conventions/uid.go - release.go.v23 - Git at Google

 // Copyright 2015 The Vanadium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.

 // Package conventions implements unenforced conventions for Vanadium.
 package conventions

 import (
 	"reflect"
 	"strings"

 	"v.io/v23/context"
 	"v.io/v23/security"
 )

 const pkgPath = "v.io/v23/conventions"

 // Special case user ids.  They all have the identity provider "self" meaning that the server is poviding
 // the identity and type "?" meaning that we don't know what type of Id this is.
 const (
 	ServerUser          = "self:?:ServerUser"      // a client that has our public key
 	UnauthenticatedUser = "self:?:Unauthenticated" // a client which presents no blessing we trust
 )

 // GetClientUserIds returns a slice of ids for the client.  Each Id is one of the special ones above or
 // the string <identity provider>:<single letter type>:<actor>.   Examples of types are "u" for user
 // and "r" for role and "?" for unknown.
 func GetClientUserIds(ctx *context.T, call security.Call) []string {
 	// If there is no call or context, we must be the user.
 	if ctx == nil || call == nil {
 		return []string{ServerUser}
 	}
 	// The convention is: the first 3 components of a blessing name are a user name
 	// if the second component is a single character.  Otherwise, use just the first
 	// component.
 	var ids []string
 	rbn, _ := security.RemoteBlessingNames(ctx, call)
 	for _, b := range rbn {
 		if c := ParseUserId(b); c != nil {
 			ids = append(ids, strings.Join(c, security.ChainSeparator))
 		}
 	}
 	// If the client has our public key, we assume identity.
 	if l, r := call.LocalBlessings().PublicKey(), call.RemoteBlessings().PublicKey(); l != nil && reflect.DeepEqual(l, r) {
 		ids = append(ids, ServerUser)
 	}
 	if len(ids) > 0 {
 		return ids
 	} else {
 		return []string{UnauthenticatedUser}
 	}
 }

 // Parse the userId components from a blessing name or a userId string.  Returns nil on failure.
 func ParseUserId(s string) []string {
 	c := strings.Split(s, security.ChainSeparator)
 	if len(c) >= 3 && len(c[1]) == 1 {
 		// Identity provider conforms to conventions.
 		return c[0:3]
 	} else if len(c) >= 1 {
 		// Identity provider doesn't conform.  Treat all his users as a single resource group.
 		//
 		// This has the side effect of making tests a bit easier to write since you can use
 		// "bob" and "alice" rather than "self:u:bob" and "self:u:alice" or some such.
 		return c[0:1]
 	}
 	return nil
 }
	// Copyright 2015 The Vanadium Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style
	// license that can be found in the LICENSE file.

	// Package conventions implements unenforced conventions for Vanadium.
	package conventions

	import (
	"reflect"
	"strings"

	"v.io/v23/context"
	"v.io/v23/security"
	)

	const pkgPath = "v.io/v23/conventions"

	// Special case user ids. They all have the identity provider "self" meaning that the server is poviding
	// the identity and type "?" meaning that we don't know what type of Id this is.
	const (
	ServerUser = "self:?:ServerUser" // a client that has our public key
	UnauthenticatedUser = "self:?:Unauthenticated" // a client which presents no blessing we trust
	)

	// GetClientUserIds returns a slice of ids for the client. Each Id is one of the special ones above or
	// the string <identity provider>:<single letter type>:<actor>. Examples of types are "u" for user
	// and "r" for role and "?" for unknown.
	func GetClientUserIds(ctx *context.T, call security.Call) []string {
	// If there is no call or context, we must be the user.
	if ctx == nil \|\| call == nil {
	return []string{ServerUser}
	}
	// The convention is: the first 3 components of a blessing name are a user name
	// if the second component is a single character. Otherwise, use just the first
	// component.
	var ids []string
	rbn, _ := security.RemoteBlessingNames(ctx, call)
	for _, b := range rbn {
	if c := ParseUserId(b); c != nil {
	ids = append(ids, strings.Join(c, security.ChainSeparator))
	}
	}
	// If the client has our public key, we assume identity.
	if l, r := call.LocalBlessings().PublicKey(), call.RemoteBlessings().PublicKey(); l != nil && reflect.DeepEqual(l, r) {
	ids = append(ids, ServerUser)
	}
	if len(ids) > 0 {
	return ids
	} else {
	return []string{UnauthenticatedUser}
	}
	}

	// Parse the userId components from a blessing name or a userId string. Returns nil on failure.
	func ParseUserId(s string) []string {
	c := strings.Split(s, security.ChainSeparator)
	if len(c) >= 3 && len(c[1]) == 1 {
	// Identity provider conforms to conventions.
	return c[0:3]
	} else if len(c) >= 1 {
	// Identity provider doesn't conform. Treat all his users as a single resource group.
	//
	// This has the side effect of making tests a bit easier to write since you can use
	// "bob" and "alice" rather than "self:u:bob" and "self:u:alice" or some such.
	return c[0:1]
	}
	return nil
	}