ntfy/user/types.go

// Package user deals with authentication and authorization against topics
package user

import (
	"errors"
	"github.com/stripe/stripe-go/v74"
	"regexp"
	"time"
)

// User is a struct that represents a user
type User struct {
	ID        string
	Name      string
	Hash      string // password hash (bcrypt)
	Token     string // Only set if token was used to log in
	Role      Role
	Prefs     *Prefs
	Tier      *Tier
	Stats     *Stats
	Billing   *Billing
	SyncTopic string
	Deleted   bool
}

// Auther is an interface for authentication and authorization
type Auther interface {
	// Authenticate checks username and password and returns a user if correct. The method
	// returns in constant-ish time, regardless of whether the user exists or the password is
	// correct or incorrect.
	Authenticate(username, password string) (*User, error)

	// Authorize returns nil if the given user has access to the given topic using the desired
	// permission. The user param may be nil to signal an anonymous user.
	Authorize(user *User, topic string, perm Permission) error
}

// Token represents a user token, including expiry date
type Token struct {
	Value   string
	Expires time.Time
}

// Prefs represents a user's configuration settings
type Prefs struct {
	Language      *string            `json:"language,omitempty"`
	Notification  *NotificationPrefs `json:"notification,omitempty"`
	Subscriptions []*Subscription    `json:"subscriptions,omitempty"`
}

// Tier represents a user's account type, including its account limits
type Tier struct {
	ID                       string
	Code                     string
	Name                     string
	MessagesLimit            int64
	MessagesExpiryDuration   time.Duration
	EmailsLimit              int64
	ReservationsLimit        int64
	AttachmentFileSizeLimit  int64
	AttachmentTotalSizeLimit int64
	AttachmentExpiryDuration time.Duration
	StripePriceID            string
}

// Subscription represents a user's topic subscription
type Subscription struct {
	ID          string  `json:"id"`
	BaseURL     string  `json:"base_url"`
	Topic       string  `json:"topic"`
	DisplayName *string `json:"display_name"`
}

// NotificationPrefs represents the user's notification settings
type NotificationPrefs struct {
	Sound       *string `json:"sound,omitempty"`
	MinPriority *int    `json:"min_priority,omitempty"`
	DeleteAfter *int    `json:"delete_after,omitempty"`
}

// Stats is a struct holding daily user statistics
type Stats struct {
	Messages int64
	Emails   int64
}

// Billing is a struct holding a user's billing information
type Billing struct {
	StripeCustomerID            string
	StripeSubscriptionID        string
	StripeSubscriptionStatus    stripe.SubscriptionStatus
	StripeSubscriptionPaidUntil time.Time
	StripeSubscriptionCancelAt  time.Time
}

// Grant is a struct that represents an access control entry to a topic by a user
type Grant struct {
	TopicPattern string // May include wildcard (*)
	Allow        Permission
}

// Reservation is a struct that represents the ownership over a topic by a user
type Reservation struct {
	Topic    string
	Owner    Permission
	Everyone Permission
}

// Permission represents a read or write permission to a topic
type Permission uint8

// Permissions to a topic
const (
	PermissionDenyAll Permission = iota
	PermissionRead
	PermissionWrite
	PermissionReadWrite // 3!
)

// NewPermission is a helper to create a Permission based on read/write bool values
func NewPermission(read, write bool) Permission {
	p := uint8(0)
	if read {
		p |= uint8(PermissionRead)
	}
	if write {
		p |= uint8(PermissionWrite)
	}
	return Permission(p)
}

// ParsePermission parses the string representation and returns a Permission
func ParsePermission(s string) (Permission, error) {
	switch s {
	case "read-write", "rw":
		return NewPermission(true, true), nil
	case "read-only", "read", "ro":
		return NewPermission(true, false), nil
	case "write-only", "write", "wo":
		return NewPermission(false, true), nil
	case "deny-all", "deny", "none":
		return NewPermission(false, false), nil
	default:
		return NewPermission(false, false), errors.New("invalid permission")
	}
}

// IsRead returns true if readable
func (p Permission) IsRead() bool {
	return p&PermissionRead != 0
}

// IsWrite returns true if writable
func (p Permission) IsWrite() bool {
	return p&PermissionWrite != 0
}

// IsReadWrite returns true if readable and writable
func (p Permission) IsReadWrite() bool {
	return p.IsRead() && p.IsWrite()
}

// String returns a string representation of the permission
func (p Permission) String() string {
	if p.IsReadWrite() {
		return "read-write"
	} else if p.IsRead() {
		return "read-only"
	} else if p.IsWrite() {
		return "write-only"
	}
	return "deny-all"
}

// Role represents a user's role, either admin or regular user
type Role string

// User roles
const (
	RoleAdmin     = Role("admin") // Some queries have these values hardcoded!
	RoleUser      = Role("user")
	RoleAnonymous = Role("anonymous")
)

// Everyone is a special username representing anonymous users
const (
	Everyone   = "*"
	everyoneID = "u_everyone"
)

var (
	allowedUsernameRegex     = regexp.MustCompile(`^[-_.@a-zA-Z0-9]+$`)     // Does not include Everyone (*)
	allowedTopicRegex        = regexp.MustCompile(`^[-_A-Za-z0-9]{1,64}$`)  // No '*'
	allowedTopicPatternRegex = regexp.MustCompile(`^[-_*A-Za-z0-9]{1,64}$`) // Adds '*' for wildcards!
	allowedTierRegex         = regexp.MustCompile(`^[-_A-Za-z0-9]{1,64}$`)
)

// AllowedRole returns true if the given role can be used for new users
func AllowedRole(role Role) bool {
	return role == RoleUser || role == RoleAdmin
}

// AllowedUsername returns true if the given username is valid
func AllowedUsername(username string) bool {
	return allowedUsernameRegex.MatchString(username)
}

// AllowedTopic returns true if the given topic name is valid
func AllowedTopic(topic string) bool {
	return allowedTopicRegex.MatchString(topic)
}

// AllowedTopicPattern returns true if the given topic pattern is valid; this includes the wildcard character (*)
func AllowedTopicPattern(topic string) bool {
	return allowedTopicPatternRegex.MatchString(topic)
}

// AllowedTier returns true if the given tier name is valid
func AllowedTier(tier string) bool {
	return allowedTierRegex.MatchString(tier)
}

// Error constants used by the package
var (
	ErrUnauthenticated     = errors.New("unauthenticated")
	ErrUnauthorized        = errors.New("unauthorized")
	ErrInvalidArgument     = errors.New("invalid argument")
	ErrUserNotFound        = errors.New("user not found")
	ErrTierNotFound        = errors.New("tier not found")
	ErrTooManyReservations = errors.New("new tier has lower reservation limit")
)
Display name sync 2022-12-26 04:29:55 +01:00			`// Package user deals with authentication and authorization against topics`
			`package user`

			`import (`
			`"errors"`
Payment stuff, cont'd 2023-01-16 05:29:46 +01:00			`"github.com/stripe/stripe-go/v74"`
Display name sync 2022-12-26 04:29:55 +01:00			`"regexp"`
More tests 2022-12-28 19:46:18 +01:00			`"time"`
Display name sync 2022-12-26 04:29:55 +01:00			`)`

			`// User is a struct that represents a user`
			`type User struct {`
Introduce text IDs for everything (esp user), to avoid security and accounting issues 2023-01-22 05:15:22 +01:00			`ID string`
Sync topic (begin), rename user fields 2023-01-10 03:53:21 +01:00			`Name string`
			`Hash string // password hash (bcrypt)`
			`Token string // Only set if token was used to log in`
			`Role Role`
			`Prefs *Prefs`
			`Tier *Tier`
			`Stats *Stats`
WIP: Stripe integration 2023-01-14 12:43:44 +01:00			`Billing *Billing`
Sync topic (begin), rename user fields 2023-01-10 03:53:21 +01:00			`SyncTopic string`
Delayed deletion 2023-01-23 04:21:30 +01:00			`Deleted bool`
Display name sync 2022-12-26 04:29:55 +01:00			`}`

Test account api (WIP) 2022-12-29 04:16:11 +01:00			`// Auther is an interface for authentication and authorization`
			`type Auther interface {`
			`// Authenticate checks username and password and returns a user if correct. The method`
			`// returns in constant-ish time, regardless of whether the user exists or the password is`
			`// correct or incorrect.`
			`Authenticate(username, password string) (*User, error)`

			`// Authorize returns nil if the given user has access to the given topic using the desired`
			`// permission. The user param may be nil to signal an anonymous user.`
			`Authorize(user *User, topic string, perm Permission) error`
			`}`

			`// Token represents a user token, including expiry date`
Display name sync 2022-12-26 04:29:55 +01:00			`type Token struct {`
			`Value string`
More tests 2022-12-28 19:46:18 +01:00			`Expires time.Time`
Display name sync 2022-12-26 04:29:55 +01:00			`}`

Test account api (WIP) 2022-12-29 04:16:11 +01:00			`// Prefs represents a user's configuration settings`
Display name sync 2022-12-26 04:29:55 +01:00			`type Prefs struct {`
Fix sync display name and delete after issue 2023-01-24 21:05:19 +01:00			Language *string `json:"language,omitempty"`
Display name sync 2022-12-26 04:29:55 +01:00			Notification *NotificationPrefs `json:"notification,omitempty"`
			Subscriptions []*Subscription `json:"subscriptions,omitempty"`
			`}`

Rename plan->tier, topics->reservations, more tests, more todos 2023-01-08 03:04:13 +01:00			`// Tier represents a user's account type, including its account limits`
			`type Tier struct {`
Introduce text IDs for everything (esp user), to avoid security and accounting issues 2023-01-22 05:15:22 +01:00			`ID string`
Tiers make sense for admins now 2023-01-09 21:40:46 +01:00			`Code string`
			`Name string`
			`MessagesLimit int64`
			`MessagesExpiryDuration time.Duration`
			`EmailsLimit int64`
			`ReservationsLimit int64`
			`AttachmentFileSizeLimit int64`
			`AttachmentTotalSizeLimit int64`
			`AttachmentExpiryDuration time.Duration`
WIP: Stripe integration 2023-01-14 12:43:44 +01:00			`StripePriceID string`
Display name sync 2022-12-26 04:29:55 +01:00			`}`

Test account api (WIP) 2022-12-29 04:16:11 +01:00			`// Subscription represents a user's topic subscription`
Display name sync 2022-12-26 04:29:55 +01:00			`type Subscription struct {`
Fix sync display name and delete after issue 2023-01-24 21:05:19 +01:00			ID string `json:"id"`
			BaseURL string `json:"base_url"`
			Topic string `json:"topic"`
			DisplayName *string `json:"display_name"`
Display name sync 2022-12-26 04:29:55 +01:00			`}`

Test account api (WIP) 2022-12-29 04:16:11 +01:00			`// NotificationPrefs represents the user's notification settings`
Display name sync 2022-12-26 04:29:55 +01:00			`type NotificationPrefs struct {`
Fix sync display name and delete after issue 2023-01-24 21:05:19 +01:00			Sound *string `json:"sound,omitempty"`
			MinPriority *int `json:"min_priority,omitempty"`
			DeleteAfter *int `json:"delete_after,omitempty"`
Display name sync 2022-12-26 04:29:55 +01:00			`}`

Test account api (WIP) 2022-12-29 04:16:11 +01:00			`// Stats is a struct holding daily user statistics`
Display name sync 2022-12-26 04:29:55 +01:00			`type Stats struct {`
			`Messages int64`
			`Emails int64`
			`}`

