mirror of
https://github.com/osmarks/mycorrhiza.git
synced 2025-01-23 00:26:50 +00:00
Start implementing fixed authorization system
This commit is contained in:
parent
c111e95468
commit
c83ea6f356
@ -5,7 +5,8 @@ Features planned for this release:
|
|||||||
* [ ] Authorization
|
* [ ] Authorization
|
||||||
* [ ] User groups: `anon`, `editor`, `trusted`, `moderator`, `admin`
|
* [ ] User groups: `anon`, `editor`, `trusted`, `moderator`, `admin`
|
||||||
* [ ] Mycomarkup improvements
|
* [ ] Mycomarkup improvements
|
||||||
* [ ] Strike-through syntax
|
* [x] Strike-through syntax
|
||||||
|
* [x] Formatting in headings
|
||||||
* [ ] Fix empty line codeblock bug #26
|
* [ ] Fix empty line codeblock bug #26
|
||||||
* [ ] `img{}` improvements
|
* [ ] `img{}` improvements
|
||||||
* [ ] ...
|
* [ ] ...
|
||||||
@ -25,12 +26,18 @@ make
|
|||||||
mycorrhiza [OPTIONS...] WIKI_PATH
|
mycorrhiza [OPTIONS...] WIKI_PATH
|
||||||
|
|
||||||
Options:
|
Options:
|
||||||
|
-auth-method string
|
||||||
|
What auth method to use. Variants: "none", "fixed" (default "none")
|
||||||
|
-fixed-credentials-path string
|
||||||
|
Used when -auth-method=fixed. Path to file with user credentials. (default "mycocredentials.json")
|
||||||
-home string
|
-home string
|
||||||
The home page (default "home")
|
The home page (default "home")
|
||||||
-port string
|
-port string
|
||||||
Port to serve the wiki at (default "1737")
|
Port to serve the wiki at (default "1737")
|
||||||
-title string
|
-title string
|
||||||
How to call your wiki in the navititle (default "🍄")
|
How to call your wiki in the navititle (default "🍄")
|
||||||
|
-user-tree string
|
||||||
|
Hypha which is a superhypha of all user pages (default "u")
|
||||||
```
|
```
|
||||||
|
|
||||||
## Features
|
## Features
|
||||||
|
17
flag.go
17
flag.go
@ -5,6 +5,7 @@ import (
|
|||||||
"log"
|
"log"
|
||||||
"path/filepath"
|
"path/filepath"
|
||||||
|
|
||||||
|
"github.com/bouncepaw/mycorrhiza/user"
|
||||||
"github.com/bouncepaw/mycorrhiza/util"
|
"github.com/bouncepaw/mycorrhiza/util"
|
||||||
)
|
)
|
||||||
|
|
||||||
@ -12,6 +13,9 @@ func init() {
|
|||||||
flag.StringVar(&util.ServerPort, "port", "1737", "Port to serve the wiki at")
|
flag.StringVar(&util.ServerPort, "port", "1737", "Port to serve the wiki at")
|
||||||
flag.StringVar(&util.HomePage, "home", "home", "The home page")
|
flag.StringVar(&util.HomePage, "home", "home", "The home page")
|
||||||
flag.StringVar(&util.SiteTitle, "title", "🍄", "How to call your wiki in the navititle")
|
flag.StringVar(&util.SiteTitle, "title", "🍄", "How to call your wiki in the navititle")
|
||||||
|
flag.StringVar(&util.UserTree, "user-tree", "u", "Hypha which is a superhypha of all user pages")
|
||||||
|
flag.StringVar(&util.AuthMethod, "auth-method", "none", "What auth method to use. Variants: \"none\", \"fixed\"")
|
||||||
|
flag.StringVar(&util.FixedCredentialsPath, "fixed-credentials-path", "mycocredentials.json", "Used when -auth-method=fixed. Path to file with user credentials.")
