2022-01-23 06:02:16 +01:00
|
|
|
package auth
|
|
|
|
|
|
|
|
import "errors"
|
|
|
|
|
2022-01-23 06:54:18 +01:00
|
|
|
// Auther is a generic interface to implement password-based authentication and authorization
|
|
|
|
type Auther interface {
|
2022-01-23 06:02:16 +01:00
|
|
|
Authenticate(user, pass string) (*User, error)
|
|
|
|
Authorize(user *User, topic string, perm Permission) error
|
|
|
|
}
|
|
|
|
|
2022-01-23 06:54:18 +01:00
|
|
|
type Manager interface {
|
|
|
|
AddUser(username, password string, role Role) error
|
|
|
|
RemoveUser(username string) error
|
|
|
|
ChangePassword(username, password string) error
|
2022-01-23 21:30:30 +01:00
|
|
|
ChangeRole(username string, role Role) error
|
|
|
|
AllowAccess(username string, topic string, read bool, write bool) error
|
|
|
|
ResetAccess(username string, topic string) error
|
2022-01-23 06:54:18 +01:00
|
|
|
}
|
|
|
|
|
2022-01-23 06:02:16 +01:00
|
|
|
type User struct {
|
|
|
|
Name string
|
|
|
|
Role Role
|
|
|
|
}
|
|
|
|
|
|
|
|
type Permission int
|
|
|
|
|
|
|
|
const (
|
|
|
|
PermissionRead = Permission(1)
|
|
|
|
PermissionWrite = Permission(2)
|
|
|
|
)
|
|
|
|
|
|
|
|
type Role string
|
|
|
|
|
|
|
|
const (
|
|
|
|
RoleAdmin = Role("admin")
|
|
|
|
RoleUser = Role("user")
|
|
|
|
RoleNone = Role("none")
|
|
|
|
)
|
|
|
|
|
|
|
|
var Everyone = &User{
|
|
|
|
Name: "",
|
|
|
|
Role: RoleNone,
|
|
|
|
}
|
|
|
|
|
2022-01-23 21:30:30 +01:00
|
|
|
var Roles = []Role{
|
|
|
|
RoleAdmin,
|
|
|
|
RoleUser,
|
|
|
|
RoleNone,
|
|
|
|
}
|
|
|
|
|
|
|
|
func AllowedRole(role Role) bool {
|
|
|
|
return role == RoleUser || role == RoleAdmin
|
|
|
|
}
|
|
|
|
|
2022-01-23 06:02:16 +01:00
|
|
|
var ErrUnauthorized = errors.New("unauthorized")
|