Module Ketrew.Authentication

module Authentication: sig .. end

Server Authentication.

Module dealing with access tokens and access rights. There are no “sessions” here; just a file that looks like SSH's `authorized_keys`, and a function: token × capability → bool.

Capabilities are defined with polymorphic variants.

type t

val log : t -> Ketrew_pure.Internal_pervasives.Log.t

Describe the source of the authentication.

val load : [ `Inline of string * string
       | `Path of Ketrew_pure.Internal_pervasives.String.t ] list ->
       (t,
        [> `IO of [> `Read_file_exn of Unix_io.IO.path * exn ] ])
       Unix_io.Deferred_result.t

Load tokens that represent your authentication.

val reload : t ->
       (t,
        [> `IO of [> `Read_file_exn of Unix_io.IO.path * exn ] ])
       Unix_io.Deferred_result.t

Reload tokens based upon their original source.

This makes sense if the they were originall loaded from a specific `Path.

type capabilities = [ `Browse_gui
       | `Kill_targets
       | `Play_with_process_holder
       | `Query_targets
       | `Restart_targets
       | `See_server_status
       | `See_targets
       | `Submit_targets ]

The capabilities that are validated, these are grouped according to the Up_message.t that is received.

val can : t ->
       read_only_mode:bool ->
       ?token:string -> capabilities -> bool

Determine if we have the desired capabilities