|
||||||
}
|
}
|
||||||
|
|
||||||
// Do the things related to cli args and die maybe
|
// Do the things related to cli args and die maybe
|
||||||
@ -33,4 +37,17 @@ func parseCliArgs() {
|
|||||||
if !isCanonicalName(util.HomePage) {
|
if !isCanonicalName(util.HomePage) {
|
||||||
log.Fatal("Error: you must use a proper name for the homepage")
|
log.Fatal("Error: you must use a proper name for the homepage")
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if !isCanonicalName(util.UserTree) {
|
||||||
|
log.Fatal("Error: you must use a proper name for user tree")
|
||||||
|
}
|
||||||
|
|
||||||
|
switch util.AuthMethod {
|
||||||
|
case "none":
|
||||||
|
case "fixed":
|
||||||
|
user.AuthUsed = true
|
||||||
|
user.PopulateFixedUserStorage()
|
||||||
|
default:
|
||||||
|
log.Fatal("Error: unknown auth method:", util.AuthMethod)
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
24
mycocredentials.json
Normal file
24
mycocredentials.json
Normal file
@ -0,0 +1,24 @@
|
|||||||
|
[
|
||||||
|
{
|
||||||
|
"name": "admin",
|
||||||
|
"password": "mycorrhiza",
|
||||||
|
"group": "admin"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "weird_fish",
|
||||||
|
"password": "DeepestOcean",
|
||||||
|
"group": "moderator"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "king_of_limbs",
|
||||||
|
"password": "ambush",
|
||||||
|
"group": "trusted"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "paranoid_android",
|
||||||
|
"password": "ok computer",
|
||||||
|
"group": "editor"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
|
||||||
|
|
99
user/user.go
Normal file
99
user/user.go
Normal file
@ -0,0 +1,99 @@
|
|||||||
|
package user
|
||||||
|
|
||||||
|
import (
|
||||||
|
"encoding/json"
|
||||||
|
"io/ioutil"
|
||||||
|
"log"
|
||||||
|
|
||||||
|
"github.com/bouncepaw/mycorrhiza/util"
|
||||||
|
)
|
||||||
|
|
||||||
|
type FixedUserStorage struct {
|
||||||
|
Users []*User
|
||||||
|
}
|
||||||
|
|
||||||
|
var UserStorage = FixedUserStorage{}
|
||||||
|
|
||||||
|
func PopulateFixedUserStorage() {
|
||||||
|
contents, err := ioutil.ReadFile(util.FixedCredentialsPath)
|
||||||
|
if err != nil {
|
||||||
|
log.Fatal(err)
|
||||||
|
}
|
||||||
|
err = json.Unmarshal(contents, &UserStorage.Users)
|
||||||
|
if err != nil {
|
||||||
|
log.Fatal(err)
|
||||||
|
}
|
||||||
|
for _, user := range UserStorage.Users {
|
||||||
|
user.Group = groupFromString(user.GroupString)
|
||||||
|
}
|
||||||
|
log.Println("Found", len(UserStorage.Users), "fixed users")
|
||||||
|
}
|
||||||
|
|
||||||
|
// AuthUsed shows if a method of authentication is used. You should set it by yourself.
|
||||||
|
var AuthUsed bool
|
||||||
|
|
||||||
|
// User is a user.
|
||||||
|
type User struct {
|
||||||
|
// Name is a username. It must follow hypha naming rules.
|
||||||
|
Name string `json:"name"`
|
||||||
|
// Group the user is part of.
|
||||||
|
Group UserGroup `json:"-"`
|
||||||
|
GroupString string `json:"group"`
|
||||||
|
Password string `json:"password"`
|
||||||
|
}
|
||||||
|
|
||||||
|
func groupFromString(s string) UserGroup {
|
||||||
|
switch s {
|
||||||
|
case "admin":
|
||||||
|
return UserAdmin
|
||||||
|
case "moderator":
|
||||||
|
return UserModerator
|
||||||
|
case "trusted":
|
||||||
|
return UserTrusted
|
||||||
|
case "editor":
|
||||||
|
return UserEditor
|
||||||
|
default:
|
||||||
|
log.Fatal("Unknown user group", s)
|
||||||
|
return UserAnon
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// UserGroup represents a group that a user is part of.
|
||||||
|
type UserGroup int
|
||||||
|
|
||||||
|
const (
|
||||||
|
// UserAnon is the default user group which all unauthorized visitors have.
|
||||||
|
UserAnon UserGroup = iota
|
||||||
|
// UserEditor is a user who can edit and upload stuff.
|
||||||
|
UserEditor
|
||||||
|
// UserTrusted is a trusted editor who can also rename stuff.
|
||||||
|
UserTrusted
|
||||||
|
// UserModerator is a moderator who can also delete stuff.
|
||||||
|
UserModerator
|
||||||
|
// UserAdmin can do everything.
|
||||||
|
UserAdmin
|
||||||
|
)
|
||||||
|
|
||||||
|
var minimalRights = map[string]UserGroup{
|
||||||
|
"edit": UserEditor,
|
||||||
|
"upload-binary": UserEditor,
|
||||||
|
"upload-text": UserEditor,
|
||||||
|
"rename-ask": UserTrusted,
|
||||||
|
"rename-confirm": UserTrusted,
|
||||||
|
"delete-ask": UserModerator,
|
||||||
|
"delete-confirm": UserModerator,
|
||||||
|
"reindex": UserAdmin,
|
||||||
|
}
|
||||||
|
|
||||||
|
func (ug UserGroup) CanAccessRoute(route string) bool {
|
||||||
|
if !AuthUsed {
|
||||||
|
return true
|
||||||
|
}
|
||||||
|
if minimalRight, ok := minimalRights[route]; ok {
|
||||||
|
if ug >= minimalRight {
|
||||||
|
return true
|
||||||
|
}
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
return true
|
||||||
|
}
|
@ -10,6 +10,9 @@ var (
|
|||||||
HomePage string
|
HomePage string
|
||||||
SiteTitle string
|
SiteTitle string
|
||||||
WikiDir string
|
WikiDir string
|
||||||
|
UserTree string
|
||||||
|
AuthMethod string
|
||||||
|
FixedCredentialsPath string
|
||||||
)
|
)
|
||||||
|
|
||||||
// ShorterPath is used by handlerList to display shorter path to the files. It simply strips WikiDir.
|
// ShorterPath is used by handlerList to display shorter path to the files. It simply strips WikiDir.
|
||||||
|
Loading…
Reference in New Issue
Block a user