WIP: Stripe integration 2023-01-14 12:43:44 +01:00			`// Billing is a struct holding a user's billing information`
			`type Billing struct {`
Payment stuff, cont'd 2023-01-16 05:29:46 +01:00			`StripeCustomerID string`
			`StripeSubscriptionID string`
			`StripeSubscriptionStatus stripe.SubscriptionStatus`
			`StripeSubscriptionPaidUntil time.Time`
Add "Canceled" banner 2023-01-16 16:35:12 +01:00			`StripeSubscriptionCancelAt time.Time`
WIP: Stripe integration 2023-01-14 12:43:44 +01:00			`}`

Replace read/write flags with Permission 2023-01-03 03:12:42 +01:00			`// Grant is a struct that represents an access control entry to a topic by a user`
Display name sync 2022-12-26 04:29:55 +01:00			`type Grant struct {`
			`TopicPattern string // May include wildcard (*)`
Replace read/write flags with Permission 2023-01-03 03:12:42 +01:00			`Allow Permission`
Introduce Reservation 2023-01-03 02:08:37 +01:00			`}`

			`// Reservation is a struct that represents the ownership over a topic by a user`
			`type Reservation struct {`
Replace read/write flags with Permission 2023-01-03 03:12:42 +01:00			`Topic string`
			`Owner Permission`
			`Everyone Permission`
Display name sync 2022-12-26 04:29:55 +01:00			`}`

			`// Permission represents a read or write permission to a topic`
Replace read/write flags with Permission 2023-01-03 03:12:42 +01:00			`type Permission uint8`
Display name sync 2022-12-26 04:29:55 +01:00
			`// Permissions to a topic`
			`const (`
Replace read/write flags with Permission 2023-01-03 03:12:42 +01:00			`PermissionDenyAll Permission = iota`
			`PermissionRead`
			`PermissionWrite`
			`PermissionReadWrite // 3!`
Display name sync 2022-12-26 04:29:55 +01:00			`)`

Comments 2023-01-03 04:28:43 +01:00			`// NewPermission is a helper to create a Permission based on read/write bool values`
Replace read/write flags with Permission 2023-01-03 03:12:42 +01:00			`func NewPermission(read, write bool) Permission {`
			`p := uint8(0)`
			`if read {`
			`p \|= uint8(PermissionRead)`
			`}`
			`if write {`
			`p \|= uint8(PermissionWrite)`
			`}`
			`return Permission(p)`
			`}`

Comments 2023-01-03 04:28:43 +01:00			`// ParsePermission parses the string representation and returns a Permission`
Replace read/write flags with Permission 2023-01-03 03:12:42 +01:00			`func ParsePermission(s string) (Permission, error) {`
			`switch s {`
			`case "read-write", "rw":`
			`return NewPermission(true, true), nil`
			`case "read-only", "read", "ro":`
			`return NewPermission(true, false), nil`
			`case "write-only", "write", "wo":`
			`return NewPermission(false, true), nil`
			`case "deny-all", "deny", "none":`
			`return NewPermission(false, false), nil`
			`default:`
			`return NewPermission(false, false), errors.New("invalid permission")`
			`}`
			`}`

Comments 2023-01-03 04:28:43 +01:00			`// IsRead returns true if readable`
Replace read/write flags with Permission 2023-01-03 03:12:42 +01:00			`func (p Permission) IsRead() bool {`
			`return p&PermissionRead != 0`
			`}`

Comments 2023-01-03 04:28:43 +01:00			`// IsWrite returns true if writable`
Replace read/write flags with Permission 2023-01-03 03:12:42 +01:00			`func (p Permission) IsWrite() bool {`
			`return p&PermissionWrite != 0`
			`}`

Comments 2023-01-03 04:28:43 +01:00			`// IsReadWrite returns true if readable and writable`
Replace read/write flags with Permission 2023-01-03 03:12:42 +01:00			`func (p Permission) IsReadWrite() bool {`
			`return p.IsRead() && p.IsWrite()`
			`}`

