README
¶
Auth Middleware
The package core-lush/middleware/lushauthmw is used to attach authentication information to requests and responses for REST and gRPC. To learn more about how to use auth inside of your application you should read the documentation for the core-lush/lushauth package.
Examples
Attach gRPC auth middlewares to server
server := grpc.NewServer(
middleware.WithUnaryServerChain(
lushauthmw.NewUnaryServerInterceptor(broker),
),
)
Attach auth middleware to gorilla mux router
mw := lushauthmw.JWTMiddleware(broker)
router.Use(mux.MiddlewareFunc(mw))
Documentation
¶
Index ¶
- Variables
- func ContextWithAuthTokenMetadata(ctx context.Context, jwt string) context.Context
- func HandlerGrants(grants []string, next http.HandlerFunc) http.HandlerFunc
- func HandlerRoles(roles []string, next http.HandlerFunc) http.HandlerFunc
- func InterceptServerJWT(ctx context.Context, broker CopierRenewer) (lushauth.Consumer, error)
- func JWTHandler(cr CopierRenewer, next http.HandlerFunc) http.HandlerFunc
- func NewStreamServerInterceptor(broker CopierRenewer) grpc.ServerOption
- func NewUnaryServerInterceptor(broker CopierRenewer) grpc.ServerOption
- func StreamClientInterceptor(jwt string) ...
- func StreamServerInterceptor(broker CopierRenewer) ...
- func UnaryClientInterceptor(jwt string) func(ctx context.Context, method string, req, reply interface{}, ...) error
- func UnaryServerInterceptor(broker CopierRenewer) ...
- type CopierRenewer
- type MiddlewareFunc
Examples ¶
Constants ¶
This section is empty.
Variables ¶
var ( // ErrMetadataMissing happens when there is no metadata with the request ErrMetadataMissing = status.Error(codes.InvalidArgument, "metadata missing") // ErrAuthTokenMissing happens when there is no auth token in the metadata ErrAuthTokenMissing = status.Error(codes.InvalidArgument, "metadata missing: auth-token") )
Functions ¶
func ContextWithAuthTokenMetadata ¶
ContextWithAuthTokenMetadata will add a JWT to the client outgoing context metadata
func HandlerGrants ¶
func HandlerGrants(grants []string, next http.HandlerFunc) http.HandlerFunc
HandlerGrants is an HTTP handler to check that the consumer in the request context has the required grants.
func HandlerRoles ¶
func HandlerRoles(roles []string, next http.HandlerFunc) http.HandlerFunc
HandlerRoles is an HTTP handler to check that the consumer in the request context has the required roles.
func InterceptServerJWT ¶
InterceptServerJWT will check the context metadata for a JWT
func JWTHandler ¶
func JWTHandler(cr CopierRenewer, next http.HandlerFunc) http.HandlerFunc
JWTHandler takes a JWT from the request headers, attempts validation and returns a http handler.
Example ¶
package main
import (
"crypto/rsa"
"net/http"
"time"
"github.com/LUSHDigital/core-lush/lushauth"
"github.com/LUSHDigital/core-lush/middleware/lushauthmw"
"github.com/LUSHDigital/core/auth"
)
var broker lushauthmw.CopierRenewer
type Mux struct{}
func (m *Mux) Use(...lushauthmw.MiddlewareFunc) {
}
func main() {
http.Handle("/users", lushauthmw.JWTHandler(broker, func(w http.ResponseWriter, r *http.Request) {
consumer := lushauth.ConsumerFromContext(r.Context())
if !consumer.HasAnyGrant("users.read") {
http.Error(w, "access denied", http.StatusUnauthorized)
}
}))
}
Output:
func NewStreamServerInterceptor ¶
func NewStreamServerInterceptor(broker CopierRenewer) grpc.ServerOption
NewStreamServerInterceptor creates a grpc server option with your key broker.
