github.com/bitcubate/cryptojournal@v1.2.5-0.20171102134152-f578b3d788ab/src/app/auth.go (about)

     1  package app
     2  
     3  import (
     4  	"github.com/fragmenta/auth"
     5  	"github.com/fragmenta/auth/can"
     6  	"github.com/fragmenta/server/config"
     7  
     8  	"github.com/bitcubate/cryptojournal/src/comments"
     9  	"github.com/bitcubate/cryptojournal/src/stories"
    10  	"github.com/bitcubate/cryptojournal/src/users"
    11  )
    12  
    13  // SetupAuth sets up the auth pkg and authorisation for users
    14  func SetupAuth() {
    15  
    16  	// Set up the auth package with our secrets from config
    17  	auth.HMACKey = auth.HexToBytes(config.Get("hmac_key"))
    18  	auth.SecretKey = auth.HexToBytes(config.Get("secret_key"))
    19  	auth.SessionName = config.Get("session_name")
    20  
    21  	// Enable https cookies on production server - everyone should be on https
    22  	if config.Production() {
    23  		auth.SecureCookies = true
    24  	}
    25  
    26  	// Set up our authorisation for user roles on resources using can pkg
    27  
    28  	// Admins are allowed to manage all resources
    29  	can.Authorise(users.Admin, can.ManageResource, can.Anything)
    30  
    31  	// Readers may edit their user
    32  	can.AuthoriseOwner(users.Reader, can.UpdateResource, users.TableName)
    33  
    34  	// Readers may add comments and edit their own comments
    35  	can.Authorise(users.Reader, can.CreateResource, comments.TableName)
    36  	can.AuthoriseOwner(users.Reader, can.UpdateResource, comments.TableName)
    37  
    38  	// Readers may add stories and edit their own stories (up to time limit)
    39  	can.Authorise(users.Reader, can.CreateResource, stories.TableName)
    40  	can.AuthoriseOwner(users.Reader, can.UpdateResource, stories.TableName)
    41  
    42  	// Anon may create users
    43  	can.AuthoriseOwner(users.Anon, can.CreateResource, users.TableName)
    44  
    45  }