Documentation ¶
Index ¶
- Variables
- func ContextWithAuthTokenMetadata(ctx context.Context, jwt string) context.Context
- func HandlerGrants(grants []string, next http.HandlerFunc) http.HandlerFunc
- func HandlerRoles(roles []string, next http.HandlerFunc) http.HandlerFunc
- func InterceptServerJWT(ctx context.Context, broker CopierRenewer) (lushauth.Consumer, error)
- func JWTHandler(cr CopierRenewer, next http.HandlerFunc) http.HandlerFunc
- func NewStreamServerInterceptor(broker CopierRenewer) grpc.ServerOption
- func NewUnaryServerInterceptor(broker CopierRenewer) grpc.ServerOption
- func StreamClientInterceptor(jwt string) ...
- func StreamServerInterceptor(broker CopierRenewer) ...
- func UnaryClientInterceptor(jwt string) func(ctx context.Context, method string, req, reply interface{}, ...) error
- func UnaryServerInterceptor(broker CopierRenewer) ...
- type CopierRenewer
- type MiddlewareFunc
Examples ¶
Constants ¶
This section is empty.
Variables ¶
var ( // ErrMetadataMissing happens when there is no metadata with the request ErrMetadataMissing = status.Error(codes.InvalidArgument, "metadata missing") // ErrAuthTokenMissing happens when there is no auth token in the metadata ErrAuthTokenMissing = status.Error(codes.InvalidArgument, "metadata missing: auth-token") )
Functions ¶
func ContextWithAuthTokenMetadata ¶
ContextWithAuthTokenMetadata will add a JWT to the client outgoing context metadata
func HandlerGrants ¶
func HandlerGrants(grants []string, next http.HandlerFunc) http.HandlerFunc
HandlerGrants is an HTTP handler to check that the consumer in the request context has the required grants.
func HandlerRoles ¶
func HandlerRoles(roles []string, next http.HandlerFunc) http.HandlerFunc
HandlerRoles is an HTTP handler to check that the consumer in the request context has the required roles.
func InterceptServerJWT ¶
InterceptServerJWT will check the context metadata for a JWT
func JWTHandler ¶
func JWTHandler(cr CopierRenewer, next http.HandlerFunc) http.HandlerFunc
JWTHandler takes a JWT from the request headers, attempts validation and returns a http handler.
Example ¶
package main import ( "crypto/rsa" "net/http" "time" "github.com/LUSHDigital/core-lush/lushauth" "github.com/LUSHDigital/core-lush/middleware/lushauthmw" "github.com/LUSHDigital/core/auth" ) var broker lushauthmw.CopierRenewer type Mux struct{} func (m *Mux) Use(...lushauthmw.MiddlewareFunc) { } func main() { http.Handle("/users", lushauthmw.JWTHandler(broker, func(w http.ResponseWriter, r *http.Request) { consumer := lushauth.ConsumerFromContext(r.Context()) if !consumer.HasAnyGrant("users.read") { http.Error(w, "access denied", http.StatusUnauthorized) } })) }
Output:
func NewStreamServerInterceptor ¶
func NewStreamServerInterceptor(broker CopierRenewer) grpc.ServerOption
NewStreamServerInterceptor creates a grpc server option with your key broker.
Example ¶
package main import ( "crypto/rsa" "log" "net" "time" "github.com/LUSHDigital/core-lush/lushauth" "github.com/LUSHDigital/core-lush/middleware/lushauthmw" "github.com/LUSHDigital/core/auth" "google.golang.org/grpc" ) var broker lushauthmw.CopierRenewer type Mux struct{} func (m *Mux) Use(...lushauthmw.MiddlewareFunc) { } func main() { srv := grpc.NewServer( lushauthmw.NewStreamServerInterceptor(broker), ) l, err := net.Listen("tpc", ":50051") if err != nil { log.Fatalln(err) } log.Fatalln(srv.Serve(l)) }
Output:
func NewUnaryServerInterceptor ¶
func NewUnaryServerInterceptor(broker CopierRenewer) grpc.ServerOption
NewUnaryServerInterceptor creates a unary grpc server option with your key broker.
Example ¶
package main import ( "crypto/rsa" "log" "net" "time" "github.com/LUSHDigital/core-lush/lushauth" "github.com/LUSHDigital/core-lush/middleware/lushauthmw" "github.com/LUSHDigital/core/auth" "google.golang.org/grpc" ) var broker lushauthmw.CopierRenewer type Mux struct{} func (m *Mux) Use(...lushauthmw.MiddlewareFunc) { } func main() { srv := grpc.NewServer( lushauthmw.NewUnaryServerInterceptor(broker), ) l, err := net.Listen("tpc", ":50051") if err != nil { log.Fatalln(err) } log.Fatalln(srv.Serve(l)) }
Output:
func StreamClientInterceptor ¶
func StreamClientInterceptor(jwt string) func(ctx context.Context, desc *grpc.StreamDesc, cc *grpc.ClientConn, method string, streamer grpc.Streamer, opts ...grpc.CallOption) (grpc.ClientStream, error)
StreamClientInterceptor is a gRPC client-side interceptor that provides Prometheus monitoring for Streaming RPCs.
func StreamServerInterceptor ¶
func StreamServerInterceptor(broker CopierRenewer) func(srv interface{}, ss grpc.ServerStream, info *grpc.StreamServerInfo, handler grpc.StreamHandler) error
StreamServerInterceptor is a gRPC server-side interceptor that checks that JWT provided is valid for streaming procedures
func UnaryClientInterceptor ¶
func UnaryClientInterceptor(jwt string) func(ctx context.Context, method string, req, reply interface{}, cc *grpc.ClientConn, invoker grpc.UnaryInvoker, opts ...grpc.CallOption) error
UnaryClientInterceptor is a gRPC client-side interceptor that provides Prometheus monitoring for Unary RPCs.
func UnaryServerInterceptor ¶
func UnaryServerInterceptor(broker CopierRenewer) func(ctx context.Context, req interface{}, info *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (interface{}, error)
UnaryServerInterceptor is a gRPC server-side interceptor that checks that JWT provided is valid for unary procedures
Types ¶
type CopierRenewer ¶
CopierRenewer represents the combination of a Copier and Renewer interface
type MiddlewareFunc ¶
MiddlewareFunc is a function which receives an http.Handler and returns another http.Handler. Typically, the returned handler is a closure which does something with the http.ResponseWriter and http.Request passed to it, and then calls the handler passed as parameter to the MiddlewareFunc.
func JWTMiddleware ¶
func JWTMiddleware(cr CopierRenewer) MiddlewareFunc
JWTMiddleware returns the middleware function for a jwt.
Example ¶
package main import ( "crypto/rsa" "time" "github.com/LUSHDigital/core-lush/lushauth" "github.com/LUSHDigital/core-lush/middleware/lushauthmw" "github.com/LUSHDigital/core/auth" ) var ( broker lushauthmw.CopierRenewer router = &Mux{} ) type Mux struct{} func (m *Mux) Use(...lushauthmw.MiddlewareFunc) { } func main() { middleware := lushauthmw.JWTMiddleware(broker) router.Use(middleware) }
Output:
func (MiddlewareFunc) Middleware ¶
func (mw MiddlewareFunc) Middleware(handler http.Handler) http.Handler
Middleware allows MiddlewareFunc to implement the middleware interface.