DistKV and authentication¶

DistKV ships with a couple of rudimentary auth modules.

Currently there is no access control. That’s on the TODO list.

Included user auth methods¶

root¶

No access control. There is one user named “*”.

password¶

Username plus password.

API¶

The authorization code is modular. DistKV allows loading multiple auth methods, one of which is active. A method may use more than one record type (think “user” or “group”). Each of those records has a name.

The “user” type is only special because server and client use that to process login requests.

Multiple distinct DistKV domains or subdomains are possible, by adding an additional meta-root record anywhere in the entry hierarchy.

distkv.auth.loader(method: str, typ: str, *a, **k)¶

class distkv.auth.BaseServerAuth(data: dict = {})¶

This class is used on the server to represent / verify a user.

The schema verifies whatever data the associated ClientAuth initially sends.

classmethod load(data: distkv.model.Entry)¶: Create a ServerAuth object from existing stored data

await auth(cmd: distkv.server.StreamCommand, data)¶: Verify that @data authenticates this user.

info()¶

Return whatever public data the user might want to have displayed.

This includes information to identify the user, but not anything that’d be suitable for verifying or even faking authorization.

await check_read(*path, client: distkv.server.ServerClient, data=None)¶: Check that this user may read the element at this location. This method may modify the data.

await check_write(*path, client: distkv.server.ServerClient, data=None)¶: Check that this user may write the element at this location. This method may modify the data.

class distkv.auth.BaseClientAuth(**data)¶

This class is used for creating a data record which authenticates a user.

The schema verifies the input to build().

classmethod build(user)¶: Create a user record from the data conforming to this schema.

ident¶: Some user identifier. Required so that the server can actually find the record.

await auth(client: distkv.client.Client, chroot=())¶: Authorizes this record with the server.

auth_data()¶

Additional data for the initial auth message.

Does NOT include ‘ident’, that gets added explicitly by auth().

class distkv.auth.BaseServerAuthMaker(chain=None, data=None, aux=None)¶

This class is used on the server to verify the transmitted user record and to store it in DistKV.

The schema verifies the data from the client.

classmethod load(data: distkv.model.Entry)¶: Read the user data from DistKV

classmethod await recv(cmd: distkv.server.StreamCommand, data: distkv.util.attrdict) → distkv.auth.BaseServerAuthMaker¶: Create a new user by reading the record from the client

ident¶: The record to store this user under.

save()¶: Return a record to represent this user, suitable for saving to DistKV

await send(cmd: distkv.server.StreamCommand)¶: Send a record to the client, possibly multi-step / secured / whatever

class distkv.auth.BaseClientAuthMaker(**data)¶

This class is used for creating a data record which describes a user record.

This is not the same as a BaseClientAuth; this class is used to represent stored user data on the server, while a BaseClientAuth is used solely for authentication.

The schema verifies the input to build().

classmethod build(user)¶: Create a user record from the data conforming to this schema.

export()¶: Return the data required to re-create the user via build().

ident¶

The identifier for this user.

Required so that the server can actually find the record.

await send(client: distkv.client.Client, _kind='user')¶: Send this user to the server.