CouchDB system roles.
const (
RoleAdmin = "_admin"
RoleReader = "_reader"
RoleWriter = "_writer"
RoleReplicator = "_replicator"
RoleDBUpdates = "_db_updates"
RoleDesign = "_design"
)
func CreateAuthToken(name, salt, secret string, time int64) string
CreateAuthToken hashes a username, salt, timestamp, and the server secret into an authentication token.
func DecodeCookie(cookie string) (name string, created int64, err error)
DecodeCookie decodes a Base64-encoded cookie, and returns its component parts.
AuthenticateFunc authenticates the HTTP request. On success, a user context must be returned. Any error will immediately terminate the authentication process, returning an error to the client. In particular, this means that an "unauthorized" error must not be returned if fallthrough is intended. If a response is sent, execution does not continue. This allows handlers to expose their own API endpoints (for example, the default cookie auth handler adds POST /_session and DELETE /_session handlers).
type AuthenticateFunc func(http.ResponseWriter, *http.Request) (*UserContext, error)
Handler is an auth handler.
type Handler interface {
// Init should return the name of the authentication method, and an
// authentication function. It is only called once on server startup.
Init(Server) (string, AuthenticateFunc)
}
func BasicAuth() Handler
BasicAuth returns a basic auth handler.
func CookieAuth(secret string, sessionTimeout time.Duration) Handler
CookieAuth returns a cookie auth handler.
MemoryUserStore is a simple in-memory user store.
type MemoryUserStore struct {
// contains filtered or unexported fields
}
func NewMemoryUserStore() *MemoryUserStore
NewMemoryUserStore returns a new MemoryUserStore.
func (s *MemoryUserStore) AddUser(username, password string, roles []string) error
AddUser adds a user to the store. It returns an error if the user already exists.
func (s *MemoryUserStore) DeleteUser(username string)
DeleteUser deletes a user from the store.
func (s *MemoryUserStore) UserCtx(_ context.Context, username string) (*UserContext, error)
UserCtx returns a user context object if the user exists.
func (s *MemoryUserStore) Validate(_ context.Context, username, password string) (*UserContext, error)
Validate returns a user context object if the credentials are valid.
Server is the interface for the server which exposes capabilities needed by auth handlers.
type Server interface {
UserStore() UserStore
Bind(*http.Request, interface{}) error
}
UserContext represents a CouchDB UserContext object.
type UserContext struct {
Database string `json:"db,omitempty"`
Name string `json:"name"`
Roles []string `json:"roles"`
// Salt is needed to calculate cookie tokens.
Salt string `json:"-"`
}
func (c *UserContext) HasRole(role string) bool
HasRole returns true if the user has the specified role.
A UserStore provides an AuthHandler with access to a user store for.
type UserStore interface {
// Validate returns a user context object if the credentials are valid. An
// error must be returned otherwise. A Not-Found error will continue to the
// next user store, while any other error will terminate the auth process.
Validate(ctx context.Context, username, password string) (user *UserContext, err error)
// UserCtx returns a user context object if the user exists. It is used by
// AuthHandlers that don't validate the password (e.g. Cookie auth). If the
// user does not exist, a Not-Found error will be returned.
UserCtx(ctx context.Context, username string) (user *UserContext, err error)
}