Security plug for authentication.
Properties:
{keysDir: string=, trustedPubKeyFile: string, privateKeyFile: string=,
publicKeyFile: string=, accountsURL: string, allowNobodyUser: boolean,
quotaApp: string=}
where:
keysDir:
directory for all key material.trustedPubKeyFile
: trusted public key that verifies tokens. Uses a self-signed certificate in PEM format, seeopenssl
.privateKeyFile
andpublicKeyFile
: optional asymetric keys to weaken tokens. Typically we use a remote service instead.accountsURL
: URL of the accounts service.allowNobodyUser
: whether to allow thejson_rpc.DEFAULT_FROM
client to authenticate without credentials.quotaApp
: the name of the app managing user quotas, or missing if service off.
- Source:
Extends
Methods
__ca_attenuateToken__(megaTokenStr, constraints, cb0)
Weakens an authentication token generating generating one (or many) token(s).
Parameters:
Name | Type | Description |
---|---|---|
megaTokenStr |
string | A serialized token. |
constraints |
tkDescArray | A description of the new token(s). |
cb0 |
cbType | A callback to return the new token(s) or an error. |
__ca_authenticate__(from, tokenStr, cb0)
- Source:
Authenticates the incoming request.
Parameters:
Name | Type | Description |
---|---|---|
from |
string | Principal sending this request. |
tokenStr |
string | Token to authenticate the principal. |
cb0 |
cbType | A callback with an error or the authenticated token. |
__ca_blockCreate__(from, to) → {boolean}
- Source:
Whether we should block attempts to create a missing CA.
Only the owner should be allowed to create new CAs, i.e.,
from === to
.
Parameters:
Name | Type | Description |
---|---|---|
from |
string | Source of the request. |
to |
string | Target CA to be created if missing. |
Returns:
True if we should only allow returning a reference to an existing CA.
- Type
- boolean
__ca_pulse__(cb0)
- Source:
Cleans up token caches.
Called by cron_security
periodically to force token re-validation.
Parameters:
Name | Type | Description |
---|---|---|
cb0 |
cbType | A callback to continue after cleaning. |
__ca_quotaCheck__(caId, cb0)
- Source:
Checks the quota of a CA with the Quota service.
Parameters:
Name | Type | Description |
---|---|---|
caId |
string | A target CA identifier, e.g., |
cb0 |
cbType | A callback to return an error, or extra CA info
(second argument). If the error is not a system error, i.e., we
accessed the quota service and there was no balance, the error field
|
__ca_quotaRenew__(tokenStr, cb0)
- Source:
Registers a new CA with the Quota service.
Parameters:
Name | Type | Description |
---|---|---|
tokenStr |
string | An encoded token. This token was originally used to create the CA. |
cb0 |
cbType | A callback to return an error, or extra CA info
(second argument). If the error is not a system error, i.e., we
accessed the quota service and there was no balance, the error field
|
__ca_verifyToken__(tokenStr) → {tokenType|null}
- Source:
Verifies the provided serialized token is trusted
Parameters:
Name | Type | Description |
---|---|---|
tokenStr |
string | A serialized token to validate. |
Returns:
A parsed, validated token, or null
if
token invalid.
- Type
- tokenType | null