forked from grafana/grafana
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathauth.go
86 lines (71 loc) · 2.32 KB
/
auth.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
package auth
import (
"context"
"errors"
"fmt"
"net"
"github.com/grafana/grafana/pkg/models/usertoken"
"github.com/grafana/grafana/pkg/registry"
"github.com/grafana/grafana/pkg/services/auth/jwt"
"github.com/grafana/grafana/pkg/services/quota"
"github.com/grafana/grafana/pkg/services/user"
)
const (
QuotaTargetSrv quota.TargetSrv = "auth"
QuotaTarget quota.Target = "session"
)
// Typed errors
var (
ErrUserTokenNotFound = errors.New("user token not found")
ErrInvalidSessionToken = usertoken.ErrInvalidSessionToken
)
type (
TokenRevokedError = usertoken.TokenRevokedError
UserToken = usertoken.UserToken
)
// CreateTokenErr represents a token creation error; used in Enterprise
type CreateTokenErr struct {
StatusCode int
InternalErr error
ExternalErr string
}
func (e *CreateTokenErr) Error() string {
if e.InternalErr != nil {
return e.InternalErr.Error()
}
return "failed to create token"
}
type TokenExpiredError struct {
UserID int64
TokenID int64
}
func (e *TokenExpiredError) Unwrap() error { return ErrInvalidSessionToken }
func (e *TokenExpiredError) Error() string {
return fmt.Sprintf("%s: user token expired", ErrInvalidSessionToken)
}
type RevokeAuthTokenCmd struct {
AuthTokenId int64 `json:"authTokenId"`
}
type RotateCommand struct {
// token is the un-hashed token
UnHashedToken string
IP net.IP
UserAgent string
}
// UserTokenService are used for generating and validating user tokens
type UserTokenService interface {
CreateToken(ctx context.Context, user *user.User, clientIP net.IP, userAgent string) (*UserToken, error)
LookupToken(ctx context.Context, unhashedToken string) (*UserToken, error)
// RotateToken will always rotate a valid token
RotateToken(ctx context.Context, cmd RotateCommand) (*UserToken, error)
RevokeToken(ctx context.Context, token *UserToken, soft bool) error
RevokeAllUserTokens(ctx context.Context, userID int64) error
GetUserToken(ctx context.Context, userID, userTokenID int64) (*UserToken, error)
GetUserTokens(ctx context.Context, userID int64) ([]*UserToken, error)
ActiveTokenCount(ctx context.Context, userID *int64) (int64, error)
GetUserRevokedTokens(ctx context.Context, userID int64) ([]*UserToken, error)
}
type UserTokenBackgroundService interface {
registry.BackgroundService
}
type JWTVerifierService = jwt.JWTService