Baguette
/
authd
3
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
authd/src/authd.cr

443 lines
9.0 KiB
Crystal
Raw Normal View History

Grooming.
2019-11-22 18:14:52 +01:00
require "json"
Authd library added to provide an auto-check middleware.
2018-09-22 21:25:03 +02:00
require "jwt"
Finished conversion to a libIPC-based microservice.
2018-11-12 18:51:21 +01:00
require "ipc"
User -> AuthD::User, authd_user : AuthD::User
2018-09-22 21:42:21 +02:00
Finished conversion to a libIPC-based microservice.
2018-11-12 18:51:21 +01:00
require "./user.cr"
Authd library added to provide an auto-check middleware.
2018-09-22 21:25:03 +02:00
Major update that includes various breaking changes. - backend is now a DODB::DataBase, not a passwd and group file anymore. - extras have been removed. A WIP User#profile field exists, that can be a JSON::Any. No profile validation has been implemented as of this commit. - authd now provides permission over resources, which is more precise than checking whether a user is part of a group. - permissions are now checked through authd once again: tokens don’t hold permissions anymore. - tokens are now minimal authentication “keys” to prove who you are and nothing more.
2019-12-15 23:38:49 +01:00
class AuthD::Exception < Exception
end
Overhauled response types.
2019-11-22 22:55:12 +01:00
class AuthD::Response
include JSON::Serializable
annotation MessageType
end
class_getter type = -1
Grooming.
2019-11-22 23:13:34 +01:00
def type
@@type
end
Overhauled response types.
2019-11-22 22:55:12 +01:00
macro inherited
def self.type
::AuthD::Response::Type::{{ @type.name.split("::").last.id }}
end
end
macro initialize(*properties)
def initialize(
{% for value in properties %}
@{{value.id}}{% if value != properties.last %},{% end %}
{% end %}
)
end
def type
Type::{{ @type.name.split("::").last.id }}
end
end
class Error < Response
property reason : String?
initialize :reason
end
class Token < Response
property token : String
initialize :token
end
class User < Response
Major update that includes various breaking changes. - backend is now a DODB::DataBase, not a passwd and group file anymore. - extras have been removed. A WIP User#profile field exists, that can be a JSON::Any. No profile validation has been implemented as of this commit. - authd now provides permission over resources, which is more precise than checking whether a user is part of a group. - permissions are now checked through authd once again: tokens don’t hold permissions anymore. - tokens are now minimal authentication “keys” to prove who you are and nothing more.
2019-12-15 23:38:49 +01:00
property user : ::AuthD::User::Public
Overhauled response types.
2019-11-22 22:55:12 +01:00
initialize :user
end
class UserAdded < Response
Major update that includes various breaking changes. - backend is now a DODB::DataBase, not a passwd and group file anymore. - extras have been removed. A WIP User#profile field exists, that can be a JSON::Any. No profile validation has been implemented as of this commit. - authd now provides permission over resources, which is more precise than checking whether a user is part of a group. - permissions are now checked through authd once again: tokens don’t hold permissions anymore. - tokens are now minimal authentication “keys” to prove who you are and nothing more.
2019-12-15 23:38:49 +01:00
property user : ::AuthD::User::Public
Overhauled response types.
2019-11-22 22:55:12 +01:00
initialize :user
end
class UserEdited < Response
property uid : Int32
initialize :uid
end
Major update that includes various breaking changes. - backend is now a DODB::DataBase, not a passwd and group file anymore. - extras have been removed. A WIP User#profile field exists, that can be a JSON::Any. No profile validation has been implemented as of this commit. - authd now provides permission over resources, which is more precise than checking whether a user is part of a group. - permissions are now checked through authd once again: tokens don’t hold permissions anymore. - tokens are now minimal authentication “keys” to prove who you are and nothing more.
2019-12-15 23:38:49 +01:00
class UsersList < Response
property users : Array(::AuthD::User::Public)
GetExtra, SetExtra, and matching LS updates.
