Documentation ¶
Index ¶
- Constants
- Variables
- func AddDefaultRoleForUser(userID interface{})
- func AddDefaultRoleForVirtualUser(userID interface{})
- func AddOrgRoleForUser(userID interface{}, orgids ...uint)
- func AddOrgRoles(orgids ...uint)
- func BanzaiLogoutHandler(context *auth.Context)
- func DelCookie(w http.ResponseWriter, r *http.Request, name string)
- func DeleteOrgRoleForUser(userID uint, orgid uint)
- func DeleteToken(c *gin.Context)
- func GenerateToken(c *gin.Context)
- func GetGithubUser(accessToken string) (*github.User, error)
- func GetOrgNameFromVirtualUser(virtualUser string) string
- func GetTokens(c *gin.Context)
- func GormErrorToStatusCode(err error) int
- func Init()
- func Install(engine *gin.Engine)
- func IsHttps(r *http.Request) bool
- func NewAuthorizer() gin.HandlerFunc
- func NewGithubAuthorizeHandler(provider *githubauth.GithubProvider) func(context *auth.Context) (*claims.Claims, error)
- func SetCookie(w http.ResponseWriter, r *http.Request, name, value string)
- type BanzaiSessionStorer
- type BanzaiUserStorer
- type BearerAuthorizer
- type DroneClaims
- type DroneUser
- type GithubExtraInfo
- type Organization
- type User
- type UserOrganization
Constants ¶
const ( // CurrentOrganization current organization key CurrentOrganization utils.ContextKey = "org" )
const DroneHookTokenType bauth.TokenType = "hook"
DroneHookTokenType is the Drone token type used for API sessions
const DroneSessionCookie = "user_sess"
DroneSessionCookie holds the name of the Cookie Drone sets in the browser
const DroneSessionCookieType = "sess"
DroneSessionCookieType is the Drone token type used for browser sessions
const DroneUserTokenType bauth.TokenType = "user"
DroneUserTokenType is the Drone token type used for API sessions
Variables ¶
var ( Auth *auth.Auth // JwtIssuer ("iss") claim identifies principal that issued the JWT JwtIssuer string // JwtAudience ("aud") claim identifies the recipients that the JWT is intended for JwtAudience string Handler gin.HandlerFunc )
Init authorization
Functions ¶
func AddDefaultRoleForUser ¶
func AddDefaultRoleForUser(userID interface{})
AddDefaultRoleForUser adds all the default non-org-specific role to a user.
func AddDefaultRoleForVirtualUser ¶
func AddDefaultRoleForVirtualUser(userID interface{})
AddDefaultRoleForVirtualUser adds org list role to a virtual user.
func AddOrgRoleForUser ¶
func AddOrgRoleForUser(userID interface{}, orgids ...uint)
AddOrgRoleForUser adds a user to an organization by adding the associated organization role.
func AddOrgRoles ¶
func AddOrgRoles(orgids ...uint)
AddOrgRoles creates an organization role, by adding the default (*) org policies for the given organization.
func BanzaiLogoutHandler ¶
BanzaiLogoutHandler does the qor/auth DefaultLogoutHandler default logout behaviour + deleting the Drone cookie
func DelCookie ¶
func DelCookie(w http.ResponseWriter, r *http.Request, name string)
DelCookie deletes a cookie.
func DeleteOrgRoleForUser ¶
DeleteOrgRoleForUser removes a user from an organization by removing the associated organization role.
func DeleteToken ¶
DeleteToken deletes the calling user's access token specified by token id
func GetGithubUser ¶
GetGithubUser returns github user by token
func GetOrgNameFromVirtualUser ¶
GetOrgNameFromVirtualUser returns the organization name for which the virtual user has access
func GormErrorToStatusCode ¶
GormErrorToStatusCode translates GORM errors to HTTP status codes
func Install ¶
Install the whole OAuth and JWT Token based auth/authz mechanism to the specified Gin Engine.
func IsHttps ¶
IsHttps is a helper function that evaluates the http.Request and returns True if the Request uses HTTPS. It is able to detect, using the X-Forwarded-Proto, if the original request was HTTPS and routed through a reverse proxy with SSL termination.
func NewAuthorizer ¶
func NewAuthorizer() gin.HandlerFunc
NewAuthorizer returns the MySQL based default authorizer
func NewGithubAuthorizeHandler ¶
func NewGithubAuthorizeHandler(provider *githubauth.GithubProvider) func(context *auth.Context) (*claims.Claims, error)
NewGithubAuthorizeHandler handler for Github auth
Types ¶
type BanzaiSessionStorer ¶
type BanzaiSessionStorer struct {
auth.SessionStorer
}
BanzaiSessionStorer stores the banzai session
func (*BanzaiSessionStorer) Update ¶
func (sessionStorer *BanzaiSessionStorer) Update(w http.ResponseWriter, req *http.Request, claims *claims.Claims) error
Update updates the BanzaiSessionStorer
type BanzaiUserStorer ¶
type BanzaiUserStorer struct { auth.UserStorer // contains filtered or unexported fields }
BanzaiUserStorer struct
type BearerAuthorizer ¶
type BearerAuthorizer struct {
// contains filtered or unexported fields
}
BearerAuthorizer stores the casbin handler
func (*BearerAuthorizer) CheckPermission ¶
func (a *BearerAuthorizer) CheckPermission(r *http.Request) bool
CheckPermission checks the user/method/path combination from the request. Returns true (permission granted) or false (permission forbidden)
func (*BearerAuthorizer) GetUserID ¶
func (a *BearerAuthorizer) GetUserID(r *http.Request) string
GetUserID gets the user name from the request. Currently, only HTTP Bearer token authentication is supported
func (*BearerAuthorizer) RequirePermission ¶
func (a *BearerAuthorizer) RequirePermission(c *gin.Context)
RequirePermission returns the 403 Forbidden to the client
type DroneClaims ¶
type DroneClaims struct { *claims.Claims Type bauth.TokenType `json:"type,omitempty"` Text string `json:"text,omitempty"` }
DroneClaims struct to store the drone claim related things
type DroneUser ¶
type DroneUser struct { ID int64 `gorm:"column:user_id;primary_key"` Login string `gorm:"column:user_login"` Token string `gorm:"column:user_token"` Secret string `gorm:"column:user_secret"` Expiry int64 `gorm:"column:user_expiry"` Email string `gorm:"column:user_email"` Image string `gorm:"column:user_avatar"` Active bool `gorm:"column:user_active"` Admin bool `gorm:"column:user_admin"` Hash string `gorm:"column:user_hash"` Synced int64 `gorm:"column:user_synced"` }
DroneUser struct
type GithubExtraInfo ¶
GithubExtraInfo struct for github credentials
type Organization ¶
type Organization struct { ID uint `gorm:"primary_key" json:"id"` GithubID *int64 `gorm:"unique" json:"githubId,omitempty"` CreatedAt time.Time `json:"createdAt"` UpdatedAt time.Time `json:"updatedAt"` Name string `gorm:"unique,not null" json:"name"` Users []User `gorm:"many2many:user_organizations" json:"users,omitempty"` Clusters []model.ClusterModel `gorm:"foreignkey:organization_id" json:"clusters,omitempty"` Role string `json:"-" gorm:"-"` // Used only internally }
Organization struct
func GetCurrentOrganization ¶
func GetCurrentOrganization(req *http.Request) *Organization
GetCurrentOrganization return the user's organization
func (*Organization) IDString ¶
func (org *Organization) IDString() string
IDString returns the ID as string
type User ¶
type User struct { ID uint `gorm:"primary_key" json:"id"` CreatedAt time.Time `json:"createdAt"` UpdatedAt time.Time `json:"updatedAt"` Name string `form:"name" json:"name,omitempty"` Email string `form:"email" json:"email,omitempty"` Login string `gorm:"unique;not null" form:"login" json:"login"` Image string `form:"image" json:"image,omitempty"` Organizations []Organization `gorm:"many2many:user_organizations" json:"organizations,omitempty"` Virtual bool `json:"-" gorm:"-"` // Used only internally }
User struct
func GetCurrentUser ¶
GetCurrentUser returns the current user
func GetCurrentUserFromDB ¶
GetCurrentUserFromDB returns the current user from the database
type UserOrganization ¶
type UserOrganization struct { UserID uint OrganizationID uint Role string `gorm:"default:'admin'"` }
UserOrganization describes the user organization