auth

package

v0.0.0-...-39283cd Latest Latest Go to latest Published: Apr 26, 2024 License: Apache-2.0 Imports: 12 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

Documentation ¶

Overview ¶

Package auth provides authentication and authorization support. Authentication: You are who you say you are. Authorization: You have permission to do what you are requesting to do.

Index ¶

Constants
Variables
type Auth
- func New(cfg Config) (*Auth, error)
type Claims
- func (c Claims) HasRole(r userbus.Role) bool
type Config
type KeyLookup

Constants ¶

View Source

const (
	RuleAuthenticate   = "auth"
	RuleAny            = "rule_any"
	RuleAdminOnly      = "rule_admin_only"
	RuleUserOnly       = "rule_user_only"
	RuleAdminOrSubject = "rule_admin_or_subject"
)

These the current set of rules we have for auth.

Variables ¶

View Source

var ErrForbidden = errors.New("attempted action is not allowed")

ErrForbidden is returned when a auth issue is identified.

Functions ¶

This section is empty.

Types ¶

type Auth ¶

type Auth struct {
	// contains filtered or unexported fields
}

Auth is used to authenticate clients. It can generate a token for a set of user claims and recreate the claims by parsing the token.

func New ¶

func New(cfg Config) (*Auth, error)

New creates an Auth to support authentication/authorization.

func (*Auth) Authenticate ¶

func (a *Auth) Authenticate(ctx context.Context, bearerToken string) (Claims, error)

Authenticate processes the token to validate the sender's token is valid.

func (*Auth) Authorize ¶

func (a *Auth) Authorize(ctx context.Context, claims Claims, userID uuid.UUID, rule string) error

Authorize attempts to authorize the user with the provided input roles, if none of the input roles are within the user's claims, we return an error otherwise the user is authorized.

func (*Auth) GenerateToken ¶

func (a *Auth) GenerateToken(kid string, claims Claims) (string, error)

GenerateToken generates a signed JWT token string representing the user Claims.

type Claims ¶

type Claims struct {
	jwt.RegisteredClaims
	Roles []userbus.Role `json:"roles"`
}

Claims represents the authorization claims transmitted via a JWT.

func (Claims) HasRole ¶

func (c Claims) HasRole(r userbus.Role) bool

HasRole checks if the specified role exists.

type Config ¶

type Config struct {
	Log       *logger.Logger
	DB        *sqlx.DB
	KeyLookup KeyLookup
	Issuer    string
}

Config represents information required to initialize auth.

type KeyLookup ¶

type KeyLookup interface {
	PrivateKey(kid string) (key string, err error)
	PublicKey(kid string) (key string, err error)
}

KeyLookup declares a method set of behavior for looking up private and public keys for JWT use. The return could be a PEM encoded string or a JWS based key.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL