mirror of
https://github.com/osmarks/mycorrhiza.git
synced 2025-01-07 02:10:26 +00:00
Start implementing fixed authorization system
This commit is contained in:
parent
c111e95468
commit
c83ea6f356
@ -5,7 +5,8 @@ Features planned for this release:
|
||||
* [ ] Authorization
|
||||
* [ ] User groups: `anon`, `editor`, `trusted`, `moderator`, `admin`
|
||||
* [ ] Mycomarkup improvements
|
||||
* [ ] Strike-through syntax
|
||||
* [x] Strike-through syntax
|
||||
* [x] Formatting in headings
|
||||
* [ ] Fix empty line codeblock bug #26
|
||||
* [ ] `img{}` improvements
|
||||
* [ ] ...
|
||||
@ -25,12 +26,18 @@ make
|
||||
mycorrhiza [OPTIONS...] WIKI_PATH
|
||||
|
||||
Options:
|
||||
-auth-method string
|
||||
What auth method to use. Variants: "none", "fixed" (default "none")
|
||||
-fixed-credentials-path string
|
||||
Used when -auth-method=fixed. Path to file with user credentials. (default "mycocredentials.json")
|
||||
-home string
|
||||
The home page (default "home")
|
||||
-port string
|
||||
Port to serve the wiki at (default "1737")
|
||||
-title string
|
||||
How to call your wiki in the navititle (default "🍄")
|
||||
-user-tree string
|
||||
Hypha which is a superhypha of all user pages (default "u")
|
||||
```
|
||||
|
||||
## Features
|
||||
|
17
flag.go
17
flag.go
@ -5,6 +5,7 @@ import (
|
||||
"log"
|
||||
"path/filepath"
|
||||
|
||||
"github.com/bouncepaw/mycorrhiza/user"
|
||||
"github.com/bouncepaw/mycorrhiza/util"
|
||||
)
|
||||
|
||||
@ -12,6 +13,9 @@ func init() {
|
||||
flag.StringVar(&util.ServerPort, "port", "1737", "Port to serve the wiki at")
|
||||
flag.StringVar(&util.HomePage, "home", "home", "The home page")
|
||||
flag.StringVar(&util.SiteTitle, "title", "🍄", "How to call your wiki in the navititle")
|
||||
flag.StringVar(&util.UserTree, "user-tree", "u", "Hypha which is a superhypha of all user pages")
|
||||
flag.StringVar(&util.AuthMethod, "auth-method", "none", "What auth method to use. Variants: \"none\", \"fixed\"")
|
||||
flag.StringVar(&util.FixedCredentialsPath, "fixed-credentials-path", "mycocredentials.json", "Used when -auth-method=fixed. Path to file with user credentials.")
|
||||
}
|
||||
|
||||
// Do the things related to cli args and die maybe
|
||||
@ -33,4 +37,17 @@ func parseCliArgs() {
|
||||
if !isCanonicalName(util.HomePage) {
|
||||
log.Fatal("Error: you must use a proper name for the homepage")
|
||||
}
|
||||
|
||||
if !isCanonicalName(util.UserTree) {
|
||||
log.Fatal("Error: you must use a proper name for user tree")
|
||||
}
|
||||
|
||||
switch util.AuthMethod {
|
||||
case "none":
|
||||
case "fixed":
|
||||
user.AuthUsed = true
|
||||
user.PopulateFixedUserStorage()
|
||||
default:
|
||||
log.Fatal("Error: unknown auth method:", util.AuthMethod)
|
||||
}
|
||||
}
|
||||
|
24
mycocredentials.json
Normal file
24
mycocredentials.json
Normal file
@ -0,0 +1,24 @@
|
||||
[
|
||||
{
|
||||
"name": "admin",
|
||||
"password": "mycorrhiza",
|
||||
"group": "admin"
|
||||
},
|
||||
{
|
||||
"name": "weird_fish",
|
||||
"password": "DeepestOcean",
|
||||
"group": "moderator"
|
||||
},
|
||||
{
|
||||
"name": "king_of_limbs",
|
||||
"password": "ambush",
|
||||
"group": "trusted"
|
||||
},
|
||||
{
|
||||
"name": "paranoid_android",
|
||||
