github.com/pavlo67/common@v0.5.3/common/auth/operator.go

github.com/pavlo67/common@v0.5.3/common/auth/operator.go (about)

     1  package auth
     2  
     3  import (
     4  	"github.com/pavlo67/common/common"
     5  	"github.com/pavlo67/common/common/rbac"
     6  )
     7  
     8  type ID common.IDStr
     9  
    10  type Identity struct {
    11  	ID       ID         `json:",omitempty" bson:"_id,omitempty"`
    12  	Nickname string     `json:",omitempty" bson:",omitempty"`
    13  	Roles    rbac.Roles `json:",omitempty" bson:",omitempty"`
    14  	// TODO!!! be careful, Identity couldn't contain any creds (even non-public)
    15  }
    16  
    17  type Operator interface {
    18  	// SetCreds sets user's own or temporary (session-generated) creds
    19  	SetCreds(actor Actor, toSet Creds) (*Creds, error)
    20  
    21  	// Authenticate can require to do .SetCredsByKey first and to usa some session-generated creds
    22  	Authenticate(toAuth Creds) (*Actor, error)
    23  }
    24  
    25  func (identity *Identity) HasRole(role ...rbac.Role) bool {
    26  	if identity == nil {
    27  		return false
    28  	}
    29  
    30  	return identity.Roles.Has(role...)
    31  }
    32  
    33  func IdentityWithRoles(roles ...rbac.Role) *Identity {
    34  	return &Identity{
    35  		Roles: roles,
    36  	}
    37  }
    38  
    39  //// to use with map[CredsType]identity.ActorKey  --------------------------------------------------------------------
    40  //
    41  //var ErrNoIdentityOp = errors.New("no identity.ActorKey")
    42  //
    43  //const onGetIdentity = "on GetIdentity()"
    44  //
    45  //func GetIdentity(creds Creds, ops []Operator, useOperatorAuth bool, errs errata.Errors) (*Identity, errata.Key, errata.Errors) {
    46  //	if len(creds) < 1 {
    47  //		return nil, errata.NoCredsKey, append(errs, ErrNoCreds)
    48  //	}
    49  //
    50  //	for _, op := range ops {
    51  //		identity, err := op.Authenticate(creds)
    52  //		if err != nil {
    53  //			errs = append(errs, fmt.Errorf(onGetIdentity+`: on identOp.Authenticate(%#v): %s`, creds, err))
    54  //		}
    55  //		if identity != nil {
    56  //			return identity, "", errs
    57  //		}
    58  //
    59  //		//realm := op.Realm()
    60  //		//if (useOperatorAuth && realm == OperatorRealmKey) || (!useOperatorAuth && realm != OperatorRealmKey) {
    61  //		//	identity, err := op.Authenticate(creds)
    62  //		//	if err != nil {
    63  //		//		errs = append(errs, fmt.Errorf(onGetIdentity+`: on identOp.Authenticate(%#v): %s`, creds, err))
    64  //		//	}
    65  //		//	if identity != nil {
    66  //		//		return identity, "", errs
    67  //		//	}
    68  //		//}
    69  //	}
    70  //
    71  //	return nil, errata.InvalidCredsKey, errs
    72  //}
    73  
    74  // callbacks can be used for partial implementations of identity.ActorKey (in their own interfaces)
    75  //
    76  // type Callback string
    77  //
    78  // const Confirm Callback = "confirm"
    79  // const SendCode Callback = "send_code"
    80  //
    81  // type ActorKey interface {
    82  //	// Create stores registration data and (as usual) sends confirmation code to user.
    83  //	Create(creds ...Creds) ([]Message, error)
    84  //
    85  //	AddCallback(key Callback, url string)
    86  // }
    87  
    88  //const Anyone common.ID = "_"
    89  
    90  //type Access struct {
    91  //	TargetID   Key     `bson:"target_id"             json:"target_id"`
    92  //	TargetNick string `bson:"target_nick,omitempty" json:"target_nick,omitempty"`
    93  //	Right      Right  `bson:"right,omitempty"       json:"right,omitempty"`
    94  //}