Comments 2023-01-03 04:28:43 +01:00			`// String returns a string representation of the permission`
Replace read/write flags with Permission 2023-01-03 03:12:42 +01:00			`func (p Permission) String() string {`
			`if p.IsReadWrite() {`
			`return "read-write"`
			`} else if p.IsRead() {`
			`return "read-only"`
			`} else if p.IsWrite() {`
			`return "write-only"`
			`}`
			`return "deny-all"`
			`}`

Display name sync 2022-12-26 04:29:55 +01:00			`// Role represents a user's role, either admin or regular user`
			`type Role string`

			`// User roles`
			`const (`
Fix all the tests 2022-12-28 19:28:28 +01:00			`RoleAdmin = Role("admin") // Some queries have these values hardcoded!`
Display name sync 2022-12-26 04:29:55 +01:00			`RoleUser = Role("user")`
			`RoleAnonymous = Role("anonymous")`
			`)`

			`// Everyone is a special username representing anonymous users`
			`const (`
Delayed deletion 2023-01-23 04:21:30 +01:00			`Everyone = "*"`
			`everyoneID = "u_everyone"`
Display name sync 2022-12-26 04:29:55 +01:00			`)`

			`var (`
			allowedUsernameRegex = regexp.MustCompile(`^[-_.@a-zA-Z0-9]+$`) // Does not include Everyone (*)
User-owned ACL entries 2023-01-01 21:21:43 +01:00			allowedTopicRegex = regexp.MustCompile(`^[-_A-Za-z0-9]{1,64}$`) // No '*'
Display name sync 2022-12-26 04:29:55 +01:00			allowedTopicPatternRegex = regexp.MustCompile(`^[-_A-Za-z0-9]{1,64}$`) // Adds '' for wildcards!
Tiers make sense for admins now 2023-01-09 21:40:46 +01:00			allowedTierRegex = regexp.MustCompile(`^[-_A-Za-z0-9]{1,64}$`)
Display name sync 2022-12-26 04:29:55 +01:00			`)`

			`// AllowedRole returns true if the given role can be used for new users`
			`func AllowedRole(role Role) bool {`
			`return role == RoleUser \|\| role == RoleAdmin`
			`}`

			`// AllowedUsername returns true if the given username is valid`
			`func AllowedUsername(username string) bool {`
			`return allowedUsernameRegex.MatchString(username)`
			`}`

User-owned ACL entries 2023-01-01 21:21:43 +01:00			`// AllowedTopic returns true if the given topic name is valid`
Tiers make sense for admins now 2023-01-09 21:40:46 +01:00			`func AllowedTopic(topic string) bool {`
			`return allowedTopicRegex.MatchString(topic)`
User-owned ACL entries 2023-01-01 21:21:43 +01:00			`}`

Display name sync 2022-12-26 04:29:55 +01:00			`// AllowedTopicPattern returns true if the given topic pattern is valid; this includes the wildcard character (*)`
Tiers make sense for admins now 2023-01-09 21:40:46 +01:00			`func AllowedTopicPattern(topic string) bool {`
			`return allowedTopicPatternRegex.MatchString(topic)`
			`}`

			`// AllowedTier returns true if the given tier name is valid`
			`func AllowedTier(tier string) bool {`
			`return allowedTierRegex.MatchString(tier)`
Display name sync 2022-12-26 04:29:55 +01:00			`}`

			`// Error constants used by the package`
			`var (`
Payments webhook test, delete attachments/messages when reservations are removed, 2023-01-21 04:47:37 +01:00			`ErrUnauthenticated = errors.New("unauthenticated")`
			`ErrUnauthorized = errors.New("unauthorized")`
			`ErrInvalidArgument = errors.New("invalid argument")`
			`ErrUserNotFound = errors.New("user not found")`
			`ErrTierNotFound = errors.New("tier not found")`
			`ErrTooManyReservations = errors.New("new tier has lower reservation limit")`
Payment stuff, cont'd 2023-01-16 05:29:46 +01:00			`)`