Module Ketrew.Authentication

module Authentication: sig .. end


Server Authentication.

Module dealing with access tokens and access rights. There are no “sessions” here; just a file that looks like SSH's `authorized_keys`, and a function: token × capability → bool.

Capabilities are defined with polymorphic variants.

type t 
val log : t -> Ketrew_pure.Internal_pervasives.Log.t
Describe the source of the authentication.
val load : [ `Inline of string * string
| `Path of Ketrew_pure.Internal_pervasives.String.t ] list ->
(t,
[> `IO of [> `Read_file_exn of Unix_io.IO.path * exn ] ])
Unix_io.Deferred_result.t
Load tokens that represent your authentication.
val reload : t ->
(t,
[> `IO of [> `Read_file_exn of Unix_io.IO.path * exn ] ])
Unix_io.Deferred_result.t
Reload tokens based upon their original source.

This makes sense if the they were originall loaded from a specific `Path.

type capabilities = [ `Browse_gui
| `Kill_targets
| `Play_with_process_holder
| `Query_targets
| `Restart_targets
| `See_server_status
| `See_targets
| `Submit_targets ]
The capabilities that are validated, these are grouped according to the Up_message.t that is received.
val can : t ->
read_only_mode:bool ->
?token:string -> capabilities -> bool
Determine if we have the desired capabilities