go.chromium.org/luci@v0.0.0-20240309015107-7cdc2e660f33/server/auth/authdb/devserver.go (about) 1 // Copyright 2019 The LUCI Authors. 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 package authdb 16 17 import ( 18 "context" 19 "errors" 20 "net" 21 22 "go.chromium.org/luci/auth/identity" 23 24 "go.chromium.org/luci/server/auth/realms" 25 "go.chromium.org/luci/server/auth/service/protocol" 26 "go.chromium.org/luci/server/auth/signing" 27 ) 28 29 var errNotImplementedInDev = errors.New("this feature is not available in development mode") 30 31 // DevServerDB implements authdb.DB by allowing everything. 32 // 33 // It is used locally during development or in local integration tests to skip 34 // fully configuring a real auth DB. It must not be used for real production 35 // applications. 36 // 37 // DevServerDB also hardcodes a single IP allowlist called "localhost" that 38 // matches any loopback IP address. It may be useful in local integration tests. 39 type DevServerDB struct{} 40 41 func (DevServerDB) IsAllowedOAuthClientID(ctx context.Context, email, clientID string) (bool, error) { 42 return true, nil 43 } 44 45 func (DevServerDB) IsInternalService(ctx context.Context, hostname string) (bool, error) { 46 return false, nil 47 } 48 49 func (DevServerDB) IsMember(ctx context.Context, id identity.Identity, groups []string) (bool, error) { 50 if len(groups) == 0 { 51 return false, nil 52 } 53 return id.Kind() != identity.Anonymous, nil 54 } 55 56 func (DevServerDB) CheckMembership(ctx context.Context, id identity.Identity, groups []string) ([]string, error) { 57 if id.Kind() == identity.Anonymous { 58 return nil, nil 59 } 60 return groups, nil 61 } 62 63 func (DevServerDB) HasPermission(ctx context.Context, id identity.Identity, perm realms.Permission, realm string, attrs realms.Attrs) (bool, error) { 64 return id.Kind() != identity.Anonymous, nil 65 } 66 67 func (DevServerDB) QueryRealms(ctx context.Context, id identity.Identity, perm realms.Permission, project string, attrs realms.Attrs) ([]string, error) { 68 return nil, errNotImplementedInDev 69 } 70 71 func (DevServerDB) FilterKnownGroups(ctx context.Context, groups []string) ([]string, error) { 72 return groups, nil 73 } 74 75 func (DevServerDB) GetCertificates(ctx context.Context, id identity.Identity) (*signing.PublicCertificates, error) { 76 return nil, errNotImplementedInDev 77 } 78 79 func (DevServerDB) GetAllowlistForIdentity(ctx context.Context, ident identity.Identity) (string, error) { 80 return "", nil 81 } 82 83 func (DevServerDB) IsAllowedIP(ctx context.Context, ip net.IP, allowlist string) (bool, error) { 84 if allowlist == "localhost" { 85 return ip.IsLoopback(), nil 86 } 87 return false, nil 88 } 89 90 func (DevServerDB) GetAuthServiceURL(ctx context.Context) (string, error) { 91 return "", errNotImplementedInDev 92 } 93 94 func (DevServerDB) GetTokenServiceURL(ctx context.Context) (string, error) { 95 return "", errNotImplementedInDev 96 } 97 98 func (DevServerDB) GetRealmData(ctx context.Context, realm string) (*protocol.RealmData, error) { 99 return &protocol.RealmData{}, nil 100 }