1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
|
// This package defines interface which provides fast and cryptographically secure authorization tickets: https://wiki.yandex-team.ru/passport/tvm2/.
//
// Encoded ticket is a valid ASCII string: [0-9a-zA-Z_-:]+.
//
// This package defines interface. All libraries should depend on this package.
// Pure Go implementations of interface is located in library/go/yandex/tvm/tvmtool.
// CGO implementation is located in library/ticket_parser2/go/ticket_parser2.
package tvm
import (
"fmt"
"strings"
"github.com/ydb-platform/ydb/library/go/core/xerrors"
)
// ClientID represents ID of the application. Another name - TvmID.
type ClientID uint32
// UID represents ID of the user in Passport.
type UID uint64
// PorgID represents ID of the porganization
type PorgID uint64
// BlackboxEnv describes environment of Passport: https://wiki.yandex-team.ru/passport/tvm2/user-ticket/#0-opredeljaemsjasokruzhenijami
type BlackboxEnv int
type UserExtFields struct {
UID UID
CurrentPorgID PorgID
}
// This constants must be in sync with EBlackboxEnv from library/cpp/tvmauth/checked_user_ticket.h
const (
BlackboxProd BlackboxEnv = iota
BlackboxTest
BlackboxProdYateam
BlackboxTestYateam
BlackboxStress
)
func (e BlackboxEnv) String() string {
switch e {
case BlackboxProd:
return "Prod"
case BlackboxTest:
return "Test"
case BlackboxProdYateam:
return "ProdYateam"
case BlackboxTestYateam:
return "TestYateam"
case BlackboxStress:
return "Stress"
default:
return fmt.Sprintf("Unknown%d", e)
}
}
func BlackboxEnvFromString(envStr string) (BlackboxEnv, error) {
switch strings.ToLower(envStr) {
case "prod":
return BlackboxProd, nil
case "test":
return BlackboxTest, nil
case "prodyateam", "prod_yateam":
return BlackboxProdYateam, nil
case "testyateam", "test_yateam":
return BlackboxTestYateam, nil
case "stress":
return BlackboxStress, nil
default:
return BlackboxEnv(-1), xerrors.Errorf("blackbox env is unknown: '%s'", envStr)
}
}
type TicketStatus int
// This constants must be in sync with EStatus from library/cpp/tvmauth/ticket_status.h
const (
TicketOk TicketStatus = iota
TicketExpired
TicketInvalidBlackboxEnv
TicketInvalidDst
TicketInvalidTicketType
TicketMalformed
TicketMissingKey
TicketSignBroken
TicketUnsupportedVersion
TicketNoRoles
// Go-only statuses below
TicketStatusOther
TicketInvalidScopes
TicketInvalidSrcID
)
func (s TicketStatus) String() string {
switch s {
case TicketOk:
return "Ok"
case TicketExpired:
return "Expired"
case TicketInvalidBlackboxEnv:
return "InvalidBlackboxEnv"
case TicketInvalidDst:
return "InvalidDst"
case TicketInvalidTicketType:
return "InvalidTicketType"
case TicketMalformed:
return "Malformed"
case TicketMissingKey:
return "MissingKey"
case TicketSignBroken:
return "SignBroken"
case TicketUnsupportedVersion:
return "UnsupportedVersion"
case TicketNoRoles:
return "NoRoles"
case TicketStatusOther:
return "Other"
case TicketInvalidScopes:
return "InvalidScopes"
case TicketInvalidSrcID:
return "InvalidSrcID"
default:
return fmt.Sprintf("Unknown%d", s)
}
}
|
