Documentation ¶
Index ¶
- Constants
- Variables
- func ContextWithConsumer(parent context.Context, consumer Consumer) context.Context
- func RSAKeyFunc(pk crypto.PublicKey) jwt.Keyfunc
- type AllPolicy
- type AnyPolicy
- type Claims
- type Consumer
- func (c *Consumer) HasAnyGrant(grants ...string) bool
- func (c Consumer) HasAnyMarketRole(id string, roles ...string) bool
- func (c *Consumer) HasAnyNeed(needs ...string) bool
- func (c *Consumer) HasAnyRole(roles ...string) bool
- func (c *Consumer) HasAnyUUID(ids ...string) bool
- func (c Consumer) HasNoMatchingGrant(grants ...string) bool
- func (c *Consumer) HasNoMatchingNeed(needs ...string) bool
- func (c *Consumer) HasNoMatchingRole(roles ...string) bool
- func (c *Consumer) IsUser(id int64) bool
- type GrantPolicy
- type JWTSigningMethodError
- type JWTVerificationError
- type Market
- type MarketPolicy
- type Permitter
- type RefreshableClaims
- type RolePolicy
- type UserPolicy
Examples ¶
Constants ¶
const ( // JWTValidationErrorExpired happens when EXP validation failed JWTValidationErrorExpired uint32 = 1 << iota // JWTValidationErrorUsedBeforeIssued happens when IAT validation failed JWTValidationErrorUsedBeforeIssued // JWTValidationErrorNotValidYet happens when NBF validation failed JWTValidationErrorNotValidYet // JWTValidationErrorIssuer happens when ISS validation failed JWTValidationErrorIssuer // JWTValidationErrorID happens when JTI validation failed JWTValidationErrorID )
Variables ¶
var ( // TimeFunc is a variable with a function to determine the current time. // Can be overridden in a test environment to set the current time to whatever you want it to be. TimeFunc = time.Now // DefaultValidPeriod is the period a set of claims are valid. DefaultValidPeriod = 60 * time.Minute )
Functions ¶
func ContextWithConsumer ¶
ContextWithConsumer takes a context and a service consumer and returns a new context with the consumer embedded.
Example ¶
package main import ( "context" "github.com/LUSHDigital/core-lush/lushauth" ) var ctx context.Context func main() { ctx = lushauth.ContextWithConsumer(context.Background(), lushauth.Consumer{ ID: 999, Grants: []string{"foo"}, }) }
Output:
Types ¶
type AllPolicy ¶ added in v0.1.0
type AllPolicy []Permitter
AllPolicy defines a policy made up of multiple other policies where all of them are required for access to be permitted.
Example ¶
policy := lushauth.AllPolicy{ lushauth.RolePolicy{"staff"}, lushauth.MarketPolicy{ ID: "gb", Roles: []string{"manager"}, }, } policy.Permit(consumer)
Output:
type AnyPolicy ¶ added in v0.1.0
type AnyPolicy []Permitter
AnyPolicy defines a policy made up of multiple other policies where any of them will permit access.
Example ¶
policy := lushauth.AnyPolicy{ lushauth.GrantPolicy{"users.delete"}, lushauth.RolePolicy{"admin"}, } policy.Permit(consumer)
Output:
type Claims ¶
type Claims struct { ID string `json:"jti,omitempty"` Issuer string `json:"iss,omitempty"` Audience string `json:"aud,omitempty"` Subject string `json:"sub,omitempty"` ExpiresAt int64 `json:"exp,omitempty"` IssuedAt int64 `json:"iat,omitempty"` NotBefore int64 `json:"nbf,omitempty"` Consumer Consumer `json:"consumer"` }
Claims hold information of the power exerted by a JWT. A structured version of the Claims section, as referenced at https://tools.ietf.org/html/rfc7519#section-4.1
func NewClaimsForConsumer ¶
NewClaimsForConsumer spawns new claims for
func (*Claims) Valid ¶
Valid validates time based claims (EXP, IAT, NBF) as well as the identifiers (ISS, JTI).
func (*Claims) VerifyExpiresAt ¶
VerifyExpiresAt compares the exp claim against a timestamp. Will change behaviour depending on the value of corelush.TimeFunc
func (*Claims) VerifyIssuedAt ¶
VerifyIssuedAt compares the iat claim against a timestamp. Will change behaviour depending on the value of corelush.TimeFunc
type Consumer ¶
type Consumer struct { // ID is a unique identifier for a user but should not be used in favour of UUID. ID int64 `json:"id"` // UUID is the unique identifier for a user. UUID string `json:"uuid"` // FirstName is the given name of a user. FirstName string `json:"first_name"` // LastName is the surname of a user. LastName string `json:"last_name"` // Language is the preferred language of a user. Language string `json:"language"` // Grants are any specific, given permissions for a user. // e.g. products.create, pages.read or tills.close Grants []string `json:"grants"` // Roles are what purpose a user server within the context of LUSH // e.g. guest, staff, creator or admin Roles []string `json:"roles"` // Needs are things that the user needs to do and that a front-end can react to. // e.g. password_reset, confirm_email or accept_terms Needs []string `json:"needs"` // Markets the user belongs to. // e.g. "gb", "de", etc... Markets []Market `json:"markets"` }
Consumer represents an API user for the LUSH infrastructure.
func ConsumerFromContext ¶
ConsumerFromContext extracts the consumer from the supplied context.
Example ¶
package main import ( "context" "github.com/LUSHDigital/core-lush/lushauth" ) var ctx context.Context func main() { consumer := lushauth.ConsumerFromContext(ctx) consumer.IsUser(999) }
Output:
func (*Consumer) HasAnyGrant ¶
HasAnyGrant checks if a consumer possess any of a given set of grants
func (Consumer) HasAnyMarketRole ¶ added in v0.0.2
HasAnyMarketRole checks if a user has any role in a given market.
func (*Consumer) HasAnyNeed ¶
HasAnyNeed checks if a consumer has any of the given needs
func (*Consumer) HasAnyRole ¶
HasAnyRole checks if a consumer possess any of a given set of roles
func (*Consumer) HasAnyUUID ¶ added in v0.1.0
HasAnyUUID checks if a consumer has the same uuid as a user
func (Consumer) HasNoMatchingGrant ¶
HasNoMatchingGrant checks if a consumer is missing any of a given set of grants
func (*Consumer) HasNoMatchingNeed ¶
HasNoMatchingNeed checks if a consumer has any of the given needs
func (*Consumer) HasNoMatchingRole ¶
HasNoMatchingRole checks if a consumer is missing any of a given set of roles
type GrantPolicy ¶ added in v0.1.0
type GrantPolicy []string
GrantPolicy defines what grants required for access.
Example ¶
policy := lushauth.GrantPolicy{"users.delete"} policy.Permit(consumer)
Output:
func (GrantPolicy) Error ¶ added in v0.1.0
func (p GrantPolicy) Error() string
func (GrantPolicy) Permit ¶ added in v0.1.0
func (p GrantPolicy) Permit(c Consumer) error
Permit a consumer or return an error.
type JWTSigningMethodError ¶
type JWTSigningMethodError struct {
Algorithm interface{}
}
JWTSigningMethodError happens when the RSA
func (JWTSigningMethodError) Error ¶
func (e JWTSigningMethodError) Error() string
type JWTVerificationError ¶
type JWTVerificationError struct {
Errors uint32
}
JWTVerificationError happens when one or more token fields could not be verified.
func (JWTVerificationError) Error ¶
func (e JWTVerificationError) Error() string
type MarketPolicy ¶ added in v0.1.0
MarketPolicy defines what roles to allow access for in a given market.
Example ¶
policy := lushauth.MarketPolicy{ ID: "gb", Roles: []string{ "admin", "manager", "staff", }, } policy.Permit(consumer)
Output:
func (MarketPolicy) Error ¶ added in v0.1.0
func (p MarketPolicy) Error() string
func (MarketPolicy) Permit ¶ added in v0.1.0
func (p MarketPolicy) Permit(c Consumer) error
Permit a consumer or return an error.
type RefreshableClaims ¶
type RefreshableClaims struct {
Claims
}
RefreshableClaims hold information of the power exerted by a JWT. A structured version of the Claims section, as referenced at https://tools.ietf.org/html/rfc7519#section-4.1
The difference between RefreshableClaims and Claims is that this struct will not attempt to validate whether the token is expired.
func (*RefreshableClaims) Valid ¶
func (c *RefreshableClaims) Valid() error
Valid verifies time based claims (IAT, NBF) as well as the identifiers (ISS, JTI).
type RolePolicy ¶ added in v0.1.0
type RolePolicy []string
RolePolicy defines what roles to grant access for.
Example ¶
policy := lushauth.RolePolicy{"admin", "staff"} policy.Permit(consumer)
Output:
func (RolePolicy) Error ¶ added in v0.1.0
func (p RolePolicy) Error() string
func (RolePolicy) Permit ¶ added in v0.1.0
func (p RolePolicy) Permit(c Consumer) error
Permit a consumer or return an error.
type UserPolicy ¶ added in v0.1.0
type UserPolicy []string
UserPolicy defines what users to grant access for.
Example ¶
policy := lushauth.UserPolicy{ UserID, // UserID: "5d4b32f9-5954-41c3-a470-7d76317635a7" } policy.Permit(consumer)
Output:
func (UserPolicy) Error ¶ added in v0.1.0
func (p UserPolicy) Error() string
func (UserPolicy) Permit ¶ added in v0.1.0
func (p UserPolicy) Permit(c Consumer) error
Permit a consumer or return an error.