auth

package

v0.0.4 Latest Latest Go to latest Published: Apr 6, 2024 License: MIT Imports: 13 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/dsbferris/new-traefik-forward-auth

Links

Open Source Insights

Documentation ¶

Index ¶

Variables
type Auth
- func NewAuth(config *appconfig.AppConfig) *Auth

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	ErrCookieInvalidFormat = errors.New("invalid cookie format")
	ErrCookieMacDecode     = errors.New("unable to decode cookie mac")
	ErrCookieMacGenerate   = errors.New("unable to generate mac")

	// InvalidSignature signifies one of:
	// 1. mac signature was badly computed
	// 2. mac signature was modified
	// 3. signature format was changed between versions
	// 4. secret was rotated
	ErrCookieInvalidSignature = errors.New("invalid mac signature")

	ErrCookieExpiryParse = errors.New("unable to parse cookie expiry")
	ErrCookieExpired     = errors.New("cookie has expired")

	ErrRedirectScheme        = errors.New("invalid redirect: scheme mismatch")
	ErrRedirectHost          = errors.New("invalid redirect: host mismatch")
	ErrRedirectParse         = errors.New("unable to parse redirect")
	ErrRedirectUrl           = errors.New("invalid redirect URL scheme")
	ErrRedirectHostExpected  = errors.New("redirect host does not match any expected hosts (should match cookie domain when using auth host)")
	ErrRedirectHostRequested = errors.New("redirect host does not match request host (must match when not using auth host)")

	ErrCsrfInvalidValue = errors.New("invalid CSRF cookie value")
	ErrCsrfStateMatch   = errors.New("state of CSRF cookie does not match")
	ErrCsrfStateFormat  = errors.New("invalid CSRF state format")
	ErrCsrfStateValue   = errors.New("invalid CSRF state value")
)

Functions ¶

This section is empty.

Types ¶

type Auth ¶

type Auth struct {
	// contains filtered or unexported fields
}

Request Validation

func NewAuth ¶

func NewAuth(config *appconfig.AppConfig) *Auth

func (*Auth) ClearCSRFCookie ¶

func (a *Auth) ClearCSRFCookie(r *http.Request, c *http.Cookie) *http.Cookie

ClearCSRFCookie makes an expired csrf cookie to clear csrf cookie

func (*Auth) ClearCookie ¶

func (a *Auth) ClearCookie(r *http.Request) *http.Cookie

ClearCookie clears the auth cookie

func (*Auth) CookieDomain ¶

func (a *Auth) CookieDomain(r *http.Request) string

Cookie domain

func (*Auth) CookieExpiry ¶

func (a *Auth) CookieExpiry() time.Time

Get cookie expiry

func (*Auth) CookieSignature ¶

func (a *Auth) CookieSignature(r *http.Request, email, expires string) string

Create cookie hmac

func (*Auth) CsrfCookieDomain ¶

func (a *Auth) CsrfCookieDomain(r *http.Request) string

Cookie domain

func (*Auth) CurrentUrl ¶

func (a *Auth) CurrentUrl(r *http.Request) string

Return url

func (*Auth) FindCSRFCookie ¶

func (a *Auth) FindCSRFCookie(r *http.Request, state string) (c *http.Cookie, err error)

FindCSRFCookie extracts the CSRF cookie from the request based on state.

func (*Auth) GetRedirectURI ¶

func (a *Auth) GetRedirectURI(r *http.Request) string

func (*Auth) MakeCSRFCookie ¶

func (a *Auth) MakeCSRFCookie(r *http.Request, nonce string) *http.Cookie

MakeCSRFCookie makes a csrf cookie (used during login only)

Note, CSRF cookies live shorter than auth cookies, a fixed 1h. That's because some CSRF cookies may belong to auth flows that don't complete and thus may not get cleared by ClearCookie.

func (*Auth) MakeCookie ¶

func (a *Auth) MakeCookie(r *http.Request, user string) *http.Cookie

MakeCookie creates an auth cookie

func (*Auth) MakeState ¶

func (a *Auth) MakeState(returnUrl string, p provider.Provider, nonce string) string

MakeState generates a state value

func (*Auth) MatchCookieDomains ¶

func (a *Auth) MatchCookieDomains(domain string) (bool, string)

Return matching cookie domain if exists

func (*Auth) Nonce ¶

func (a *Auth) Nonce() (string, error)

Nonce generates a random nonce

func (*Auth) RedirectBase ¶

func (a *Auth) RedirectBase(r *http.Request) string

Get the request base from forwarded request

func (*Auth) RedirectUri ¶

func (a *Auth) RedirectUri(r *http.Request) string

Get oauth redirect uri

func (*Auth) UseAuthDomain ¶

func (a *Auth) UseAuthDomain(r *http.Request) (bool, string)

Should we use auth host + what it is

func (*Auth) ValidateCSRFCookie ¶

func (a *Auth) ValidateCSRFCookie(c *http.Cookie, state string) (valid bool, provider string, redirect string, err error)

ValidateCSRFCookie validates the csrf cookie against state

func (*Auth) ValidateCookie ¶

func (a *Auth) ValidateCookie(r *http.Request, c *http.Cookie) (string, error)

ValidateCookie verifies that a cookie matches the expected format of: Cookie = hash(secret, cookie domain, user, expires)|expires|user

func (*Auth) ValidateLoginRedirect ¶

func (a *Auth) ValidateLoginRedirect(r *http.Request, redirect string) (*url.URL, error)

func (*Auth) ValidateRedirect ¶

func (a *Auth) ValidateRedirect(r *http.Request, redirect string) (*url.URL, error)

ValidateRedirect validates that the given redirect is valid and permitted for the given request

func (*Auth) ValidateState ¶

func (a *Auth) ValidateState(state string) error

ValidateState checks whether the state is of right length.

func (*Auth) ValidateUser ¶

func (a *Auth) ValidateUser(user string) bool

ValidateUser checks if the given user matches either a whitelisted user, as defined by the "whitelist" config parameter. Or is part of a permitted domain, as defined by the "domains" config parameter

Source Files ¶

View all Source files

auth.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL