clone

2022-08-15 23:06:20 +03:00
commit 4ea1a3802b
532 changed files with 211522 additions and 0 deletions
--- a/server/listeners/auth/auth.go
+++ b/server/listeners/auth/auth.go
@ -0,0 +1,12 @@
+package auth
+
+// Controller is an interface for authentication controllers.
+type Controller interface {
+
+	// Authenticate authenticates a user on CONNECT and returns true if a user is
+	// allowed to join the server.
+	Authenticate(user, password []byte) bool
+
+	// ACL returns true if a user has read or write access to a given topic.
+	ACL(user []byte, topic string, write bool) bool
+}
--- a/server/listeners/auth/defaults.go
+++ b/server/listeners/auth/defaults.go
@ -0,0 +1,31 @@
+package auth
+
+// Allow is an auth controller which allows access to all connections and topics.
+type Allow struct{}
+
+// Authenticate returns true if a username and password are acceptable. Allow always
+// returns true.
+func (a *Allow) Authenticate(user, password []byte) bool {
+	return true
+}
+
+// ACL returns true if a user has access permissions to read or write on a topic.
+// Allow always returns true.
+func (a *Allow) ACL(user []byte, topic string, write bool) bool {
+	return true
+}
+
+// Disallow is an auth controller which disallows access to all connections and topics.
+type Disallow struct{}
+
+// Authenticate returns true if a username and password are acceptable. Disallow always
+// returns false.
+func (d *Disallow) Authenticate(user, password []byte) bool {
+	return false
+}
+
+// ACL returns true if a user has access permissions to read or write on a topic.
+// Disallow always returns false.
+func (d *Disallow) ACL(user []byte, topic string, write bool) bool {
+	return false
+}
--- a/server/listeners/auth/defaults_test.go
+++ b/server/listeners/auth/defaults_test.go
@ -0,0 +1,55 @@
+package auth
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/require"
+)
+
+func TestAllowAuth(t *testing.T) {
+	ac := new(Allow)
+	require.Equal(t, true, ac.Authenticate([]byte("user"), []byte("pass")))
+}
+
+func BenchmarkAllowAuth(b *testing.B) {
+	ac := new(Allow)
+	for n := 0; n < b.N; n++ {
+		ac.Authenticate([]byte("user"), []byte("pass"))
+	}
+}
+
+func TestAllowACL(t *testing.T) {
+	ac := new(Allow)
+	require.Equal(t, true, ac.ACL([]byte("user"), "topic", true))
+}
+
+func BenchmarkAllowACL(b *testing.B) {
+	ac := new(Allow)
+	for n := 0; n < b.N; n++ {
+		ac.ACL([]byte("user"), "pass", true)
+	}
+}
+
+func TestDisallowAuth(t *testing.T) {
+	ac := new(Disallow)
+	require.Equal(t, false, ac.Authenticate([]byte("user"), []byte("pass")))
+}
+
+func BenchmarkDisallowAuth(b *testing.B) {
+	ac := new(Disallow)
+	for n := 0; n < b.N; n++ {
+		ac.Authenticate([]byte("user"), []byte("pass"))
+	}
+}
+
+func TestDisallowACL(t *testing.T) {
+	ac := new(Disallow)
+	require.Equal(t, false, ac.ACL([]byte("user"), "topic", true))
+}
+
+func BenchmarkDisallowACL(b *testing.B) {
+	ac := new(Disallow)
+	for n := 0; n < b.N; n++ {
+		ac.ACL([]byte("user"), "pass", true)
+	}
+}