handler

package
v0.0.0-...-e76cf3b Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Aug 6, 2021 License: Apache-2.0 Imports: 33 Imported by: 0

Documentation

Index

Constants

View Source
const (
	// Mongo database name
	AuthDBName   = "auth"
	PortalDBName = "portal-db"

	// Mongo collection name
	UserCollection                   = "users"
	JWTInfoCollection                = "jwt_info"
	JWTSecureCollection              = "jwt_secure"
	InstitutionsCollection           = "institutions"
	ParticipantPermissionsCollection = "participant_permissions"
	ParticipantApprovalsCollection   = "participant_approvals"
	SuperApprovalsCollection         = "super_approvals"
	IDTokenSecureCollection          = "id_token_secure"
	TOTPCollection                   = "totp"
)

Variables

View Source
var LOGGER = logging.MustGetLogger("auth-handlers")

Functions

func ParticipantAuthorization

func ParticipantAuthorization(w http.ResponseWriter, r *http.Request, next http.HandlerFunc)

* ParticipantAuthorization : Authorization for client portal * If JWT is not enabled, the next handler is served. * If JWT is enabled, database ID, institution ID, permission (request/approve), requestID (if permission is approve), participantID are expected in the headers. * The error message can be relayed back with NotifyWWError but it seems sensible to log it.

func SuperAuthorization

func SuperAuthorization(w http.ResponseWriter, r *http.Request, next http.HandlerFunc)

* SuperAuthorization : Authorization for client portal for super users * If JWT is not enabled, the next handler is served. * If JWT is enabled, database ID, institution ID, permission (request/approve), requestID (if permission is approve), participantID are expected in the headers. * Participant ID and Institution ID are no longer mandatory because at the time it wont be necessary that those are available. * All GET requests are direct access, if there is access :- No maker checker * All POSTS are maker-checker except payout point which needs the current security lead/team member to validate before it gets merged in

Types

type AuthOperations

type AuthOperations struct {
	// contains filtered or unexported fields
}

func CreateAuthServiceOperations

func CreateAuthServiceOperations() (AuthOperations, error)

func (*AuthOperations) AuthenticateUser

func (op *AuthOperations) AuthenticateUser(next http.Handler) http.Handler

This middleware will check if the provided ID token contained the user ID and will use this ID to query the record in the DB to check if this user exist. Later on, set the email in the header for later use.

func (*AuthOperations) CheckAccountNameMiddleWare

func (op *AuthOperations) CheckAccountNameMiddleWare(next http.Handler) http.Handler

func (*AuthOperations) CheckPermissions

func (op *AuthOperations) CheckPermissions(next http.Handler) http.Handler

This middleware will extract the request path and check if this user has the permission to access this endpoint

func (*AuthOperations) CheckTOTPMiddleWareIBMIdUser

func (op *AuthOperations) CheckTOTPMiddleWareIBMIdUser(next http.Handler) http.Handler

func (*AuthOperations) CheckTOTPMiddleWarePortalUser

func (op *AuthOperations) CheckTOTPMiddleWarePortalUser(next http.Handler) http.Handler

func (*AuthOperations) ExtractJWTClaims

func (op *AuthOperations) ExtractJWTClaims(tokenStr string, r *http.Request) (jwt.IJWTTokenClaim, bool)

ExtractJWTClaims : parses (decodes) jwt token using secret and returns claims if successful

func (*AuthOperations) HandleGenerateIDToken

func (op *AuthOperations) HandleGenerateIDToken(w http.ResponseWriter, r *http.Request)

func (*AuthOperations) HandleJWTApprove

func (op *AuthOperations) HandleJWTApprove(w http.ResponseWriter, r *http.Request)

#2 Second step for JWT creation

func (*AuthOperations) HandleJWTGenerate

func (op *AuthOperations) HandleJWTGenerate(w http.ResponseWriter, r *http.Request)

#3 Third step for JWT creation

func (*AuthOperations) HandleJWTRefresh

func (op *AuthOperations) HandleJWTRefresh(w http.ResponseWriter, r *http.Request)

func (*AuthOperations) HandleJWTRequest

func (op *AuthOperations) HandleJWTRequest(w http.ResponseWriter, r *http.Request)

#1 First step for JWT creation

func (*AuthOperations) HandleJWTRevoke

func (op *AuthOperations) HandleJWTRevoke(w http.ResponseWriter, r *http.Request)

func (*AuthOperations) HandleJWTVerify

func (op *AuthOperations) HandleJWTVerify(w http.ResponseWriter, r *http.Request)

func (*AuthOperations) HandlePermissionParticipantUpdate

func (op *AuthOperations) HandlePermissionParticipantUpdate(w http.ResponseWriter, r *http.Request)

func (*AuthOperations) HandlePermissionSuperUpdate

func (op *AuthOperations) HandlePermissionSuperUpdate(w http.ResponseWriter, r *http.Request)

func (*AuthOperations) HandlePortalLoginTOTP

func (op *AuthOperations) HandlePortalLoginTOTP(w http.ResponseWriter, r *http.Request)

func (*AuthOperations) HandleSSOToken

func (op *AuthOperations) HandleSSOToken(w http.ResponseWriter, r *http.Request)

func (*AuthOperations) HandleTOTPConfirm

func (op *AuthOperations) HandleTOTPConfirm(w http.ResponseWriter, r *http.Request)

func (*AuthOperations) HandleTOTPCreate

func (op *AuthOperations) HandleTOTPCreate(w http.ResponseWriter, r *http.Request)

func (*AuthOperations) MiddlewareCheck

func (op *AuthOperations) MiddlewareCheck(w http.ResponseWriter, r *http.Request)

func (*AuthOperations) ServiceCheck

func (op *AuthOperations) ServiceCheck(w http.ResponseWriter, r *http.Request)

type IRoutePermissions

type IRoutePermissions struct {
	SuperPermissions       []string
	ParticipantPermissions []string
}

type MakerRequestData

type MakerRequestData struct {
	ID            primitive.ObjectID `json:"_id" bson:"_id"`
	RequestUserID string             `json:"uid_request,omitempty" bson:"uid_request"`
	ApproveUserID string             `json:"uid_approve" bson:"uid_approve"`
	InstitutionID string             `json:"iid,omitempty" bson:"iid"`
	ParticipantID string             `json:"pid,omitempty" bson:"pid"`
	Status        string             `json:"status,omitempty" bson:"status"`
	Endpoint      string             `json:"endpoint,omitempty" bson:"endpoint"`
	Method        string             `json:"method,omitempty" bson:"method"`
	Timestamp     int64              `json:"timestamp_request,omitempty" bson:"timestamp_request"`
}

MakerRequestData is a json-serializable type. This is the data structure that gets committed to database. The ApproveUserId is added from the beginning since altering types later is not possible.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL