reftoken

package

v0.0.0-...-4a0794a Latest Latest Go to latest Published: Oct 6, 2017 License: MIT Imports: 9 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/huangjunwen/jimu

Links

Open Source Insights

Documentation ¶

Overview ¶

Middleware that translate tokens transparently. Can be used as session.

Usage scenario: After user authentication, some user identity data is generated and encoded as a token (so called "real token") such as JWT or just plain JSON.

Then set this to a header and response.

When the middlware receives such header, it creates a reference (opaque) token mapping to the real one, storing them in a kv store, response the ref token in a header (or cookie) instead of the real one to the client.

In the reverse direction, when the middlware receives such reference token, it translate back to the real one transparently. Thus later handler can use this header as user identity directly.

Some extra benefits:

Handlers can use the same way to identify a user no matter whether the request is sent from a web page using cookie or from API request.
Logout is trivial since tokens are stored server-side.

The idea is from https://www.slideshare.net/opencredo/authentication-in-microservice-systems-david-borsos2

Index ¶

Constants
func RegistKVStoreCreator(name string, creator func(*url.URL) (KVStore, error))
type KVStore
- func NewKVStore(storeURL string) (KVStore, error)
type Option
type RefTokenGetter
type RefTokenManager
- func New() *RefTokenManager
type RefTokenSetter

Constants ¶

View Source

const (
	DefaultTokenLength = 32
	DefaultTTL         = 3600 * 3
	// These are some default internal header names.
	DefaultTTLHeaderName    = "Reftoken-TTL"
	DefaultLogoutHeaderName = "Reftoken-Logout"
)

Variables ¶

This section is empty.

Functions ¶

func RegistKVStoreCreator ¶

func RegistKVStoreCreator(name string, creator func(*url.URL) (KVStore, error))

RegistKVStoreCreator regist kv store creator for a given name. This function is not thread-safe and should be used only in init functions.

Types ¶

type KVStore ¶

type KVStore interface {
	// Set multiple key/value pairs with ttl. Empty values should be ignored.
	Set(kvs map[string]string, ttl int) error
	// Get values of keys, NOTE: the return slice must
	// have the same size of ks. If a key is not found,
	// "" should be returned.
	Get(ks []string) ([]string, error)
	// Delete keys.
	Del(ks []string) error
}

KVStore stores key/value pairs.

func NewKVStore ¶

func NewKVStore(storeURL string) (KVStore, error)

NewKVStore creates a new kv store from url.

type Option ¶

type Option func(*RefTokenManager) error

Option is the option of RefTokenManager.

func DefaultRules ¶

func DefaultRules() Option

DefaultRules add some default rules for convenient:

(external) "Reftoken-Ref-Token"        -> (internal) "Reftoken-Real-Token"
(external) cookie "reftoken"           -> (internal) "Reftoken-Real-Token"
(internal) "Reftoken-Set"              -> (external) "Reftoken-Ref-Token"
(internal) "Reftoken-Set-Cookie"       -> (external) cookie "reftoken"

Thus no matter whether the reftoken is come from web page request (in cookie) or api request (in header), handlers can use "Reftoken-Real-Token" to get authentication information.

func FallbackHandler ¶

func FallbackHandler(fallbackHandler jimu.FallbackHandler) Option

FallbackHandler set the FallbackHandler for RefTokenManager.

func LoggerGetter ¶

func LoggerGetter(loggerGetter jimu.LoggerGetter) Option

LoggerGetter set the logger getter for RefTokenManager (required).

func LogoutHeaderName ¶

func LogoutHeaderName(headerName string) Option

LogoutHeaderName set the response header name to remove kv.

func Real2RefRule ¶

func Real2RefRule(realTokenHeaderName string, refTokenSetter RefTokenSetter) Option

Real2RefRule add a rule specifying how to map a (internal) real token to a (external) ref token. (required at least one)

func Ref2RealRule ¶

func Ref2RealRule(refTokenGetter RefTokenGetter, realTokenHeaderName string) Option

Ref2RealRule add a rule specifying how to map a (external) ref token (external) to a (internal) real token. (required at least one)

func Store ¶

func Store(storeURL string) Option

Store set the kv store to use in RefTokenManager (required).

func TTL ¶

func TTL(ttl int) Option

TTL set the default ttl (in seconds) for kv in store.

func TTLHeaderName ¶

func TTLHeaderName(headerName string) Option

TTLHeaderName set the response header name to specify ttl for kv.

func TokenLength ¶

func TokenLength(l int) Option

TokenLength set the ref token's length (before base64 encode).

type RefTokenGetter ¶

type RefTokenGetter func(r *http.Request) string

RefTokenGetter gets refToken from request.

func MustCookieGetter ¶

func MustCookieGetter(cookieName string) RefTokenGetter

MustCookieGetter is the must version of NewCookieGetter.

func MustGenericGetter ¶

func MustGenericGetter(headerName string) RefTokenGetter

MustGenericGetter is the must version of NewGenericGetter.

func NewCookieGetter ¶

func NewCookieGetter(cookieName string) (RefTokenGetter, error)

NewCookieGetter creates a RefTokenGetter retriving ref token from cookie.

func NewGenericGetter ¶

func NewGenericGetter(headerName string) (RefTokenGetter, error)

NewGenericGetter creates a RefTokenGetter retriving ref token from header.

type RefTokenManager ¶

type RefTokenManager struct {
	// contains filtered or unexported fields
}

RefTokenManager stores information to translate between external ref tokens and internal real tokens. See: https://www.slideshare.net/opencredo/authentication-in-microservice-systems-david-borsos

func New ¶

func New() *RefTokenManager

New create RefTokenManager.

func (*RefTokenManager) Configure ¶

func (m *RefTokenManager) Configure() error

Configure the manager. Options are not allowed to add after configure.

func (*RefTokenManager) Options ¶

func (m *RefTokenManager) Options(options ...Option)

Options add options to the manager.

func (*RefTokenManager) Wrap ¶

func (m *RefTokenManager) Wrap(next http.Handler) http.Handler

Wrap is the middleware.

type RefTokenSetter ¶

type RefTokenSetter func(header http.Header, refToken string)

RefTokenSetter sets a refToken into response's header. refToken is guarantee to be safe to set to header.

func MustCookieSetter ¶

func MustCookieSetter(baseCookie *http.Cookie) RefTokenSetter

MustCookieSetter is the must version of NewCookieSetter.

func MustGenericSetter ¶

func MustGenericSetter(headerName string) RefTokenSetter

MustGenericSetter is the must version of NewGenericSetter.

func NewCookieSetter ¶

func NewCookieSetter(baseCookie *http.Cookie) (RefTokenSetter, error)

NewCookieSetter creates a RefTokenSetter storing ref token in cookie.

func NewGenericSetter ¶

func NewGenericSetter(headerName string) (RefTokenSetter, error)

NewGenericSetter creates a RefTokenSetter storing ref token in header directly.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
drivers
redis Redis store driver.	Redis store driver.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL