auth

package
v0.0.1-beta Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 26, 2024 License: Apache-2.0, MIT Imports: 18 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	TokenSessionKeyName     = "token"
	InternalAuthSessionName = "internal_auth_session"
	IDTokenClaimsSessionKey = "id_token_claims"
)
View Source 
const (
	ExpirationDuration = time.Hour
)
View Source 
const (
	LoginAudience = "login"
)

Variables

View Source 
var (
	ErrFailedToAccessStorage = errors.New("failed to access storage")
	ErrAuthenticatingRequest = errors.New("error authenticating request")
	ErrInvalidAPIEndpoint    = errors.New("invalid API endpoint")
	ErrRequestSizeExceeded   = errors.New("request size exceeded")
	ErrStorageNamespaceInUse = errors.New("storage namespace already in use")
)
View Source 
var (
	ErrInvalidToken     = errors.New("invalid token")
	ErrInvalidNameEmail = errors.New("invalid name or email")
	ErrExtractClaims    = errors.New("failed to extract claims from JWT token")
)
View Source 
var (
	ErrUnexpectedSigningMethod = errors.New("unexpected signing method")
)
View Source 
var ErrUserNotFound = fmt.Errorf("UserNotFound")

Functions

func GenerateJWTLogin 

func GenerateJWTLogin(secret []byte, userID string, issuedAt, expiresAt time.Time) (string, error)

GenerateJWTLogin creates a jwt token which can be used for authentication during login only, i.e. it will not work for password reset. It supports backward compatibility for creating a login jwt. The audience is not set for login token. Any audience will make the token invalid for login. No email is passed to support the ability of login for users via user/access keys which don't have an email yet

func GetOperator 

func GetOperator(ctx context.Context) (*models.User, error)

func Middleware 

func Middleware(swagger *openapi3.T, authenticator Authenticator, secretStore crypt.SecretStore, userRepo models.IUserRepo, sessionStore sessions.Store) func(next http.Handler) http.Handler

func NewSectetStore 

func NewSectetStore(authConfig *config.AuthConfig) (crypt.SecretStore, error)

func NewSessionStore 

func NewSessionStore(secretStrore crypt.SecretStore) sessions.Store

func VerifyToken 

func VerifyToken(secret []byte, tokenString string) (jwt.Claims, error)

VerifyToken verifies the authenticity of a token using a secret key.

It takes in the following parameters: - secret []byte: the secret key used to sign the token - tokenString string: the token string to be verified

It returns the following: - jwt.Claims: the claims extracted from the token - error: any error encountered during token verification

func WithOperator 

func WithOperator(ctx context.Context, user *models.User) context.Context

Types

type Authenticator 

type Authenticator interface {
	// AuthenticateUser authenticates a user matching username and
	// password and returns their ID.
	AuthenticateUser(ctx context.Context, ak, sk string) (string, error)
}

Authenticator authenticates users returning an identifier for the user. (Currently it handles only username+password single-step authentication. This interface will need to change significantly in order to support challenge-response protocols.)

type CookieAuthConfig 

type CookieAuthConfig struct {
	ValidateIDTokenClaims   map[string]string
	DefaultInitialGroups    []string
	InitialGroupsClaimName  string
	FriendlyNameClaimName   string
	ExternalUserIDClaimName string
	AuthSource              string
}

type Register 

type Register struct {
	Username string `json:"username"`
	Email    string `json:"email"`
	Password string `json:"password"`
}

func (*Register) Register 

func (r *Register) Register(ctx context.Context, repo models.IUserRepo) error

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.