auth

package

v0.0.0-...-1b8de1e Latest Latest Go to latest Published: Apr 25, 2024 License: Apache-2.0 Imports: 23 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/cortezaproject/corteza

Documentation ¶

Index ¶

Constants
Variables
func Anonymous() *identity
func AnonymousRoles() types.RoleSet
func ApplyRoleSecurity(permitted, prohibited, forced []uint64, rr ...uint64) (out []uint64)
func Authenticated(id uint64, rr ...uint64) *identity
func AuthenticatedRoles() types.RoleSet
func BypassRoles() types.RoleSet
func CheckJwtScope(token jwt.Token, required ...string) bool
func CheckScope(scope string, required ...string) bool
func DefaultAccessTokenGenerator(ctx context.Context, req TokenRequest) (string, string, error)
func ExtraReqInfoMiddleware(next http.Handler) http.Handler
func ExtractFromSubClaim(sub string) (userID uint64, rr []uint64)
func FederationUser() *types.User
func HmacSigner(secret string) *hmacSigner
func HttpTokenValidator(scope ...string) func(http.Handler) http.Handler
func IdentityFromToken(token jwt.Token) *identity
func NewTokenIssuer(opt ...IssuerOptFn) (issuer *tokenIssuer, err error)
func ProvisionUser() *types.User
func ServiceUser() *types.User
func SetIdentityToContext(ctx context.Context, identity Identifiable) context.Context
func SetSystemRoles(rr types.RoleSet)
func SetSystemUsers(uu types.UserSet, rr types.RoleSet)
func SetupSigner(secret string) (err error)
func TokenVerifierMiddlewareWithSecretSigner(secret string) (_ func(http.Handler) http.Handler, err error)
type ExtraReqInfo
- func GetExtraReqInfoFromContext(ctx context.Context) ExtraReqInfo
type Identifiable
- func GetIdentityFromContext(ctx context.Context) Identifiable
- func GetIdentityFromContextWithKey(ctx context.Context, key interface{}) Identifiable
type IssueOptFn
- func WithAccessToken(access string) IssueOptFn
- func WithAudience(aud string) IssueOptFn
- func WithClientID(id uint64) IssueOptFn
- func WithExpiration(e time.Duration) IssueOptFn
- func WithIdentity(i Identifiable) IssueOptFn
- func WithScope(ss ...string) IssueOptFn
type IssuerOptFn
- func WithDefaultClientID(ID uint64) IssuerOptFn
- func WithDefaultExpiration(exp time.Duration) IssuerOptFn
- func WithDefaultIssuer(iss string) IssuerOptFn
- func WithGenerator(fn tokenIssuerGenerator) IssuerOptFn
- func WithLookup(fn tokenIssuerLookup) IssuerOptFn
- func WithSecretSigner(secret string) IssuerOptFn
- func WithSigner(fn tokenIssuerSigner) IssuerOptFn
- func WithStore(fn tokenIssuerStore) IssuerOptFn
type Signer
type TokenRequest

Constants ¶

View Source

const (
	ProvisionUserHandle  = "corteza-provisioner"
	ServiceUserHandle    = "corteza-service"
	FederationUserHandle = "corteza-federation"

	BypassRoleHandle        = "super-admin"
	AuthenticatedRoleHandle = "authenticated"
	AnonymousRoleHandle     = "anonymous"
)

Variables ¶

View Source

var (
	HttpTokenVerifier func(http.Handler) http.Handler
)

View Source

var (
	TokenIssuer *tokenIssuer
)

Functions ¶

func Anonymous ¶

func Anonymous() *identity

Anonymous constructs and returns new anonymous identity with system anonymous roles

func AnonymousRoles ¶

func AnonymousRoles() types.RoleSet

AnonymousRoles returns all anonymous Roles

func ApplyRoleSecurity ¶

func ApplyRoleSecurity(permitted, prohibited, forced []uint64, rr ...uint64) (out []uint64)

ApplyRoleSecurity takes role security params (set of permitted, prohibited and forced roles) and applies these rules to the set of given roles

Filtered set of roles is returned ¶

String slices are used intentionally, because of the data source used

func Authenticated ¶

func Authenticated(id uint64, rr ...uint64) *identity

Authenticated constructs and returns new authenticated identity with assigned roles + system authenticated roles

func AuthenticatedRoles ¶

func AuthenticatedRoles() types.RoleSet

AuthenticatedRoles returns all authenticated Roles

func BypassRoles ¶

func BypassRoles() types.RoleSet

BypassRoles returns all bypass Roles

func CheckJwtScope ¶

func CheckJwtScope(token jwt.Token, required ...string) bool

CheckJwtScope verifies if required scope is in claim We're using interface{} and casting it if needed to simplify usage of the fn by directly using it with map[string]interface{} claims type

func CheckScope ¶

func CheckScope(scope string, required ...string) bool

func DefaultAccessTokenGenerator ¶

func DefaultAccessTokenGenerator(ctx context.Context, req TokenRequest) (string, string, error)

DefaultAccessTokenGenerator uses token generator from oauth2 lib

func ExtraReqInfoMiddleware ¶

func ExtraReqInfoMiddleware(next http.Handler) http.Handler

func ExtractFromSubClaim ¶

func ExtractFromSubClaim(sub string) (userID uint64, rr []uint64)

func FederationUser ¶

func FederationUser() *types.User

FederationUser returns clone of system federation user

func HmacSigner ¶

func HmacSigner(secret string) *hmacSigner

func HttpTokenValidator ¶

func HttpTokenValidator(scope ...string) func(http.Handler) http.Handler

HttpTokenValidator checks if there is a token with identity and matching scope claim

Empty scope defaults to "api"!

func IdentityFromToken ¶

func IdentityFromToken(token jwt.Token) *identity

IdentityFromToken decodes sub & roles claims into identity

func NewTokenIssuer ¶

func NewTokenIssuer(opt ...IssuerOptFn) (issuer *tokenIssuer, err error)

NewTokenIssuer initializes and returns new instance of JWT manager

func ProvisionUser ¶

func ProvisionUser() *types.User

ProvisionUser returns clone of system provision user

func ServiceUser ¶

func ServiceUser() *types.User

ServiceUser returns clone of system service user

func SetIdentityToContext ¶

func SetIdentityToContext(ctx context.Context, identity Identifiable) context.Context

func SetSystemRoles ¶

func SetSystemRoles(rr types.RoleSet)

func SetSystemUsers ¶

func SetSystemUsers(uu types.UserSet, rr types.RoleSet)

SetSystemUsers takes list of users and sets/updates appropriate provision, service & fed users

These are then accessed via special *User() fn.

func SetupSigner ¶

func SetupSigner(secret string) (err error)

func TokenVerifierMiddlewareWithSecretSigner ¶

func TokenVerifierMiddlewareWithSecretSigner(secret string) (_ func(http.Handler) http.Handler, err error)

TokenVerifierMiddlewareWithSecretSigner returns HTTP handler with simple jwa.HS512 + secret verifier

This should be 1:1 with token issuer!

Types ¶

type ExtraReqInfo ¶

type ExtraReqInfo struct {
	RemoteAddr string
	UserAgent  string
}

func GetExtraReqInfoFromContext ¶

func GetExtraReqInfoFromContext(ctx context.Context) ExtraReqInfo

type Identifiable ¶

type Identifiable interface {
	Identity() uint64
	Roles() []uint64
	Valid() bool
	String() string
}

func GetIdentityFromContext ¶

func GetIdentityFromContext(ctx context.Context) Identifiable

GetIdentityFromContext always returns identity, either valid or anonymous

For anonymous user, it auto appends all anonymous defined on the system

func GetIdentityFromContextWithKey ¶

func GetIdentityFromContextWithKey(ctx context.Context, key interface{}) Identifiable

type IssueOptFn ¶

type IssueOptFn func(*TokenRequest) error

IssueOptFn functions modify TokenRequest

func WithAccessToken ¶

func WithAccessToken(access string) IssueOptFn

func WithAudience ¶

func WithAudience(aud string) IssueOptFn

func WithClientID ¶

func WithClientID(id uint64) IssueOptFn

func WithExpiration ¶

func WithExpiration(e time.Duration) IssueOptFn

func WithIdentity ¶

func WithIdentity(i Identifiable) IssueOptFn

func WithScope ¶

func WithScope(ss ...string) IssueOptFn

type IssuerOptFn ¶

type IssuerOptFn func(*tokenIssuer) error

IssuerOptFn modify toeknIssuer

func WithDefaultClientID ¶

func WithDefaultClientID(ID uint64) IssuerOptFn

WithDefaultClientID configures ID of the default auth client

func WithDefaultExpiration ¶

func WithDefaultExpiration(exp time.Duration) IssuerOptFn

WithDefaultExpiration configures default token expiration time

func WithDefaultIssuer ¶

func WithDefaultIssuer(iss string) IssuerOptFn

WithDefaultIssuer configures default issuer claim

func WithGenerator ¶

func WithGenerator(fn tokenIssuerGenerator) IssuerOptFn

WithGenerator configures generator function

func WithLookup ¶

func WithLookup(fn tokenIssuerLookup) IssuerOptFn

WithLookup configures lookup function

func WithSecretSigner ¶

func WithSecretSigner(secret string) IssuerOptFn

WithSecretSigner configures token issuer with

func WithSigner ¶

func WithSigner(fn tokenIssuerSigner) IssuerOptFn

WithSigner configures signer function

func WithStore ¶

func WithStore(fn tokenIssuerStore) IssuerOptFn

WithStore configures store function

type Signer ¶

type Signer interface {
	Sign(userID uint64, pp ...interface{}) string
	Verify(signature string, userID uint64, pp ...interface{}) bool
}

var (
	DefaultSigner Signer
)

type TokenRequest ¶

type TokenRequest struct {
	AccessToken  string
	RefreshToken string
	Expiration   time.Duration
	Audience     string
	Issuer       string
	IssuedAt     time.Time
	ClientID     uint64
	UserID       uint64
	Roles        []uint64
	Scope        []string
}

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL