Documentation
¶
Index ¶
Constants ¶
const ( // Raw passwords should be 24 characters long DefaultPasswordLength = 24 // MinSaltSize a minimum salt size recommended by the RFC SaltSize = 64 // Iterations Iterations = 10000 )
const (
// All credential password prefixes
CredentialIDPrefix = "zeus"
)
const (
CredentialStoreStoragePrefix = "credentials"
)
Variables ¶
var (
CredentialDoesNotExistError = errors.New("credential does not exist")
)
var DefaultPasswordFactory = NewPasswordFactory()
DefaultPasswordFactory is the default password factory for zeus
Functions ¶
func GenerateRandomBytes ¶
GenerateRandomBytes returns securely generated random bytes. It will return an error if the system's secure random number generator fails to function correctly, in which case the caller should not continue.
func GenerateRandomString ¶
GenerateRandomString returns a securely generated random string. It will return an error if the system's secure random number generator fails to function correctly, in which case the caller should not continue.
func GenerateRandomStringURLSafe ¶
GenerateRandomStringURLSafe returns a URL-safe, base64 encoded securely generated random string. It will return an error if the system's secure random number generator fails to function correctly, in which case the caller should not continue.
Types ¶
type Credential ¶
type Credential struct {
// ID is the ID of the token. It behaves as a username, which is randomly generated
ID string `json:"id"`
// TenantID is the tenant which the credential belongs to.
TenantID string `json:"tenant_id"`
// Password is the HashedPassword used for authorizing traffic for
// the tenant's credential.
// Raw passwords should be 24 characters long and contain alphanumeric characters.
// Raw passwords are never stored, only the hash and salt are stored.
Password HashedPassword `json:"password"`
}
Credential represents a tenant's credential. It should contain the tenant's ID, username, and password. It can be used as a basic authentication token which can be used for most requests.
type CredentialStore ¶
type CredentialStore interface {
// GetCredential retrieves a credential from the store
GetCredential(ctx context.Context, id string) (*Credential, error)
// CacheCredential caches a credential in the store
CacheCredential(id string, cred *Credential)
}
func NewObjectCredentialStore ¶
func NewObjectCredentialStore(store storage.ObjectStore) (CredentialStore, error)
type HashedPassword ¶
type ObjectCredentialStore ¶
type ObjectCredentialStore struct {
// contains filtered or unexported fields
}
func (*ObjectCredentialStore) CacheCredential ¶
func (ocs *ObjectCredentialStore) CacheCredential(id string, cred *Credential)
func (*ObjectCredentialStore) GetCredential ¶
func (ocs *ObjectCredentialStore) GetCredential(ctx context.Context, id string) (*Credential, error)
type PasswordFactory ¶
func NewPasswordFactory ¶
func NewPasswordFactory() *PasswordFactory
func (*PasswordFactory) HashPassword ¶
func (p *PasswordFactory) HashPassword(password string) HashedPassword
func (*PasswordFactory) VerifyPassword ¶
func (p *PasswordFactory) VerifyPassword(password, cipherText, salt string) bool
Source Files