github.com/pavlo67/common@v0.5.3/common/auth/operator.go (about) 1 package auth 2 3 import ( 4 "github.com/pavlo67/common/common" 5 "github.com/pavlo67/common/common/rbac" 6 ) 7 8 type ID common.IDStr 9 10 type Identity struct { 11 ID ID `json:",omitempty" bson:"_id,omitempty"` 12 Nickname string `json:",omitempty" bson:",omitempty"` 13 Roles rbac.Roles `json:",omitempty" bson:",omitempty"` 14 // TODO!!! be careful, Identity couldn't contain any creds (even non-public) 15 } 16 17 type Operator interface { 18 // SetCreds sets user's own or temporary (session-generated) creds 19 SetCreds(actor Actor, toSet Creds) (*Creds, error) 20 21 // Authenticate can require to do .SetCredsByKey first and to usa some session-generated creds 22 Authenticate(toAuth Creds) (*Actor, error) 23 } 24 25 func (identity *Identity) HasRole(role ...rbac.Role) bool { 26 if identity == nil { 27 return false 28 } 29 30 return identity.Roles.Has(role...) 31 } 32 33 func IdentityWithRoles(roles ...rbac.Role) *Identity { 34 return &Identity{ 35 Roles: roles, 36 } 37 } 38 39 //// to use with map[CredsType]identity.ActorKey -------------------------------------------------------------------- 40 // 41 //var ErrNoIdentityOp = errors.New("no identity.ActorKey") 42 // 43 //const onGetIdentity = "on GetIdentity()" 44 // 45 //func GetIdentity(creds Creds, ops []Operator, useOperatorAuth bool, errs errata.Errors) (*Identity, errata.Key, errata.Errors) { 46 // if len(creds) < 1 { 47 // return nil, errata.NoCredsKey, append(errs, ErrNoCreds) 48 // } 49 // 50 // for _, op := range ops { 51 // identity, err := op.Authenticate(creds) 52 // if err != nil { 53 // errs = append(errs, fmt.Errorf(onGetIdentity+`: on identOp.Authenticate(%#v): %s`, creds, err)) 54 // } 55 // if identity != nil { 56 // return identity, "", errs 57 // } 58 // 59 // //realm := op.Realm() 60 // //if (useOperatorAuth && realm == OperatorRealmKey) || (!useOperatorAuth && realm != OperatorRealmKey) { 61 // // identity, err := op.Authenticate(creds) 62 // // if err != nil { 63 // // errs = append(errs, fmt.Errorf(onGetIdentity+`: on identOp.Authenticate(%#v): %s`, creds, err)) 64 // // } 65 // // if identity != nil { 66 // // return identity, "", errs 67 // // } 68 // //} 69 // } 70 // 71 // return nil, errata.InvalidCredsKey, errs 72 //} 73 74 // callbacks can be used for partial implementations of identity.ActorKey (in their own interfaces) 75 // 76 // type Callback string 77 // 78 // const Confirm Callback = "confirm" 79 // const SendCode Callback = "send_code" 80 // 81 // type ActorKey interface { 82 // // Create stores registration data and (as usual) sends confirmation code to user. 83 // Create(creds ...Creds) ([]Message, error) 84 // 85 // AddCallback(key Callback, url string) 86 // } 87 88 //const Anyone common.ID = "_" 89 90 //type Access struct { 91 // TargetID Key `bson:"target_id" json:"target_id"` 92 // TargetNick string `bson:"target_nick,omitempty" json:"target_nick,omitempty"` 93 // Right Right `bson:"right,omitempty" json:"right,omitempty"` 94 //}