Documentation
¶
Index ¶
- Variables
- func CheckAccess(permissionGroup string, hasRole string, makerChecker bool, ...) (bool, error)
- func ClearContext(r *http.Request)
- func GetIdentity(req *http.Request) (string, error)
- func GetTimeTill(req *http.Request) (int64, error)
- func HasAccount(accountName string, req *http.Request) bool
- func LogURI(next http.Handler) http.Handler
- func ParticipantAuthorization(w http.ResponseWriter, r *http.Request, next http.HandlerFunc)
- func SuperAuthorization(w http.ResponseWriter, r *http.Request, next http.HandlerFunc)
- type Default
- type Endpoint
- type Groups
- type Method
- type Operation
- type Permissions
- type Permit
- type Role
- type SessionContext
Constants ¶
This section is empty.
Variables ¶
var LOGGER = logging.MustGetLogger("middlewares")
Functions ¶
func CheckAccess ¶
func CheckAccess(permissionGroup string, hasRole string, makerChecker bool, requestedMethod string, requestedEndpoint string) (bool, error)
CheckAccess : gets roles needed for an endpoint and permission type permissionGroup = Jwt | Super_permissions | Participant_permissions hasRole = admin | manager | viewer | allow (for jwt only) makerChecker = true (ie: maker/checker required) | false (ie: maker/checker NOT required) NOTE: does not matter if the value is true or false for JWT related endpoint group since JWT does not implement a maker/checker flow requestedMethod = GET | PUT | POST | DELETE requestedEndpoint = path that the inbound request is attempting to reach userRole = admin | manager | viewer | allow (for jwt only)
func GetIdentity ¶
GetIdentity : Return the participant ID of the caller/user this function assume the authentication and authorization check has already been performed and varified against participantID
func GetTimeTill ¶
GetTimeTill : Returns JWT token time till this function assume the authentication and authorization check has already been performed and varified against participantID
func HasAccount ¶
HasAccount : has correct account access in the jwt token
func LogURI ¶
LogURI : example basic middleware that just logs the uri requested TODO: Remove this function eventually
func ParticipantAuthorization ¶
func ParticipantAuthorization(w http.ResponseWriter, r *http.Request, next http.HandlerFunc)
* ParticipantAuthorization : Authorization for client portal * If JWT is not enabled, the next handler is served. * If JWT is enabled, firebase ID, institution ID, permission (request/approve), requestID (if permission is approve), participantID are expected in the headers. * The error message can be relayed back with NotifyWWError but it seems sensible to log it.
func SuperAuthorization ¶
func SuperAuthorization(w http.ResponseWriter, r *http.Request, next http.HandlerFunc)
* SuperAuthorization : Authorization for client portal for super users * If JWT is not enabled, the next handler is served. * If JWT is enabled, firebase ID, institution ID, permission (request/approve), requestID (if permission is approve), participantID are expected in the headers. * Participant ID and Institution ID are no longer mandatory because at the time it wont be necessary that those are available. * All GET requests are direct access, if there is access :- No maker checker * All POSTS are maker-checker except payout point which needs the current security lead/team member to validate before it gets merged in
Types ¶
type Permissions ¶
type Permissions struct {
Permissions Groups
}
Roles : defines user & JWT permissions needed to access an endpoint
type SessionContext ¶
SessionContext : object to store token session
func GetSessionContext ¶
func GetSessionContext(r *http.Request) (SessionContext, error)
GetSessionContext : Return the session context from jwt token, without the dependency of func JwtAuthorization.
func ParseContext ¶
ParseContext : Parse jwt token
Source Files
Directories