github.com/influxdata/influxdb/v2@v2.7.6/auth.go (about) 1 package influxdb 2 3 import ( 4 "context" 5 "fmt" 6 7 "github.com/influxdata/influxdb/v2/kit/platform" 8 "github.com/influxdata/influxdb/v2/kit/platform/errors" 9 ) 10 11 // AuthorizationKind is returned by (*Authorization).Kind(). 12 const AuthorizationKind = "authorization" 13 14 // ErrUnableToCreateToken sanitized error message for all errors when a user cannot create a token 15 var ErrUnableToCreateToken = &errors.Error{ 16 Msg: "unable to create token", 17 Code: errors.EInvalid, 18 } 19 20 // Authorization is an authorization. 🎉 21 type Authorization struct { 22 ID platform.ID `json:"id"` 23 Token string `json:"token"` 24 Status Status `json:"status"` 25 Description string `json:"description"` 26 OrgID platform.ID `json:"orgID"` 27 UserID platform.ID `json:"userID,omitempty"` 28 Permissions []Permission `json:"permissions"` 29 CRUDLog 30 } 31 32 // AuthorizationUpdate is the authorization update request. 33 type AuthorizationUpdate struct { 34 Status *Status `json:"status,omitempty"` 35 Description *string `json:"description,omitempty"` 36 } 37 38 // Valid ensures that the authorization is valid. 39 func (a *Authorization) Valid() error { 40 for _, p := range a.Permissions { 41 if p.Resource.OrgID != nil && *p.Resource.OrgID != a.OrgID { 42 return &errors.Error{ 43 Msg: fmt.Sprintf("permission %s is not for org id %s", p, a.OrgID), 44 Code: errors.EInvalid, 45 } 46 } 47 } 48 49 return nil 50 } 51 52 // PermissionSet returns the set of permissions associated with the Authorization. 53 func (a *Authorization) PermissionSet() (PermissionSet, error) { 54 if !a.IsActive() { 55 return nil, &errors.Error{ 56 Code: errors.EUnauthorized, 57 Msg: "token is inactive", 58 } 59 } 60 61 return a.Permissions, nil 62 } 63 64 // IsActive is a stub for idpe. 65 func IsActive(a *Authorization) bool { 66 return a.IsActive() 67 } 68 69 // IsActive returns true if the authorization active. 70 func (a *Authorization) IsActive() bool { 71 return a.Status == Active 72 } 73 74 // GetUserID returns the user id. 75 func (a *Authorization) GetUserID() platform.ID { 76 return a.UserID 77 } 78 79 // Kind returns session and is used for auditing. 80 func (a *Authorization) Kind() string { return AuthorizationKind } 81 82 // Identifier returns the authorizations ID and is used for auditing. 83 func (a *Authorization) Identifier() platform.ID { return a.ID } 84 85 // auth service op 86 const ( 87 OpFindAuthorizationByID = "FindAuthorizationByID" 88 OpFindAuthorizationByToken = "FindAuthorizationByToken" 89 OpFindAuthorizations = "FindAuthorizations" 90 OpCreateAuthorization = "CreateAuthorization" 91 OpUpdateAuthorization = "UpdateAuthorization" 92 OpDeleteAuthorization = "DeleteAuthorization" 93 ) 94 95 // AuthorizationService represents a service for managing authorization data. 96 type AuthorizationService interface { 97 // Returns a single authorization by ID. 98 FindAuthorizationByID(ctx context.Context, id platform.ID) (*Authorization, error) 99 100 // Returns a single authorization by Token. 101 FindAuthorizationByToken(ctx context.Context, t string) (*Authorization, error) 102 103 // Returns a list of authorizations that match filter and the total count of matching authorizations. 104 // Additional options provide pagination & sorting. 105 FindAuthorizations(ctx context.Context, filter AuthorizationFilter, opt ...FindOptions) ([]*Authorization, int, error) 106 107 // Creates a new authorization and sets a.Token and a.UserID with the new identifier. 108 CreateAuthorization(ctx context.Context, a *Authorization) error 109 110 // UpdateAuthorization updates the status and description if available. 111 UpdateAuthorization(ctx context.Context, id platform.ID, upd *AuthorizationUpdate) (*Authorization, error) 112 113 // Removes a authorization by token. 114 DeleteAuthorization(ctx context.Context, id platform.ID) error 115 } 116 117 // AuthorizationFilter represents a set of filter that restrict the returned results. 118 type AuthorizationFilter struct { 119 Token *string 120 ID *platform.ID 121 122 UserID *platform.ID 123 User *string 124 125 OrgID *platform.ID 126 Org *string 127 }