abstract const class fanr::WebRepoAuth

sys::Obj
  fanr::WebRepoAuth

Source

WebRepoAuth is used to plug in authentication and permission authorization for a WebRepoMod.

allowPublish

abstract Bool allowPublish(Obj? user, PodSpec? pod)

Source

Is the given user allowed to publish the given pod? If pod is null, return if user is allowed to publish anything.

allowQuery

abstract Bool allowQuery(Obj? user, PodSpec? pod)

Source

Is the given user allowed to query the given pod? If pod is null, return if user is allowed to query anything.

allowRead

abstract Bool allowRead(Obj? user, PodSpec? pod)

Source

Is the given user allowed to read/download/install the given pod? If pod is null, return if user is allowed to install anything.

salt

abstract Str? salt(Obj? user)

Source

Get the salt used for the SALTED-HMAC-SHA1 secret algorithm for the given user. If the user doesn't exist or salts aren't supported, then return null.

secret

abstract Buf secret(Obj? user, Str algorithm)

Source

Get the secret as a byte buffer for the given user and algorithm which can be used to verify the digital signature of a request. See secretAlgorithms for list of algorithms (parameter is guaranteed to be in all upper case).

secretAlgorithms

abstract Str[] secretAlgorithms()

Source

What algorithms are supported to compute the "secret" to use for digital signatures. They should be sorted from most preferred to least preferred. Standard values are:

  • PASSWORD: simple plaintext password is used as secret
  • SALTED-HMAC-SHA1: HMAC of "user:salt" with password as key
signatureAlgorithms

virtual Str[] signatureAlgorithms()

Source

What algorithms are supported for computing the signature of a request. They should be sorted from most preferred to least preferred. Standard values are:

  • HMAC-SHA1: SHA-1 HMAC using secret as key The default implementation of both client and server only supports "HMAC-SHA1".
user

abstract Obj? user(Str username)

Source

Given a username, return an implementation specific object which models the user for the given username. Or return null if username doesn't map to a valid user.