github.com/bitcubate/cryptojournal@v1.2.5-0.20171102134152-f578b3d788ab/src/app/auth.go (about) 1 package app 2 3 import ( 4 "github.com/fragmenta/auth" 5 "github.com/fragmenta/auth/can" 6 "github.com/fragmenta/server/config" 7 8 "github.com/bitcubate/cryptojournal/src/comments" 9 "github.com/bitcubate/cryptojournal/src/stories" 10 "github.com/bitcubate/cryptojournal/src/users" 11 ) 12 13 // SetupAuth sets up the auth pkg and authorisation for users 14 func SetupAuth() { 15 16 // Set up the auth package with our secrets from config 17 auth.HMACKey = auth.HexToBytes(config.Get("hmac_key")) 18 auth.SecretKey = auth.HexToBytes(config.Get("secret_key")) 19 auth.SessionName = config.Get("session_name") 20 21 // Enable https cookies on production server - everyone should be on https 22 if config.Production() { 23 auth.SecureCookies = true 24 } 25 26 // Set up our authorisation for user roles on resources using can pkg 27 28 // Admins are allowed to manage all resources 29 can.Authorise(users.Admin, can.ManageResource, can.Anything) 30 31 // Readers may edit their user 32 can.AuthoriseOwner(users.Reader, can.UpdateResource, users.TableName) 33 34 // Readers may add comments and edit their own comments 35 can.Authorise(users.Reader, can.CreateResource, comments.TableName) 36 can.AuthoriseOwner(users.Reader, can.UpdateResource, comments.TableName) 37 38 // Readers may add stories and edit their own stories (up to time limit) 39 can.Authorise(users.Reader, can.CreateResource, stories.TableName) 40 can.AuthoriseOwner(users.Reader, can.UpdateResource, stories.TableName) 41 42 // Anon may create users 43 can.AuthoriseOwner(users.Anon, can.CreateResource, users.TableName) 44 45 }