DistKV and authentication¶
DistKV ships with a couple of rudimentary auth modules.
Currently there is no access control. That’s on the TODO list.
Included user auth methods¶
root¶
No access control. There is one user named “*”.
password¶
Username plus password.
API¶
The authorization code is modular. DistKV allows loading multiple auth methods, one of which is active. A method may use more than one record type (think “user” or “group”). Each of those records has a name.
The “user” type is only special because server and client use that to process login requests.
Multiple distinct DistKV domains or subdomains are possible, by adding an additional meta-root record anywhere in the entry hierarchy.
-
distkv.auth.
loader
(method: str, typ: str, *a, **k)¶
-
class
distkv.auth.
BaseServerAuth
(data: dict = {})¶ This class is used on the server to represent / verify a user.
The schema verifies whatever data the associated
ClientAuth
initially sends.-
classmethod
load
(data: distkv.model.Entry)¶ Create a ServerAuth object from existing stored data
-
await
auth
(cmd: distkv.server.StreamCommand, data)¶ Verify that @data authenticates this user.
-
info
()¶ Return whatever public data the user might want to have displayed.
This includes information to identify the user, but not anything that’d be suitable for verifying or even faking authorization.
-
await
check_read
(*path, client: distkv.server.ServerClient, data=None)¶ Check that this user may read the element at this location. This method may modify the data.
-
await
check_write
(*path, client: distkv.server.ServerClient, data=None)¶ Check that this user may write the element at this location. This method may modify the data.
-
classmethod
-
class
distkv.auth.
BaseClientAuth
(**data)¶ This class is used for creating a data record which authenticates a user.
The schema verifies the input to
build()
.-
classmethod
build
(user)¶ Create a user record from the data conforming to this schema.
-
ident
¶ Some user identifier. Required so that the server can actually find the record.
-
await
auth
(client: distkv.client.Client, chroot=())¶ Authorizes this record with the server.
-
classmethod
-
class
distkv.auth.
BaseServerAuthMaker
(chain=None, data=None, aux=None)¶ This class is used on the server to verify the transmitted user record and to store it in DistKV.
The schema verifies the data from the client.
-
classmethod
load
(data: distkv.model.Entry)¶ Read the user data from DistKV
-
classmethod await
recv
(cmd: distkv.server.StreamCommand, data: distkv.util.attrdict) → distkv.auth.BaseServerAuthMaker¶ Create a new user by reading the record from the client
-
ident
¶ The record to store this user under.
-
save
()¶ Return a record to represent this user, suitable for saving to DistKV
-
await
send
(cmd: distkv.server.StreamCommand)¶ Send a record to the client, possibly multi-step / secured / whatever
-
classmethod
-
class
distkv.auth.
BaseClientAuthMaker
(**data)¶ This class is used for creating a data record which describes a user record.
This is not the same as a
BaseClientAuth
; this class is used to represent stored user data on the server, while aBaseClientAuth
is used solely for authentication.The schema verifies the input to
build()
.-
classmethod
build
(user)¶ Create a user record from the data conforming to this schema.
-
ident
¶ The identifier for this user.
Required so that the server can actually find the record.
-
await
send
(client: distkv.client.Client, _kind='user')¶ Send this user to the server.
-
classmethod