-
Notifications
You must be signed in to change notification settings - Fork 5
/
users.go
112 lines (98 loc) · 2.74 KB
/
users.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
package users
import (
"crypto/md5"
"fmt"
"strings"
"time"
"golang.org/x/crypto/ssh"
)
type Role string
type Roles []Role
const (
RoleUser Role = "USER"
RoleManager = "MANAGER"
)
var (
UserRoles = []Role{RoleUser}
ManagerRoles = []Role{RoleUser, RoleManager}
)
type User struct {
Id string `json:"id"`
Name string `json:"name"`
Keys []Key `json:"keys"`
Roles Roles `json:"roles"`
Aliases []string `json:"aliases"`
Use2FA bool `json:"use2fa"`
AutologinAfter2FA int `json:"autologinafter2FA"`
Allowance *Allowance `json:"allowance,omitempty"`
IdToken string `json:"idtoken"`
}
type Key struct {
Id string `json:"id"`
Value string `json:"value"`
Fingerprint string `json:"fingerprint"`
}
type Allowance struct {
GrantedBy string `json:"grantedBy"`
Uid string `json:"uid"`
Until time.Time `json:"until"`
}
type Users interface {
Create(network, id, name string, rolzs Roles) (*User, error)
AddAlias(id, network, alias string) (*User, error)
NewIdToken(uid string) (*User, error)
ByIdToken(idtok string) (*User, error)
RemoveAlias(id, network, alias string) (*User, error)
GetAll() ([]User, error)
Get(id string) (*User, error)
AddKey(uid, kid string, pubkey string, fp string) (*Key, error)
RemoveKey(uid, kid string) (*Key, error)
Update(uid, username string, rolz Roles) (*User, error)
Permit(a Allowance, ttlSecs uint64) error
Delete(uid string) (*User, error)
GetByKey(pubkey string) (*User, *Key, error)
Create2FAToken(domain, uid string) (string, error)
SetAutologinAfter2FA(uid string, duration int) (*User, error)
Use2FAToken(uid string, use bool) error
CheckToken(uid, token string) error
CheckAndAllowToken(uid, token string, maxAllowance int) error
Close() error
}
func (rlz Roles) String() string {
sr := make([]string, len(rlz))
for i, r := range rlz {
sr[i] = string(r)
}
return strings.Join(sr, ",")
}
func (rlz Roles) Has(r Role) bool {
for _, rl := range rlz {
if rl == r {
return true
}
}
return false
}
func Fingerprint(k ssh.PublicKey) string {
hash := md5.Sum(k.Marshal())
return strings.Replace(fmt.Sprintf("% x", hash), " ", ":", -1)
}
func ParseKey(pubkey string) (*Key, error) {
pk, c, _, _, err := ssh.ParseAuthorizedKey([]byte(pubkey))
if err != nil {
return nil, err
}
fp := Fingerprint(pk)
k := Key{Id: c, Value: strings.TrimSpace(string(ssh.MarshalAuthorizedKey(pk))), Fingerprint: fp}
return &k, nil
}
func AsKey(usrs Users, uid, kid, pubkey string) (*Key, error) {
k, err := ParseKey(pubkey)
if err != nil {
return nil, err
}
if kid != "" {
k.Id = kid
}
return usrs.AddKey(uid, k.Id, k.Value, k.Fingerprint)
}