as a service. Service accounts are treated differently in some places. For example, a web proxy does not (should not) allow services to log in to a website.
    10  
    11  As a rule of thumb, Most calls in this package do not require network I/O and thus are fairly safe and cheap. see package authremote for calls that require network I/O.
    12  
    13  It also provides some wrappers to create a new context. That is for historic reasons. Developers should use and port code to use the ctx package instead. In almost all cases, if a context is already present (for example, in a gRPC server), that context must be re-used. New Contexts should only be created after a user has been authenticated.
    14  */
    15  package auth
    16  
    17  import (
    18  	"fmt"
    19  	apb "golang.conradwood.net/apis/auth"
    20  	//	"golang.conradwood.net/go-easyops/client"
    21  	"context"
    22  	//	"golang.conradwood.net/go-easyops/cmdline"
    23  	"golang.conradwood.net/go-easyops/common"
    24  	"golang.conradwood.net/go-easyops/ctx"
    25  	"golang.conradwood.net/go-easyops/rpc"
    26  )
    27  
    28  // get the OrganisationID in this context
    29  func GetOrganisationID(uctx context.Context) string {
    30  	return "1" // currently ALWAYS 1
    31  }
    32  
    33  // get the user in this context
    34  func GetUser(uctx context.Context) *apb.User {
    35  	u := ctx.GetLocalState(uctx).User()
    36  	us := common.VerifySignedUser(u)
    37  	if us != nil {
    38  		// new path succeeded
    39  		return us
    40  	}
    41  	// code below to be removed:
    42  	cs := rpc.CallStateFromContext(uctx)
    43  	if cs == nil {
    44  		return nil
    45  	}
    46  	return cs.User()
    47  }
    48  
    49  // get the user in this context
    50  func GetSignedUser(uctx context.Context) *apb.SignedUser {
    51  	u := ctx.GetLocalState(uctx).User()
    52  	if u != nil {
    53  		// new path succeeded
    54  		return u
    55  	}
    56  	// code below to be removed:
    57  	cs := rpc.CallStateFromContext(uctx)
    58  	if cs == nil {
    59  		return nil
    60  	}
    61  	su := cs.SignedUser()
    62  	if su == nil && cs.User() != nil {
    63  		panic("mismatched old style context, no signed user, but unsigned user present")
    64  	}
    65  	return su
    66  }
    67  
    68  // get the user in this context
    69  func GetSignedService(uctx context.Context) *apb.SignedUser {
    70  	u := ctx.GetLocalState(uctx).CallingService()
    71  	if u != nil {
    72  		return u
    73  	}
    74  	// code below to be removed, obsolete path...:
    75  	cs := rpc.CallStateFromContext(uctx)
    76  	if cs == nil {
    77  		return nil
    78  	}
    79  	res := cs.SignedService()
    80  	if res == nil && cs.CallerService() != nil {
    81  		panic("invalid callstate (no signed service, but unsignedservice)")
    82  	}
    83  	return res
    84  }
    85  
    86  // get the service which directly called us
    87  func GetService(uctx context.Context) *apb.User {
    88  	return common.VerifySignedUser(GetSignedService(uctx))
    89  }
    90  
    91  // get the service which created this context
    92  func GetCreatingService(uctx context.Context) *apb.User {
    93  	u := ctx.GetLocalState(uctx).CreatorService()
    94  	us := common.VerifySignedUser(u)
    95  	return us
    96  
    97  }
    98  
    99  func PrintUser(u *apb.User) {
   100  	if u == nil {
   101  		return
   102  	}
   103  	fmt.Printf("User ID: %s\n", u.ID)
   104  	fmt.Printf("  Email: %s\n", u.Email)
   105  	fmt.Printf("  Abbrev:%s\n", u.Abbrev)
   106  }
   107  func PrintSignedUser(uu *apb.SignedUser) {
   108  	u := common.VerifySignedUser(uu)
   109  	if u == nil {
   110  		return
   111  	}
   112  
   113  	fmt.Printf("User ID: %s\n", u.ID)
   114  	fmt.Printf("  Email: %s\n", u.Email)
   115  	fmt.Printf("  Abbrev:%s\n", u.Abbrev)
   116  }
   117  
   118  // one line description of the user/caller
   119  func SignedDescription(user *apb.SignedUser) string {
   120  	u := common.VerifySignedUser(user)
   121  	return Description(u)
   122  }
   123  func Description(user *apb.User) string {
   124  	if user == nil {
   125  		return "ANONYMOUS"
   126  	}
   127  	if user.Abbrev != "" {
   128  		return user.Abbrev
   129  	}
   130  	if user.Email != "" {
   131  		return user.Email
   132  	}
   133  	return "user #" + user.ID
   134  }
   135  
   136  // print the userid and description
   137  func UserIDString(user *apb.User) string {
   138  	if user == nil {
   139  		return "ANONYMOUS"
   140  	}
   141  	if user.Abbrev != "" {
   142  		return "#" + user.ID + " (" + user.Abbrev + ")"
   143  	}
   144  	if user.Email != "" {
   145  		return "#" + user.ID + " (" + user.Email + ")"
   146  	}
   147  	return "user #" + user.ID
   148  }
   149  
   150  // returns  "User ID (email)"
   151  func CurrentUserString(ctx context.Context) string {
   152  	u := GetUser(ctx)
   153  	if u == nil {
   154  		return "ANONYMOUS"
   155  	}
   156  	return fmt.Sprintf("User #%s (%s)", u.ID, u.Email)
   157  }
   158  

View as plain text