diff --git a/cnf/cnf.go b/cnf/cnf.go index ee4dd60f..007e3237 100644 --- a/cnf/cnf.go +++ b/cnf/cnf.go @@ -21,8 +21,38 @@ import ( var Settings *Options +type Kind int + +func (k Kind) String() string { + switch k { + default: + return "NO" + case AuthKV: + return "KV" + case AuthNS: + return "NS" + case AuthDB: + return "DB" + case AuthSC: + return "SC" + } +} + +const ( + // Root access + AuthKV Kind = iota + // Namespace access + AuthNS + // Database access + AuthDB + // Scoped user access + AuthSC + // No access + AuthNO +) + type Auth struct { - Kind int + Kind Kind Data map[string]interface{} Possible struct { NS string diff --git a/sql/options.go b/sql/options.go index 85939a21..96baf56c 100644 --- a/sql/options.go +++ b/sql/options.go @@ -49,17 +49,17 @@ func (o *options) get(kind int) (kv, ns, db string, err error) { ns = o.auth.Selected.NS db = o.auth.Selected.DB - if kind < o.auth.Kind { + if cnf.Kind(kind) < o.auth.Kind { err = &QueryError{} return } - if kind >= AuthNS && ns == "" { + if cnf.Kind(kind) >= cnf.AuthNS && ns == "" { err = &BlankError{} return } - if kind >= AuthDB && db == "" { + if cnf.Kind(kind) >= cnf.AuthDB && db == "" { err = &BlankError{} return } diff --git a/web/auth.go b/web/auth.go index c4755de8..9c1b833a 100644 --- a/web/auth.go +++ b/web/auth.go @@ -28,7 +28,6 @@ import ( "github.com/abcum/surreal/db" "github.com/abcum/surreal/kvs" "github.com/abcum/surreal/mem" - "github.com/abcum/surreal/sql" "github.com/dgrijalva/jwt-go" "github.com/gorilla/websocket" ) @@ -59,7 +58,7 @@ func auth() fibre.MiddlewareFunc { // which prevents running any sql queries, // and denies access to all data. - auth.Kind = sql.AuthNO + auth.Kind = cnf.AuthNO // Set the default possible values for the // possible and selected namespace / database @@ -78,7 +77,7 @@ func auth() fibre.MiddlewareFunc { subs := strings.Split(bits[0], "-") if len(subs) == 2 { - auth.Kind = sql.AuthSC + auth.Kind = cnf.AuthSC auth.Possible.NS = subs[0] auth.Selected.NS = subs[0] auth.Possible.DB = subs[1] @@ -90,7 +89,7 @@ func auth() fibre.MiddlewareFunc { // the selected namespace. if ns := c.Request().Header().Get("NS"); len(ns) != 0 { - auth.Kind = sql.AuthSC + auth.Kind = cnf.AuthSC auth.Possible.NS = ns auth.Selected.NS = ns } @@ -100,7 +99,7 @@ func auth() fibre.MiddlewareFunc { // the selected database. if db := c.Request().Header().Get("DB"); len(db) != 0 { - auth.Kind = sql.AuthSC + auth.Kind = cnf.AuthSC auth.Possible.DB = db auth.Selected.DB = db } @@ -159,7 +158,7 @@ func checkRoot(c *fibre.Context, user, pass string, callback func() error) (err if cidr(c.IP(), cnf.Settings.Auth.Nets) { if user == cnf.Settings.Auth.User && pass == cnf.Settings.Auth.Pass { - auth.Kind = sql.AuthKV + auth.Kind = cnf.AuthKV auth.Possible.NS = "*" auth.Possible.DB = "*" } @@ -183,7 +182,7 @@ func checkMaster(c *fibre.Context, info string, callback func() error) (err erro cred := bytes.SplitN(base, []byte(":"), 2) if len(cred) == 2 && bytes.Equal(cred[0], user) && bytes.Equal(cred[1], pass) { - auth.Kind = sql.AuthKV + auth.Kind = cnf.AuthKV auth.Possible.NS = "*" auth.Possible.DB = "*" } @@ -256,10 +255,10 @@ func checkBearer(c *fibre.Context, info string, callback func() error) (err erro if token.Header["alg"] != key.Type { return nil, fmt.Errorf("Unexpected signing method") } - auth.Kind = sql.AuthSC + auth.Kind = cnf.AuthSC return key.Code, nil } else { - auth.Kind = sql.AuthSC + auth.Kind = cnf.AuthSC return scp.Code, nil } @@ -273,14 +272,14 @@ func checkBearer(c *fibre.Context, info string, callback func() error) (err erro if token.Header["alg"] != key.Type { return nil, fmt.Errorf("Unexpected signing method") } - auth.Kind = sql.AuthDB + auth.Kind = cnf.AuthDB return key.Code, nil } else if uok { usr, err := mem.New(txn).GetDU(nsv, dbv, usv) if err != nil { return nil, fmt.Errorf("Credentials failed") } - auth.Kind = sql.AuthDB + auth.Kind = cnf.AuthDB return usr.Code, nil } @@ -294,14 +293,14 @@ func checkBearer(c *fibre.Context, info string, callback func() error) (err erro if token.Header["alg"] != key.Type { return nil, fmt.Errorf("Unexpected signing method") } - auth.Kind = sql.AuthNS + auth.Kind = cnf.AuthNS return key.Code, nil } else if uok { usr, err := mem.New(txn).GetNU(nsv, usv) if err != nil { return nil, fmt.Errorf("Credentials failed") } - auth.Kind = sql.AuthNS + auth.Kind = cnf.AuthNS return usr.Code, nil } @@ -313,20 +312,20 @@ func checkBearer(c *fibre.Context, info string, callback func() error) (err erro if err == nil && token.Valid { - if auth.Kind == sql.AuthNS { + if auth.Kind == cnf.AuthNS { auth.Possible.NS = nsv auth.Selected.NS = nsv auth.Possible.DB = "*" } - if auth.Kind == sql.AuthDB { + if auth.Kind == cnf.AuthDB { auth.Possible.NS = nsv auth.Selected.NS = nsv auth.Possible.DB = dbv auth.Selected.DB = dbv } - if auth.Kind == sql.AuthSC { + if auth.Kind == cnf.AuthSC { auth.Possible.NS = nsv auth.Selected.NS = nsv auth.Possible.DB = dbv diff --git a/web/export.go b/web/export.go index 217882f8..72a16245 100644 --- a/web/export.go +++ b/web/export.go @@ -18,12 +18,11 @@ import ( "github.com/abcum/fibre" "github.com/abcum/surreal/cnf" "github.com/abcum/surreal/db" - "github.com/abcum/surreal/sql" ) func exporter(c *fibre.Context) (err error) { - if c.Get("auth").(*cnf.Auth).Kind != sql.AuthKV { + if c.Get("auth").(*cnf.Auth).Kind != cnf.AuthKV { return fibre.NewHTTPError(401) } diff --git a/web/import.go b/web/import.go index 268fbdb8..04f1972f 100644 --- a/web/import.go +++ b/web/import.go @@ -18,12 +18,11 @@ import ( "github.com/abcum/fibre" "github.com/abcum/surreal/cnf" "github.com/abcum/surreal/db" - "github.com/abcum/surreal/sql" ) func importer(c *fibre.Context) (err error) { - if c.Get("auth").(*cnf.Auth).Kind != sql.AuthKV { + if c.Get("auth").(*cnf.Auth).Kind != cnf.AuthKV { return fibre.NewHTTPError(401) }