"password": "ok computer",
|
||||
"group": "editor"
|
||||
}
|
||||
]
|
||||
|
||||
|
99
user/user.go
Normal file
99
user/user.go
Normal file
@ -0,0 +1,99 @@
|
||||
package user
|
||||
|
||||
import (
|
||||
"encoding/json"
|
||||
"io/ioutil"
|
||||
"log"
|
||||
|
||||
"github.com/bouncepaw/mycorrhiza/util"
|
||||
)
|
||||
|
||||
type FixedUserStorage struct {
|
||||
Users []*User
|
||||
}
|
||||
|
||||
var UserStorage = FixedUserStorage{}
|
||||
|
||||
func PopulateFixedUserStorage() {
|
||||
contents, err := ioutil.ReadFile(util.FixedCredentialsPath)
|
||||
if err != nil {
|
||||
log.Fatal(err)
|
||||
}
|
||||
err = json.Unmarshal(contents, &UserStorage.Users)
|
||||
if err != nil {
|
||||
log.Fatal(err)
|
||||
}
|
||||
for _, user := range UserStorage.Users {
|
||||
user.Group = groupFromString(user.GroupString)
|
||||
}
|
||||
log.Println("Found", len(UserStorage.Users), "fixed users")
|
||||
}
|
||||
|
||||
// AuthUsed shows if a method of authentication is used. You should set it by yourself.
|
||||
var AuthUsed bool
|
||||
|
||||
// User is a user.
|
||||
type User struct {
|
||||
// Name is a username. It must follow hypha naming rules.
|
||||
Name string `json:"name"`
|
||||
// Group the user is part of.
|
||||
Group UserGroup `json:"-"`
|
||||
GroupString string `json:"group"`
|
||||
Password string `json:"password"`
|
||||
}
|
||||
|
||||
func groupFromString(s string) UserGroup {
|
||||
switch s {
|
||||
case "admin":
|
||||
return UserAdmin
|
||||
case "moderator":
|
||||
return UserModerator
|
||||
case "trusted":
|
||||
return UserTrusted
|
||||
case "editor":
|
||||
return UserEditor
|
||||
default:
|
||||
log.Fatal("Unknown user group", s)
|
||||
return UserAnon
|
||||
}
|
||||
}
|
||||
|
||||
// UserGroup represents a group that a user is part of.
|
||||
type UserGroup int
|
||||
|
||||
const (
|
||||
// UserAnon is the default user group which all unauthorized visitors have.
|
||||
UserAnon UserGroup = iota
|
||||
// UserEditor is a user who can edit and upload stuff.
|
||||
UserEditor
|
||||
// UserTrusted is a trusted editor who can also rename stuff.
|
||||
UserTrusted
|
||||
// UserModerator is a moderator who can also delete stuff.
|
||||
UserModerator
|
||||
// UserAdmin can do everything.
|
||||
UserAdmin
|
||||
)
|
||||
|
||||
var minimalRights = map[string]UserGroup{
|
||||
"edit": UserEditor,
|
||||
"upload-binary": UserEditor,
|
||||
"upload-text": UserEditor,
|
||||
"rename-ask": UserTrusted,
|
||||
"rename-confirm": UserTrusted,
|
||||
"delete-ask": UserModerator,
|
||||
"delete-confirm": UserModerator,
|
||||
"reindex": UserAdmin,
|
||||
}
|
||||
|
||||
func (ug UserGroup) CanAccessRoute(route string) bool {
|
||||
if !AuthUsed {
|
||||
return true
|
||||
}
|
||||
if minimalRight, ok := minimalRights[route]; ok {
|
||||
if ug >= minimalRight {
|
||||
return true
|
||||
}
|
||||
return false
|
||||
}
|
||||
return true
|
||||
}
|
@ -10,6 +10,9 @@ var (
|
||||
HomePage string
|
||||
SiteTitle string
|
||||
WikiDir string
|
||||
UserTree string
|
||||
AuthMethod string
|
||||
FixedCredentialsPath string
|
||||
)
|
||||
|
||||
// ShorterPath is used by handlerList to display shorter path to the files. It simply strips WikiDir.
|
||||
|
Loading…
Reference in New Issue
Block a user