1
0
mirror of https://github.com/osmarks/mycorrhiza.git synced 2024-10-30 03:36:16 +00:00

Start implementing fixed authorization system

This commit is contained in:
bouncepaw 2020-11-13 23:45:42 +05:00
parent c111e95468
commit c83ea6f356
5 changed files with 155 additions and 5 deletions

View File

@ -5,7 +5,8 @@ Features planned for this release:
* [ ] Authorization
* [ ] User groups: `anon`, `editor`, `trusted`, `moderator`, `admin`
* [ ] Mycomarkup improvements
* [ ] Strike-through syntax
* [x] Strike-through syntax
* [x] Formatting in headings
* [ ] Fix empty line codeblock bug #26
* [ ] `img{}` improvements
* [ ] ...
@ -25,12 +26,18 @@ make
mycorrhiza [OPTIONS...] WIKI_PATH
Options:
-auth-method string
What auth method to use. Variants: "none", "fixed" (default "none")
-fixed-credentials-path string
Used when -auth-method=fixed. Path to file with user credentials. (default "mycocredentials.json")
-home string
The home page (default "home")
-port string
Port to serve the wiki at (default "1737")
-title string
How to call your wiki in the navititle (default "🍄")
-user-tree string
Hypha which is a superhypha of all user pages (default "u")
```
## Features

17
flag.go
View File

@ -5,6 +5,7 @@ import (
"log"
"path/filepath"
"github.com/bouncepaw/mycorrhiza/user"
"github.com/bouncepaw/mycorrhiza/util"
)
@ -12,6 +13,9 @@ func init() {
flag.StringVar(&util.ServerPort, "port", "1737", "Port to serve the wiki at")
flag.StringVar(&util.HomePage, "home", "home", "The home page")
flag.StringVar(&util.SiteTitle, "title", "🍄", "How to call your wiki in the navititle")
flag.StringVar(&util.UserTree, "user-tree", "u", "Hypha which is a superhypha of all user pages")
flag.StringVar(&util.AuthMethod, "auth-method", "none", "What auth method to use. Variants: \"none\", \"fixed\"")
flag.StringVar(&util.FixedCredentialsPath, "fixed-credentials-path", "mycocredentials.json", "Used when -auth-method=fixed. Path to file with user credentials.")
}
// Do the things related to cli args and die maybe
@ -33,4 +37,17 @@ func parseCliArgs() {
if !isCanonicalName(util.HomePage) {
log.Fatal("Error: you must use a proper name for the homepage")
}
if !isCanonicalName(util.UserTree) {
log.Fatal("Error: you must use a proper name for user tree")
}
switch util.AuthMethod {
case "none":
case "fixed":
user.AuthUsed = true
user.PopulateFixedUserStorage()
default:
log.Fatal("Error: unknown auth method:", util.AuthMethod)
}
}

24
mycocredentials.json Normal file
View File

@ -0,0 +1,24 @@
[
{
"name": "admin",
"password": "mycorrhiza",
"group": "admin"
},
{
"name": "weird_fish",
"password": "DeepestOcean",
"group": "moderator"
},
{
"name": "king_of_limbs",
"password": "ambush",
"group": "trusted"
},
{
"name": "paranoid_android",
"password": "ok computer",
"group": "editor"
}
]

99
user/user.go Normal file
View File

@ -0,0 +1,99 @@
package user
import (
"encoding/json"
"io/ioutil"
"log"
"github.com/bouncepaw/mycorrhiza/util"
)
type FixedUserStorage struct {
Users []*User
}
var UserStorage = FixedUserStorage{}
func PopulateFixedUserStorage() {
contents, err := ioutil.ReadFile(util.FixedCredentialsPath)
if err != nil {
log.Fatal(err)
}
err = json.Unmarshal(contents, &UserStorage.Users)
if err != nil {
log.Fatal(err)
}
for _, user := range UserStorage.Users {
user.Group = groupFromString(user.GroupString)
}
log.Println("Found", len(UserStorage.Users), "fixed users")
}
// AuthUsed shows if a method of authentication is used. You should set it by yourself.
var AuthUsed bool
// User is a user.
type User struct {
// Name is a username. It must follow hypha naming rules.
Name string `json:"name"`
// Group the user is part of.
Group UserGroup `json:"-"`
GroupString string `json:"group"`
Password string `json:"password"`
}
func groupFromString(s string) UserGroup {
switch s {
case "admin":
return UserAdmin
case "moderator":
return UserModerator
case "trusted":
return UserTrusted
case "editor":
return UserEditor
default:
log.Fatal("Unknown user group", s)
return UserAnon
}
}
// UserGroup represents a group that a user is part of.
type UserGroup int
const (
// UserAnon is the default user group which all unauthorized visitors have.
UserAnon UserGroup = iota
// UserEditor is a user who can edit and upload stuff.
UserEditor
// UserTrusted is a trusted editor who can also rename stuff.
UserTrusted
// UserModerator is a moderator who can also delete stuff.
UserModerator
// UserAdmin can do everything.
UserAdmin
)
var minimalRights = map[string]UserGroup{
"edit": UserEditor,
"upload-binary": UserEditor,
"upload-text": UserEditor,
"rename-ask": UserTrusted,
"rename-confirm": UserTrusted,
"delete-ask": UserModerator,
"delete-confirm": UserModerator,
"reindex": UserAdmin,
}
func (ug UserGroup) CanAccessRoute(route string) bool {
if !AuthUsed {
return true
}
if minimalRight, ok := minimalRights[route]; ok {
if ug >= minimalRight {
return true
}
return false
}
return true
}

View File

@ -6,10 +6,13 @@ import (
)
var (
ServerPort string
HomePage string
SiteTitle string
WikiDir string
ServerPort string
HomePage string
SiteTitle string
WikiDir string
UserTree string
AuthMethod string
FixedCredentialsPath string
)
// ShorterPath is used by handlerList to display shorter path to the files. It simply strips WikiDir.