lavender/auth/auth.go

104 lines
2.4 KiB
Go

package auth
import (
"context"
"errors"
"fmt"
"github.com/1f349/lavender/database"
"html/template"
"net/http"
)
// State defines the currently reached authentication state
type State byte
const (
// StateUnauthorized defines the "unauthorized" state of a session
StateUnauthorized State = iota
// StateBasic defines the "username and password with no OTP" user state
// This is skipped if OTP/passkey is optional and not enabled for the user
StateBasic
// StateExtended defines the "logged in" user state
StateExtended
// StateSudo defines the "sudo" user state
// This state is temporary and has a configurable duration
StateSudo
)
func IsLoggedIn(s State) bool {
return s >= StateExtended
}
func IsSudoAvailable(s State) bool {
return s == StateSudo
}
type Provider interface {
// AccessState defines the state at which the provider is allowed to show.
// Some factors might be unavailable due to user preference.
AccessState() State
// Name defines a string value for the provider.
Name() string
// RenderTemplate returns HTML to embed in the page template.
RenderTemplate(ctx context.Context, req *http.Request, user *database.User) (template.HTML, error)
// AttemptLogin processes the login request.
AttemptLogin(ctx context.Context, req *http.Request, user *database.User) error
}
type UserSafeError struct {
Display string
Code int
Internal error
}
func (e UserSafeError) Error() string {
return fmt.Sprintf("%s [%d]: %v", e.Display, e.Code, e.Internal)
}
func (e UserSafeError) Unwrap() error {
return e.Internal
}
func BasicUserSafeError(code int, message string) UserSafeError {
return UserSafeError{
Code: code,
Display: message,
Internal: errors.New(message),
}
}
func AdminSafeError(inner error) UserSafeError {
return UserSafeError{
Code: http.StatusInternalServerError,
Display: "Internal server error",
Internal: inner,
}
}
type RedirectError struct {
Target string
Code int
}
func (e RedirectError) TargetUrl() string { return e.Target }
func (e RedirectError) Error() string {
return fmt.Sprintf("redirect to '%s'", e.Target)
}
type LookupUserDB interface {
GetUser(ctx context.Context, subject string) (database.User, error)
}
func LookupUser(ctx context.Context, db LookupUserDB, subject string, user *database.User) error {
getUser, err := db.GetUser(ctx, subject)
if err != nil {
return err
}
*user = getUser
return nil
}