-
Notifications
You must be signed in to change notification settings - Fork 62
/
auth.go
133 lines (113 loc) · 3.86 KB
/
auth.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
// SPDX-License-Identifier: AGPL-3.0-only
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published
// by the Free Software Foundation, version 3.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
// See the GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <https://www.gnu.org/licenses/>
package domain
import (
"context"
"time"
"github.com/bangumi/server/internal/model"
"github.com/bangumi/server/internal/pkg/gtime"
)
// AuthRepo presents an authorization.
type AuthRepo interface {
// GetByToken return an authorized user by a valid access token.
GetByToken(ctx context.Context, token string) (AuthUserInfo, error)
GetPermission(ctx context.Context, groupID uint8) (Permission, error)
CreateAccessToken(
ctx context.Context, userID model.UserID, name string, expiration time.Duration,
) (token string, err error)
ListAccessToken(ctx context.Context, userID model.UserID) ([]AccessToken, error)
DeleteAccessToken(ctx context.Context, tokenID uint32) (bool, error)
// GetByEmail return (Auth, HashedPassword, error)
GetByEmail(ctx context.Context, email string) (AuthUserInfo, []byte, error)
GetTokenByID(ctx context.Context, id uint32) (AccessToken, error)
}
type AuthUserInfo struct {
RegTime time.Time
ID model.UserID
GroupID model.UserGroupID
}
// Auth is the basic authorization represent a user.
type Auth struct {
RegTime time.Time
ID model.UserID // user id
GroupID model.UserGroupID
Permission Permission `json:"-"` // disable cache for this field.
}
const nsfwThreshold = gtime.OneDay * 60
// AllowNSFW return if current user is allowed to see NSFW resource.
func (u Auth) AllowNSFW() bool {
return u.RegisteredLongerThan(nsfwThreshold)
}
func (u Auth) RegisteredLongerThan(t time.Duration) bool {
if u.ID == 0 {
return false
}
return time.Since(u.RegTime) >= t
}
type AuthService interface {
GetByToken(ctx context.Context, token string) (Auth, error)
GetByID(ctx context.Context, userID model.UserID) (Auth, error)
ComparePassword(hashed []byte, password string) (bool, error)
Login(ctx context.Context, email, password string) (Auth, bool, error)
GetTokenByID(ctx context.Context, tokenID uint32) (AccessToken, error)
CreateAccessToken(
ctx context.Context, userID model.UserID, name string, expiration time.Duration,
) (token string, err error)
ListAccessToken(ctx context.Context, userID model.UserID) ([]AccessToken, error)
DeleteAccessToken(ctx context.Context, tokenID uint32) (bool, error)
// GetPermission(ctx context.Context, id model.UserGroupID) (Permission, error)
}
type AccessToken struct {
ExpiredAt time.Time
CreatedAt time.Time
Name string
ClientID string
ID uint32
UserID model.UserID
}
type Permission struct {
UserList bool
ManageUserGroup bool
ManageUserPhoto bool
ManageTopicState bool
ManageReport bool
UserBan bool
ManageUser bool
UserGroup bool
UserWikiApply bool `doc:"申请 wiki 人"`
UserWikiApprove bool
DoujinSubjectErase bool
DoujinSubjectLock bool
SubjectEdit bool
SubjectLock bool
SubjectRefresh bool
SubjectRelated bool
SubjectMerge bool
SubjectErase bool
SubjectCoverLock bool
SubjectCoverErase bool
MonoEdit bool
MonoLock bool
MonoMerge bool
MonoErase bool
BanPost bool
EpEdit bool
EpMove bool
EpMerge bool
EpLock bool
EpErase bool
Report bool
ManageApp bool
AppErase bool
}