authfile

package module

v0.0.0-...-07298f6 Latest Latest Go to latest Published: Nov 29, 2017 License: MIT Imports: 14 Imported by: 3

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/JonathanLogan/authfile

Links

Open Source Insights

README ¶

authfile

Simple username/password file management

Documentation ¶

Overview ¶

Package authfile implements a library and provider for simple password management. It handles files that contain lines of username/password and provides an API to create, verify, update and delete entries. username:hashed_password Lines starting with # are ignored. Lines starting with $ set the cost of the bcrypt. otherwise the default cost of the bcrypt implementation is used. Service. Reader/writer

Index ¶

Variables
func MsgBuffer(out chan interface{}, wait time.Duration) chan interface{}
type Entry
type FileBackend
- func NewFileBackend(filename string, perm os.FileMode, update time.Duration) (*FileBackend, error)
type IAuthenticationService
type IOProvider
type InMemoryService
- func NewInMemoryService(backend IOProvider, loadTimeout time.Duration) *InMemoryService
type WorkPool
- func NewWorkPool(maxworkers int) *WorkPool
- func (wp *WorkPool) Dispatch(job func()) (res bool)
- func (wp *WorkPool) Shutdown()

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	// ErrUserDoesNotExist is returned if operating on a user that does not exist.
	ErrUserDoesNotExist = errors.New("authfile: User does not exist")
	// ErrUserExists is returned if trying to add a user that already exists.
	ErrUserExists = errors.New("authfile: User exists")
	// ErrAuthenticationFailed is returnd if the password does not match the user.
	ErrAuthenticationFailed = errors.New("authfile: Authentication failure")
)

View Source

var (
	// ErrNoTransaction is returned if trying to load without a transaction
	ErrNoTransaction = errors.New("authfile: No transaction")
)

Functions ¶

func MsgBuffer ¶

func MsgBuffer(out chan interface{}, wait time.Duration) chan interface{}

MsgBuffer is a timed message buffer. Close the returned channel to stop it.

Types ¶

type Entry ¶

type Entry struct {
	Username     string // The username.
	PasswordHash []byte // The password hash.
}

Entry defines a single entry.

type FileBackend ¶

type FileBackend struct {
	// contains filtered or unexported fields
}

FileBackend implements a file based backend.

func NewFileBackend ¶

func NewFileBackend(filename string, perm os.FileMode, update time.Duration) (*FileBackend, error)

NewFileBackend returns a new file based IO backend. The backend will also start a file change monitor if the update parameter is >0. In this case the authservice update function will be called if the file has changed.

func (*FileBackend) Close ¶

func (filebackend *FileBackend) Close()

Close the backend file.

func (*FileBackend) RequestRead ¶

func (filebackend *FileBackend) RequestRead(authservice IAuthenticationService)

RequestRead is called by the authentication service when it requests a read.

func (*FileBackend) RequestWrite ¶

func (filebackend *FileBackend) RequestWrite(authservice IAuthenticationService)

RequestWrite is called by the authentication service when it requests a write.

func (FileBackend) UsernameIsValid ¶

func (filebackend FileBackend) UsernameIsValid(username string) bool

UsernameIsValid checks if a username is valid. It may not start with "$"" or "#", and may not contain a ":".

type IAuthenticationService ¶

type IAuthenticationService interface {
	// Authenticate checks if a username is present and the password matches. Returns nil on success.
	Authenticate(username, password string) error
	// Delete a user, return nil on success.
	Delete(username string) error
	// Add a user with password. Return nil on success.
	Add(username, password string) error
	// Modify a user to use a new password. Return nil on success.
	Modify(username, password string) error
	// VerifyModify modifies the password of a user only after verifying that the old password is correct.
	VerifyModify(username, oldpassword, newpassword string) error
	// StartLoad creates a new loading transaction.
	StartLoad()
	// Load a user with a password hash.
	Load(username string, passwordHash []byte) error
	// Commit newly loaded data as the authoritative data.
	Commit()
	// Rollback a current load transaction.
	Rollback()
	// SetCost updates the bcrypt cost that is required.
	SetCost(cost int)
	// GetCost returns the current target bcrypt cost of the system.
	GetCost() int
	// List all entries of the service. There is no defined order.
	List() []Entry
	// Update triggers the authentication service to request a reload from the backend storage.
	Update()
	// Sync the backend.
	Sync()
	// Shutdown the authentication service, updating the backend.
	Shutdown()
	// Kill the authentication service.
	Kill()
}

IAuthenticationService is the interface of an authentication service

type IOProvider ¶

type IOProvider interface {
	RequestRead(authservice IAuthenticationService)  // Called when the auth provider wants to read the backend data.
	RequestWrite(authservice IAuthenticationService) // Called when the auth provider wants to write to the backend.
	UsernameIsValid(username string) bool            // Returns true if the username is safe, false if not.
}

IOProvider implements reading/writing services for the authentication service. The authentication service requests reads/writes, and the IOProvider is expected to use the API to get the serialized data from the provider or push serialized data to the provider.

type InMemoryService ¶

type InMemoryService struct {
	// contains filtered or unexported fields
}

InMemoryService implements an authentication service.

func NewInMemoryService ¶

func NewInMemoryService(backend IOProvider, loadTimeout time.Duration) *InMemoryService

NewInMemoryService provides a new authentication service that keeps all accounts in memory. loadTimeout is the time until a load from backend must succeed (during which modifications via api are blocked).

func (*InMemoryService) Add ¶

func (service *InMemoryService) Add(username, password string) error

Add a user with password. Return nil on success.

func (*InMemoryService) Authenticate ¶

func (service *InMemoryService) Authenticate(username, password string) error

Authenticate checks if a username is present and the password matches. Returns nil on success.

func (*InMemoryService) Commit ¶

func (service *InMemoryService) Commit()

Commit newly loaded data as the authoritative data.

func (*InMemoryService) Delete ¶

func (service *InMemoryService) Delete(username string) error

Delete a user, return nil on success.

func (*InMemoryService) GetCost ¶

func (service *InMemoryService) GetCost() int

GetCost returns the current target bcrypt cost of the system.

func (*InMemoryService) Kill ¶

func (service *InMemoryService) Kill()

Kill the authentication service.

func (*InMemoryService) List ¶

func (service *InMemoryService) List() []Entry

List all entries of the service. There is no defined order.

func (*InMemoryService) Load ¶

func (service *InMemoryService) Load(username string, passwordHash []byte) error

Load a user with a password hash. It requires a transaction started with StartLoad which needs to be committed with Commit.

func (*InMemoryService) Modify ¶

func (service *InMemoryService) Modify(username, password string) error

Modify a user to use a new password. Return nil on success.

func (*InMemoryService) Rollback ¶

func (service *InMemoryService) Rollback()

Rollback current load transaction, if there is any.

func (*InMemoryService) SetCost ¶

func (service *InMemoryService) SetCost(cost int)

SetCost updates the bcrypt cost that is required.

func (*InMemoryService) Shutdown ¶

func (service *InMemoryService) Shutdown()

Shutdown the authentication service, updating the backend.

func (*InMemoryService) StartLoad ¶

func (service *InMemoryService) StartLoad()

StartLoad starts a new loading transaction. Only one loading transaction can exist at any time. If the loading transaction times out before the Commit() call, loaded data is lost. During a load transactions all modifying calls will be delayed, while Authentication calls operate on the old data. Calling StartLoad silently rolls back any previous uncommitted load transaction!

func (*InMemoryService) Sync ¶

func (service *InMemoryService) Sync()

Sync the backend.

func (*InMemoryService) Update ¶

func (service *InMemoryService) Update()

Update triggers the authentication service to request a reload from the backend storage.

func (*InMemoryService) VerifyModify ¶

func (service *InMemoryService) VerifyModify(username, oldpassword, newpassword string) error

VerifyModify modifies the password of a user only after verifying that the old password is correct.

type WorkPool ¶

type WorkPool struct {
	// contains filtered or unexported fields
}

WorkPool implements a bounded worker pool.

func NewWorkPool ¶

func NewWorkPool(maxworkers int) *WorkPool

NewWorkPool creates a new worker pool with maxworkers workers.

func (*WorkPool) Dispatch ¶

func (wp *WorkPool) Dispatch(job func()) (res bool)

Dispatch a job to the workPool. It will block when no workers are available. It returns true after successful dispatch, or false if the workpool is unavailable.

func (*WorkPool) Shutdown ¶

func (wp *WorkPool) Shutdown()

Shutdown the workpool.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
cmd
bcryptfile

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL