1
0
mirror of https://github.com/osmarks/mycorrhiza.git synced 2024-10-30 19:56:16 +00:00
mycorrhiza/user/user.go

98 lines
2.1 KiB
Go
Raw Normal View History

package user
import (
"sync"
"golang.org/x/crypto/bcrypt"
)
// UserSource shows where is the user data gotten from.
type UserSource int
const (
SourceUnknown UserSource = iota
// SourceFixed is used with users that are predefined using fixed auth
SourceFixed
// SourceRegistration is used with users that are registered through the register form
SourceRegistration
)
// User is a user.
type User struct {
// Name is a username. It must follow hypha naming rules.
Name string `json:"name"`
Group string `json:"group"`
Password string `json:"password"` // for fixed
HashedPassword string `json:"hashed_password"` // for registered
Source UserSource `json:"-"`
sync.RWMutex
// A note about why HashedPassword is string and not []byte. The reason is
// simple: golang's json marshals []byte as slice of numbers, which is not
// acceptable.
2020-11-14 13:03:06 +00:00
}
// Route — Right (more is more right)
var minimalRights = map[string]int{
2021-01-23 19:00:58 +00:00
"edit": 1,
"upload-binary": 1,
"upload-text": 1,
"rename-ask": 2,
"rename-confirm": 2,
"unattach-ask": 2,
"unattach-confirm": 2,
"update-header-links": 3,
"delete-ask": 3,
"delete-confirm": 3,
"reindex": 4,
"admin": 4,
2021-02-18 14:50:37 +00:00
"admin/shutdown": 4,
2020-11-14 14:46:04 +00:00
}
// Group — Right
var groupRight = map[string]int{
"anon": 0,
"editor": 1,
"trusted": 2,
"moderator": 3,
"admin": 4,
2020-11-14 13:03:06 +00:00
}
2021-01-24 07:30:14 +00:00
func EmptyUser() *User {
return &User{
Name: "anon",
Group: "anon",
Password: "",
2020-11-14 10:39:18 +00:00
}
}
func (user *User) CanProceed(route string) bool {
if !AuthUsed {
return true
2020-11-14 10:39:18 +00:00
}
2020-11-14 13:03:06 +00:00
user.RLock()
defer user.RUnlock()
2020-11-14 10:39:18 +00:00
right, _ := groupRight[user.Group]
minimalRight, _ := minimalRights[route]
if right >= minimalRight {
return true
2020-11-14 10:39:18 +00:00
}
return false
}
func (user *User) isCorrectPassword(password string) bool {
user.RLock()
defer user.RUnlock()
switch user.Source {
case SourceFixed:
return password == user.Password
case SourceRegistration:
err := bcrypt.CompareHashAndPassword([]byte(user.HashedPassword), []byte(password))
return err == nil
}
return false
2020-11-14 10:39:18 +00:00
}