Documentation ¶
Overview ¶
Package auth defines Readeck's authentication providers.
Index ¶
- func GetPermissions(r *http.Request) []string
- func GetRequestUser(r *http.Request) *users.User
- func HasPermission(r *http.Request, obj, act string) bool
- func Init(providers ...Provider) func(next http.Handler) http.Handler
- func Required(next http.Handler) http.Handler
- func SetRequestAuthInfo(r *http.Request, info *Info) *http.Request
- type BasicAuthProvider
- func (p *BasicAuthProvider) Authenticate(w http.ResponseWriter, r *http.Request) (*http.Request, error)
- func (p *BasicAuthProvider) CsrfExempt(_ *http.Request) bool
- func (p *BasicAuthProvider) GetPermissions(r *http.Request) []string
- func (p *BasicAuthProvider) HasPermission(r *http.Request, obj, act string) bool
- func (p *BasicAuthProvider) IsActive(r *http.Request) bool
- type FeatureCsrfProvider
- type FeaturePermissionProvider
- type Info
- type NullProvider
- type Provider
- type ProviderInfo
- type SessionAuthProvider
- type TokenAuthProvider
- func (p *TokenAuthProvider) Authenticate(w http.ResponseWriter, r *http.Request) (*http.Request, error)
- func (p *TokenAuthProvider) CsrfExempt(_ *http.Request) bool
- func (p *TokenAuthProvider) GetPermissions(r *http.Request) []string
- func (p *TokenAuthProvider) HasPermission(r *http.Request, obj, act string) bool
- func (p *TokenAuthProvider) IsActive(r *http.Request) bool
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func GetPermissions ¶
GetPermissions returns all the permissions available for the request. If the authentication provider implements it, a subset of permissions is sent, otherwise, the user own permissions is returned.
func GetRequestUser ¶
GetRequestUser returns the current request's user.
func HasPermission ¶
HasPermission returns true if the user that's connected can perform the action "act" on object "obj". It will check the user permissions and any scope given by the authentication provider.
func Init ¶
Init returns an http.Handler that will try to find a suitable authentication provider on each request. The first to return true with its IsActive() method becomes the request authentication provider.
If no provider could be found, the NullProvider will then be used.
The provider is then stored in the request's context and can be retrieved using GetRequestProvider().
func Required ¶
Required returns an http.Handler that will enforce authentication on the request. It uses the request authentication provider to perform the authentication.
A provider performing a successful authentication must store its authentication information using SetRequestAuthInfo.
When the request has this attribute it will carry on. Otherwise it stops the response with a 403 error.
The logged in user can be retrieved with GetRequestUser().
Types ¶
type BasicAuthProvider ¶
type BasicAuthProvider struct{}
BasicAuthProvider handles basic HTTP authentication method with "Authorization: Basic {payload}" header.
func (*BasicAuthProvider) Authenticate ¶
func (p *BasicAuthProvider) Authenticate(w http.ResponseWriter, r *http.Request) (*http.Request, error)
Authenticate performs the authentication using the HTTP basic authentication information provided.
func (*BasicAuthProvider) CsrfExempt ¶
func (p *BasicAuthProvider) CsrfExempt(_ *http.Request) bool
CsrfExempt is always true for this provider.
func (*BasicAuthProvider) GetPermissions ¶
func (p *BasicAuthProvider) GetPermissions(r *http.Request) []string
GetPermissions returns all the permissions attached to the current authentication provider role list. If no role is defined, it will fallback to the user permission list.
func (*BasicAuthProvider) HasPermission ¶
func (p *BasicAuthProvider) HasPermission(r *http.Request, obj, act string) bool
HasPermission checks the permission on the current authentication provider role list. If the role list is empty, the user permissions apply.
type FeatureCsrfProvider ¶
type FeatureCsrfProvider interface { // Must return true to disable CSRF protection for the request. CsrfExempt(*http.Request) bool }
FeatureCsrfProvider allows a provider to implement a method to bypass all CSRF protection.
type FeaturePermissionProvider ¶
type FeaturePermissionProvider interface { HasPermission(*http.Request, string, string) bool GetPermissions(*http.Request) []string }
FeaturePermissionProvider allows a provider to implement a permission check of its own. Usually providing scoped permissions.
type Info ¶
type Info struct { Provider *ProviderInfo User *users.User }
Info is the payload with the currently authenticated user and some information about the provider.
func GetRequestAuthInfo ¶
GetRequestAuthInfo returns the current request's auth info.
type NullProvider ¶
type NullProvider struct{}
NullProvider is the provider returned when no other provider could be activated.
func (*NullProvider) Authenticate ¶
func (p *NullProvider) Authenticate(_ http.ResponseWriter, r *http.Request) (*http.Request, error)
Authenticate doesn't do anything.
func (*NullProvider) Info ¶
func (p *NullProvider) Info(_ *http.Request) *ProviderInfo
Info return information about the provider.
type Provider ¶
type Provider interface { // Must return true to enable the provider for the current request. IsActive(*http.Request) bool // Must return a request with the Info provided when successful. Authenticate(http.ResponseWriter, *http.Request) (*http.Request, error) }
Provider is the interface that must implement any authentication provider.
func GetRequestProvider ¶
GetRequestProvider returns the current request's authentication provider.
type ProviderInfo ¶
ProviderInfo contains information about the provider.
type SessionAuthProvider ¶
type SessionAuthProvider struct { // A function that returns the request's session GetSession func(*http.Request) *sessions.Session // authentication fails. UnauthorizedHandler func(http.ResponseWriter, *http.Request) }
SessionAuthProvider is the last authentication provider. It's alway enabled in case of every previous provider failing.
func (*SessionAuthProvider) Authenticate ¶
func (p *SessionAuthProvider) Authenticate(w http.ResponseWriter, r *http.Request) (*http.Request, error)
Authenticate checks if the request's session cookie is valid and the user exists.
type TokenAuthProvider ¶
type TokenAuthProvider struct{}
TokenAuthProvider handles authentication using a bearer token passed in the request "Authorization" header with the scheme "Bearer".
func (*TokenAuthProvider) Authenticate ¶
func (p *TokenAuthProvider) Authenticate(w http.ResponseWriter, r *http.Request) (*http.Request, error)
Authenticate performs the authentication using the "Authorization: Bearer" header provided.
func (*TokenAuthProvider) CsrfExempt ¶
func (p *TokenAuthProvider) CsrfExempt(_ *http.Request) bool
CsrfExempt is always true for this provider.
func (*TokenAuthProvider) GetPermissions ¶
func (p *TokenAuthProvider) GetPermissions(r *http.Request) []string
GetPermissions returns all the permissions attached to the current authentication provider role list. If no role is defined, it will fallback to the user permission list.
func (*TokenAuthProvider) HasPermission ¶
func (p *TokenAuthProvider) HasPermission(r *http.Request, obj, act string) bool
HasPermission checks the permission on the current authentication provider role list. If the role list is empty, the user permissions apply.
Directories ¶
Path | Synopsis |
---|---|
Package credentials contains the models and functions to manage user credentials.
|
Package credentials contains the models and functions to manage user credentials. |
Package onboarding provides the routes and forms for the initial onboarding process.
|
Package onboarding provides the routes and forms for the initial onboarding process. |
Package signin contains the routes for Readeck sign-in process.
|
Package signin contains the routes for Readeck sign-in process. |
Package tokens contains the models and functions to manage user API tokens.
|
Package tokens contains the models and functions to manage user API tokens. |
Package users contains the models and functions to manage users.
|
Package users contains the models and functions to manage users. |