2019-12-07 21:09:17 +01:00
Major update that includes various breaking changes. - backend is now a DODB::DataBase, not a passwd and group file anymore. - extras have been removed. A WIP User#profile field exists, that can be a JSON::Any. No profile validation has been implemented as of this commit. - authd now provides permission over resources, which is more precise than checking whether a user is part of a group. - permissions are now checked through authd once again: tokens don’t hold permissions anymore. - tokens are now minimal authentication “keys” to prove who you are and nothing more.
2019-12-15 23:38:49 +01:00
initialize :users
GetExtra, SetExtra, and matching LS updates.
2019-12-07 21:09:17 +01:00
end
Major update that includes various breaking changes. - backend is now a DODB::DataBase, not a passwd and group file anymore. - extras have been removed. A WIP User#profile field exists, that can be a JSON::Any. No profile validation has been implemented as of this commit. - authd now provides permission over resources, which is more precise than checking whether a user is part of a group. - permissions are now checked through authd once again: tokens don’t hold permissions anymore. - tokens are now minimal authentication “keys” to prove who you are and nothing more.
2019-12-15 23:38:49 +01:00
class PermissionCheck < Response
property user : Int32
property service : String
property resource : String
property permission : ::AuthD::User::PermissionLevel
GetExtra, SetExtra, and matching LS updates.
2019-12-07 21:09:17 +01:00
Major update that includes various breaking changes. - backend is now a DODB::DataBase, not a passwd and group file anymore. - extras have been removed. A WIP User#profile field exists, that can be a JSON::Any. No profile validation has been implemented as of this commit. - authd now provides permission over resources, which is more precise than checking whether a user is part of a group. - permissions are now checked through authd once again: tokens don’t hold permissions anymore. - tokens are now minimal authentication “keys” to prove who you are and nothing more.
2019-12-15 23:38:49 +01:00
initialize :service, :resource, :user, :permission
GetExtra, SetExtra, and matching LS updates.
2019-12-07 21:09:17 +01:00
end
Major update that includes various breaking changes. - backend is now a DODB::DataBase, not a passwd and group file anymore. - extras have been removed. A WIP User#profile field exists, that can be a JSON::Any. No profile validation has been implemented as of this commit. - authd now provides permission over resources, which is more precise than checking whether a user is part of a group. - permissions are now checked through authd once again: tokens don’t hold permissions anymore. - tokens are now minimal authentication “keys” to prove who you are and nothing more.
2019-12-15 23:38:49 +01:00
class PermissionSet < Response
property user : Int32
property service : String
property resource : String
property permission : ::AuthD::User::PermissionLevel
WIP for an administration panel.
2019-12-09 21:57:38 +01:00
Major update that includes various breaking changes. - backend is now a DODB::DataBase, not a passwd and group file anymore. - extras have been removed. A WIP User#profile field exists, that can be a JSON::Any. No profile validation has been implemented as of this commit. - authd now provides permission over resources, which is more precise than checking whether a user is part of a group. - permissions are now checked through authd once again: tokens don’t hold permissions anymore. - tokens are now minimal authentication “keys” to prove who you are and nothing more.
2019-12-15 23:38:49 +01:00
initialize :user, :service, :resource, :permission
WIP for an administration panel.
2019-12-09 21:57:38 +01:00
end
Overhauled response types.
2019-11-22 22:55:12 +01:00
# This creates a Request::Type enumeration. One entry for each request type.
{% begin %}
Grooming.
2019-11-22 17:31:56 +01:00
enum Type
Overhauled response types.
2019-11-22 22:55:12 +01:00
{% for ivar in @type.subclasses %}
{% klass = ivar.name %}
{% name = ivar.name.split("::").last.id %}
{% a = ivar.annotation(MessageType) %}
{% if a %}
{% value = a[0] %}
{{ name }} = {{ value }}
{% else %}
{{ name }}
{% end %}
{% end %}
Grooming.
2019-11-22 17:31:56 +01:00
end
Overhauled response types.
2019-11-22 22:55:12 +01:00
{% end %}
# This is an array of all requests types.
{% begin %}
class_getter requests = [
{% for ivar in @type.subclasses %}
{% klass = ivar.name %}
{{klass}},
{% end %}
]
{% end %}
Grooming.
2019-11-23 01:08:05 +01:00
def self.from_ipc(message : IPC::Message) : Response?
Overhauled response types.
2019-11-22 22:55:12 +01:00
payload = String.new message.payload
type = Type.new message.type.to_i
Grooming.
2019-11-23 01:08:05 +01:00
requests.find(&.type.==(type)).try &.from_json(payload)
rescue e : JSON::ParseException
raise Exception.new "malformed request"
Overhauled response types.
2019-11-22 22:55:12 +01:00
end
end
class IPC::Connection
def send(response : AuthD::Response)
send response.type.to_u8, response.to_json
Finished conversion to a libIPC-based microservice.
2018-11-12 18:51:21 +01:00
end
Grooming.
2019-11-22 18:14:52 +01:00
end
Authd library added to provide an auto-check middleware.
2018-09-22 21:25:03 +02:00
Grooming.
2019-11-22 18:14:52 +01:00
class AuthD::Request
include JSON::Serializable
Authd library added to provide an auto-check middleware.
2018-09-22 21:25:03 +02:00
Grooming.
2019-11-22 18:14:52 +01:00
annotation MessageType
end
Authd library added to provide an auto-check middleware.
2018-09-22 21:25:03 +02:00
Grooming.
2019-11-22 18:14:52 +01:00
class_getter type = -1
macro inherited
def self.type
::AuthD::Request::Type::{{ @type.name.split("::").last.id }}
Grooming.
2019-11-22 17:31:56 +01:00
end
Grooming.
2019-11-22 18:14:52 +01:00
end
WIP registration.
2018-12-19 13:54:19 +01:00
Grooming.
2019-11-22 18:14:52 +01:00
macro initialize(*properties)
def initialize(
{% for value in properties %}
@{{value.id}}{% if value != properties.last %},{% end %}
{% end %}
)
Grooming.
2019-11-22 17:31:56 +01:00
end
GetUser requests.
2019-01-07 17:04:20 +01:00
Grooming.
2019-11-22 18:14:52 +01:00
def type
Type::{{ @type.name.split("::").last.id }}
Grooming.
2019-11-22 17:31:56 +01:00
end
Grooming.
2019-11-22 18:14:52 +01:00
end
class GetToken < Request
property login : String
property password : String
initialize :login, :password
end
class AddUser < Request
# Only clients that have the right shared key will be allowed
# to create users.
property shared_key : String
property login : String
property password : String
Major update that includes various breaking changes. - backend is now a DODB::DataBase, not a passwd and group file anymore. - extras have been removed. A WIP User#profile field exists, that can be a JSON::Any. No profile validation has been implemented as of this commit. - authd now provides permission over resources, which is more precise than checking whether a user is part of a group. - permissions are now checked through authd once again: tokens don’t hold permissions anymore. - tokens are now minimal authentication “keys” to prove who you are and nothing more.
2019-12-15 23:38:49 +01:00
property profile : JSON::Any?
Grooming.
2019-11-22 18:14:52 +01:00
Major update that includes various breaking changes. - backend is now a DODB::DataBase, not a passwd and group file anymore. - extras have been removed. A WIP User#profile field exists, that can be a JSON::Any. No profile validation has been implemented as of this commit. - authd now provides permission over resources, which is more precise than checking whether a user is part of a group. - permissions are now checked through authd once again: tokens don’t hold permissions anymore. - tokens are now minimal authentication “keys” to prove who you are and nothing more.
2019-12-15 23:38:49 +01:00
initialize :shared_key, :login, :password, :profile
Grooming.
2019-11-22 18:14:52 +01:00
end
class GetUser < Request
Major update that includes various breaking changes. - backend is now a DODB::DataBase, not a passwd and group file anymore. - extras have been removed. A WIP User#profile field exists, that can be a JSON::Any. No profile validation has been implemented as of this commit. - authd now provides permission over resources, which is more precise than checking whether a user is part of a group. - permissions are now checked through authd once again: tokens don’t hold permissions anymore. - tokens are now minimal authentication “keys” to prove who you are and nothing more.
2019-12-15 23:38:49 +01:00
property user : Int32 | String
Grooming.
2019-11-22 18:14:52 +01:00
Major update that includes various breaking changes. - backend is now a DODB::DataBase, not a passwd and group file anymore. - extras have been removed. A WIP User#profile field exists, that can be a JSON::Any. No profile validation has been implemented as of this commit. - authd now provides permission over resources, which is more precise than checking whether a user is part of a group. - permissions are now checked through authd once again: tokens don’t hold permissions anymore. - tokens are now minimal authentication “keys” to prove who you are and nothing more.
2019-12-15 23:38:49 +01:00
initialize :user
Grooming.
2019-11-22 18:14:52 +01:00
end
AuthD::Client#get_user?(login, password) added.
2019-02-16 22:06:56 +01:00
Grooming.
2019-11-22 18:14:52 +01:00
class GetUserByCredentials < Request
property login : String
property password : String
Imposed authentication on a few requests.
2019-10-10 20:58:44 +02:00
Grooming.
2019-11-22 18:14:52 +01:00
initialize :login, :password
end
class ModUser < Request
property shared_key : String
property uid : Int32
property password : String?
property avatar : String?
initialize :shared_key, :uid
end
Registration requests if started with -R.
2019-12-07 00:53:31 +01:00
class Request::Register < Request
property login : String
property password : String
Major update that includes various breaking changes. - backend is now a DODB::DataBase, not a passwd and group file anymore. - extras have been removed. A WIP User#profile field exists, that can be a JSON::Any. No profile validation has been implemented as of this commit. - authd now provides permission over resources, which is more precise than checking whether a user is part of a group. - permissions are now checked through authd once again: tokens don’t hold permissions anymore. - tokens are now minimal authentication “keys” to prove who you are and nothing more.
2019-12-15 23:38:49 +01:00
property profile : JSON::Any?
Registration requests if started with -R.
2019-12-07 00:53:31 +01:00
Major update that includes various breaking changes. - backend is now a DODB::DataBase, not a passwd and group file anymore. - extras have been removed. A WIP User#profile field exists, that can be a JSON::Any. No profile validation has been implemented as of this commit. - authd now provides permission over resources, which is more precise than checking whether a user is part of a group. - permissions are now checked through authd once again: tokens don’t hold permissions anymore. - tokens are now minimal authentication “keys” to prove who you are and nothing more.
2019-12-15 23:38:49 +01:00
initialize :login, :password, :profile
GetExtra, SetExtra, and matching LS updates.
2019-12-07 21:09:17 +01:00
end
Password updates and matching LS updates.
2019-12-07 23:57:40 +01:00
class Request::UpdatePassword < Request
property login : String
property old_password : String
property new_password : String
end
WIP for an administration panel.
2019-12-09 21:57:38 +01:00
class Request::ListUsers < Request
property token : String?
property key : String?
end
Major update that includes various breaking changes. - backend is now a DODB::DataBase, not a passwd and group file anymore. - extras have been removed. A WIP User#profile field exists, that can be a JSON::Any. No profile validation has been implemented as of this commit. - authd now provides permission over resources, which is more precise than checking whether a user is part of a group. - permissions are now checked through authd once again: tokens don’t hold permissions anymore. - tokens are now minimal authentication “keys” to prove who you are and nothing more.
2019-12-15 23:38:49 +01:00
class CheckPermission < Request
property shared_key : String
# FIXME: Make it Int32 | String
property user : Int32
property service : String
property resource : String
initialize :shared_key, :user, :service, :resource
end
class SetPermission < Request
property shared_key : String
# FIXME: Make it Int32 | String
property user : Int32
property service : String
property resource : String
property permission : ::AuthD::User::PermissionLevel
initialize :shared_key, :user, :service, :resource, :permission
end
Grooming.
2019-11-22 18:14:52 +01:00
# This creates a Request::Type enumeration. One entry for each request type.
{% begin %}
enum Type
{% for ivar in @type.subclasses %}
{% klass = ivar.name %}
{% name = ivar.name.split("::").last.id %}
{% a = ivar.annotation(MessageType) %}
{% if a %}
{% value = a[0] %}
{{ name }} = {{ value }}
{% else %}
{{ name }}
{% end %}
{% end %}
Grooming.
2019-11-22 17:31:56 +01:00
end
Grooming.
2019-11-22 18:14:52 +01:00
{% end %}
# This is an array of all requests types.
{% begin %}
class_getter requests = [
{% for ivar in @type.subclasses %}
{% klass = ivar.name %}
{{klass}},
{% end %}
]
{% end %}
Grooming.
2019-11-23 01:08:05 +01:00
def self.from_ipc(message : IPC::Message) : Request?
Grooming.
2019-11-22 18:14:52 +01:00
payload = String.new message.payload
type = Type.new message.type.to_i
Grooming.
2019-11-23 01:08:05 +01:00
requests.find(&.type.==(type)).try &.from_json(payload)
rescue e : JSON::ParseException
raise Exception.new "malformed request"
ModUser request.
2019-05-29 16:06:11 +02:00
end
Grooming.
2019-11-22 18:14:52 +01:00
end
class IPC::Connection
def send(request : AuthD::Request)
send request.type.to_u8, request.to_json
end
end
ModUser request.
2019-05-29 16:06:11 +02:00
Grooming.
2019-11-22 18:14:52 +01:00
module AuthD
Updates for new libipc APIs.
2019-06-05 22:30:29 +02:00
class Client < IPC::Connection
Finished conversion to a libIPC-based microservice.
2018-11-12 18:51:21 +01:00
property key : String
def initialize
@key = ""
initialize "auth"
Authd library added to provide an auto-check middleware.
2018-09-22 21:25:03 +02:00
end
IPC.cr API updates.
2019-06-06 01:16:52 +02:00
def get_token?(login : String, password : String) : String?
Grooming.
2019-11-22 18:14:52 +01:00
send Request::GetToken.new login, password
Finished conversion to a libIPC-based microservice.
2018-11-12 18:51:21 +01:00
Overhauled response types.
2019-11-22 22:55:12 +01:00
response = Response.from_ipc read
Finished conversion to a libIPC-based microservice.
2018-11-12 18:51:21 +01:00
Overhauled response types.
2019-11-22 22:55:12 +01:00
if response.is_a?(Response::Token)
response.token
Finished conversion to a libIPC-based microservice.
2018-11-12 18:51:21 +01:00
else
nil
Authd library added to provide an auto-check middleware.
2018-09-22 21:25:03 +02:00
end
end
Fixes an error client.
2019-12-19 03:58:00 +01:00
def get_user?(login : String, password : String) : AuthD::User::Public?
Grooming.
2019-11-22 18:14:52 +01:00
send Request::GetUserByCredentials.new login, password
AuthD::Client#get_user?(login, password) added.
2019-02-16 22:06:56 +01:00
Overhauled response types.
2019-11-22 22:55:12 +01:00
response = Response.from_ipc read
AuthD::Client#get_user?(login, password) added.
2019-02-16 22:06:56 +01:00
Overhauled response types.
2019-11-22 22:55:12 +01:00
if response.is_a? Response::User
response.user
AuthD::Client#get_user?(login, password) added.
2019-02-16 22:06:56 +01:00
else
nil
end
end
Major update that includes various breaking changes. - backend is now a DODB::DataBase, not a passwd and group file anymore. - extras have been removed. A WIP User#profile field exists, that can be a JSON::Any. No profile validation has been implemented as of this commit. - authd now provides permission over resources, which is more precise than checking whether a user is part of a group. - permissions are now checked through authd once again: tokens don’t hold permissions anymore. - tokens are now minimal authentication “keys” to prove who you are and nothing more.
2019-12-15 23:38:49 +01:00
def get_user?(uid_or_login : Int32 | String) : ::AuthD::User::Public?
send Request::GetUser.new uid_or_login
GetUser requests.
2019-01-07 17:04:20 +01:00
Major update that includes various breaking changes. - backend is now a DODB::DataBase, not a passwd and group file anymore. - extras have been removed. A WIP User#profile field exists, that can be a JSON::Any. No profile validation has been implemented as of this commit. - authd now provides permission over resources, which is more precise than checking whether a user is part of a group. - permissions are now checked through authd once again: tokens don’t hold permissions anymore. - tokens are now minimal authentication “keys” to prove who you are and nothing more.
2019-12-15 23:38:49 +01:00
response = Response.from_ipc read
GetUser requests.
2019-01-07 17:04:20 +01:00
Major update that includes various breaking changes. - backend is now a DODB::DataBase, not a passwd and group file anymore. - extras have been removed. A WIP User#profile field exists, that can be a JSON::Any. No profile validation has been implemented as of this commit. - authd now provides permission over resources, which is more precise than checking whether a user is part of a group. - permissions are now checked through authd once again: tokens don’t hold permissions anymore. - tokens are now minimal authentication “keys” to prove who you are and nothing more.
2019-12-15 23:38:49 +01:00
if response.is_a? Response::User
response.user
GetUser requests.
2019-01-07 17:04:20 +01:00
else
nil
end
end
Grooming.
2019-11-22 17:31:56 +01:00
def send(type : Request::Type, payload)
WIP registration.
2018-12-19 13:54:19 +01:00
send type.value.to_u8, payload
end
Finished conversion to a libIPC-based microservice.
2018-11-12 18:51:21 +01:00
def decode_token(token)
Update to new crystal-jwt APIs.
2019-06-28 18:20:34 +02:00
user, meta = JWT.decode token, @key, JWT::Algorithm::HS256
Finished conversion to a libIPC-based microservice.
2018-11-12 18:51:21 +01:00
Major update that includes various breaking changes. - backend is now a DODB::DataBase, not a passwd and group file anymore. - extras have been removed. A WIP User#profile field exists, that can be a JSON::Any. No profile validation has been implemented as of this commit. - authd now provides permission over resources, which is more precise than checking whether a user is part of a group. - permissions are now checked through authd once again: tokens don’t hold permissions anymore. - tokens are now minimal authentication “keys” to prove who you are and nothing more.
2019-12-15 23:38:49 +01:00
user = ::AuthD::User::Public.from_json user.to_json
Finished conversion to a libIPC-based microservice.
2018-11-12 18:51:21 +01:00
{user, meta}
end
WIP registration.
2018-12-19 13:54:19 +01:00
# FIXME: Extra options may be useful to implement here.
Major update that includes various breaking changes. - backend is now a DODB::DataBase, not a passwd and group file anymore. - extras have been removed. A WIP User#profile field exists, that can be a JSON::Any. No profile validation has been implemented as of this commit. - authd now provides permission over resources, which is more precise than checking whether a user is part of a group. - permissions are now checked through authd once again: tokens don’t hold permissions anymore. - tokens are now minimal authentication “keys” to prove who you are and nothing more.
2019-12-15 23:38:49 +01:00
def add_user(login : String, password : String, profile : JSON::Any?) : ::AuthD::User::Public | Exception
send Request::AddUser.new @key, login, password, profile
WIP registration.
2018-12-19 13:54:19 +01:00
Overhauled response types.
2019-11-22 22:55:12 +01:00
response = Response.from_ipc read
WIP registration.
2018-12-19 13:54:19 +01:00
Overhauled response types.
2019-11-22 22:55:12 +01:00
case response
when Response::UserAdded
response.user
when Response::Error
Major update that includes various breaking changes. - backend is now a DODB::DataBase, not a passwd and group file anymore. - extras have been removed. A WIP User#profile field exists, that can be a JSON::Any. No profile validation has been implemented as of this commit. - authd now provides permission over resources, which is more precise than checking whether a user is part of a group. - permissions are now checked through authd once again: tokens don’t hold permissions anymore. - tokens are now minimal authentication “keys” to prove who you are and nothing more.
2019-12-15 23:38:49 +01:00
raise Exception.new response.reason
WIP registration.
2018-12-19 13:54:19 +01:00
else
Overhauled response types.
2019-11-22 22:55:12 +01:00
# Should not happen in serialized connections, but…
# itll happen if you run several requests at once.
Exception.new
WIP registration.
2018-12-19 13:54:19 +01:00
end
end
ModUser request.
2019-05-29 16:06:11 +02:00
Major update that includes various breaking changes. - backend is now a DODB::DataBase, not a passwd and group file anymore. - extras have been removed. A WIP User#profile field exists, that can be a JSON::Any. No profile validation has been implemented as of this commit. - authd now provides permission over resources, which is more precise than checking whether a user is part of a group. - permissions are now checked through authd once again: tokens don’t hold permissions anymore. - tokens are now minimal authentication “keys” to prove who you are and nothing more.
2019-12-15 23:38:49 +01:00
def register(login : String, password : String, profile : JSON::Any?) : ::AuthD::User::Public?
send Request::Register.new login, password, profile
response = Response.from_ipc read
case response
when Response::UserAdded
when Response::Error
raise Exception.new response.reason
end
end
Avatar update through ModUserRequest.
2019-05-29 19:45:03 +02:00
def mod_user(uid : Int32, password : String? = nil, avatar : String? = nil) : Bool | Exception
Grooming.
2019-11-22 18:14:52 +01:00
request = Request::ModUser.new @key, uid
ModUser request.
2019-05-29 16:06:11 +02:00
Grooming.
2019-11-22 18:14:52 +01:00
request.password = password if password
request.avatar = avatar if avatar
Avatar update through ModUserRequest.
2019-05-29 19:45:03 +02:00
Grooming.
2019-11-22 18:14:52 +01:00
send request
ModUser request.
2019-05-29 16:06:11 +02:00
Overhauled response types.
2019-11-22 22:55:12 +01:00
response = Response.from_ipc read
ModUser request.
2019-05-29 16:06:11 +02:00
Overhauled response types.
2019-11-22 22:55:12 +01:00
case response
when Response::UserEdited
ModUser request.
2019-05-29 16:06:11 +02:00
true
Overhauled response types.
2019-11-22 22:55:12 +01:00
when Response::Error
Exception.new response.reason
ModUser request.
2019-05-29 16:06:11 +02:00
else
Overhauled response types.
2019-11-22 22:55:12 +01:00
Exception.new "???"
ModUser request.
2019-05-29 16:06:11 +02:00
end
end
Major update that includes various breaking changes. - backend is now a DODB::DataBase, not a passwd and group file anymore. - extras have been removed. A WIP User#profile field exists, that can be a JSON::Any. No profile validation has been implemented as of this commit. - authd now provides permission over resources, which is more precise than checking whether a user is part of a group. - permissions are now checked through authd once again: tokens don’t hold permissions anymore. - tokens are now minimal authentication “keys” to prove who you are and nothing more.
2019-12-15 23:38:49 +01:00
def check_permission(user : ::AuthD::User::Public, service_name : String, resource_name : String) : User::PermissionLevel
request = Request::CheckPermission.new @key, user.uid, service_name, resource_name
send request
response = Response.from_ipc read
case response
when Response::PermissionCheck
response.permission
when Response
raise Exception.new "unexpected response: #{response.type}"
else
raise Exception.new "unexpected response"
end
end
def set_permission(uid : Int32, service : String, resource : String, permission : User::PermissionLevel)
request = Request::SetPermission.new @key, uid, service, resource, permission
send request
response = Response.from_ipc read
case response
when Response::PermissionSet
true
when Response
raise Exception.new "unexpected response: #{response.type}"
else
raise Exception.new "unexpected response"
end
end
Authd library added to provide an auto-check middleware.
2018-09-22 21:25:03 +02:00
end
end