Example ¶
package main
import (
"crypto/rsa"
"log"
"net"
"time"
"github.com/LUSHDigital/core-lush/lushauth"
"github.com/LUSHDigital/core-lush/middleware/lushauthmw"
"github.com/LUSHDigital/core/auth"
"google.golang.org/grpc"
)
var broker lushauthmw.CopierRenewer
type Mux struct{}
func (m *Mux) Use(...lushauthmw.MiddlewareFunc) {
}
func main() {
srv := grpc.NewServer(
lushauthmw.NewStreamServerInterceptor(broker),
)
l, err := net.Listen("tpc", ":50051")
if err != nil {
log.Fatalln(err)
}
log.Fatalln(srv.Serve(l))
}
Output:
func NewUnaryServerInterceptor ¶
func NewUnaryServerInterceptor(broker CopierRenewer) grpc.ServerOption
NewUnaryServerInterceptor creates a unary grpc server option with your key broker.
Example ¶
package main
import (
"crypto/rsa"
"log"
"net"
"time"
"github.com/LUSHDigital/core-lush/lushauth"
"github.com/LUSHDigital/core-lush/middleware/lushauthmw"
"github.com/LUSHDigital/core/auth"
"google.golang.org/grpc"
)
var broker lushauthmw.CopierRenewer
type Mux struct{}
func (m *Mux) Use(...lushauthmw.MiddlewareFunc) {
}
func main() {
srv := grpc.NewServer(
lushauthmw.NewUnaryServerInterceptor(broker),
)
l, err := net.Listen("tpc", ":50051")
if err != nil {
log.Fatalln(err)
}
log.Fatalln(srv.Serve(l))
}
Output:
func StreamClientInterceptor ¶
func StreamClientInterceptor(jwt string) func(ctx context.Context, desc *grpc.StreamDesc, cc *grpc.ClientConn, method string, streamer grpc.Streamer, opts ...grpc.CallOption) (grpc.ClientStream, error)
StreamClientInterceptor is a gRPC client-side interceptor that provides Prometheus monitoring for Streaming RPCs.
func StreamServerInterceptor ¶
func StreamServerInterceptor(broker CopierRenewer) func(srv interface{}, ss grpc.ServerStream, info *grpc.StreamServerInfo, handler grpc.StreamHandler) error
StreamServerInterceptor is a gRPC server-side interceptor that checks that JWT provided is valid for streaming procedures
func UnaryClientInterceptor ¶
func UnaryClientInterceptor(jwt string) func(ctx context.Context, method string, req, reply interface{}, cc *grpc.ClientConn, invoker grpc.UnaryInvoker, opts ...grpc.CallOption) error
UnaryClientInterceptor is a gRPC client-side interceptor that provides Prometheus monitoring for Unary RPCs.
func UnaryServerInterceptor ¶
func UnaryServerInterceptor(broker CopierRenewer) func(ctx context.Context, req interface{}, info *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (interface{}, error)
UnaryServerInterceptor is a gRPC server-side interceptor that checks that JWT provided is valid for unary procedures
Types ¶
type CopierRenewer ¶
CopierRenewer represents the combination of a Copier and Renewer interface
type MiddlewareFunc ¶
MiddlewareFunc is a function which receives an http.Handler and returns another http.Handler. Typically, the returned handler is a closure which does something with the http.ResponseWriter and http.Request passed to it, and then calls the handler passed as parameter to the MiddlewareFunc.
func JWTMiddleware ¶
func JWTMiddleware(cr CopierRenewer) MiddlewareFunc
JWTMiddleware returns the middleware function for a jwt.
Example ¶
package main
import (
"crypto/rsa"
"time"
"github.com/LUSHDigital/core-lush/lushauth"
"github.com/LUSHDigital/core-lush/middleware/lushauthmw"
"github.com/LUSHDigital/core/auth"
)
var (
broker lushauthmw.CopierRenewer
router = &Mux{}
)
type Mux struct{}
func (m *Mux) Use(...lushauthmw.MiddlewareFunc) {
}
func main() {
middleware := lushauthmw.JWTMiddleware(broker)
router.Use(middleware)
}
Output:
func (MiddlewareFunc) Middleware ¶
func (mw MiddlewareFunc) Middleware(handler http.Handler) http.Handler
Middleware allows MiddlewareFunc to implement the middleware interface.
Source Files