Documentation
¶
Index ¶
- Constants
- Variables
- func AddDefaultRoleForUser(userID interface{})
- func AddDefaultRoleForVirtualUser(userID interface{})
- func AddOrgRoleForUser(userID interface{}, orgids ...uint)
- func AddOrgRoles(orgids ...uint)
- func BanzaiLogoutHandler(context *auth.Context)
- func DelCookie(w http.ResponseWriter, r *http.Request, name string)
- func DeleteOrgRoleForUser(userID uint, orgid uint)
- func DeleteToken(c *gin.Context)
- func GenerateToken(c *gin.Context)
- func GetGithubUser(accessToken string) (*github.User, error)
- func GetOrgNameFromVirtualUser(virtualUser string) string
- func GetTokens(c *gin.Context)
- func GormErrorToStatusCode(err error) int
- func Init()
- func Install(engine *gin.Engine)
- func IsHttps(r *http.Request) bool
- func NewAuthorizer() gin.HandlerFunc
- func NewGithubAuthorizeHandler(provider *githubauth.GithubProvider) func(context *auth.Context) (*claims.Claims, error)
- func SetCookie(w http.ResponseWriter, r *http.Request, name, value string)
- type BanzaiSessionStorer
- type BanzaiUserStorer
- type BearerAuthorizer
- type DroneClaims
- type DroneUser
- type GithubExtraInfo
- type Organization
- type User
- type UserOrganization
Constants ¶
const ( // CurrentOrganization current organization key CurrentOrganization utils.ContextKey = "org" )
const DroneHookTokenType bauth.TokenType = "hook"
DroneHookTokenType is the Drone token type used for API sessions
const DroneSessionCookie = "user_sess"
DroneSessionCookie holds the name of the Cookie Drone sets in the browser
const DroneSessionCookieType = "sess"
DroneSessionCookieType is the Drone token type used for browser sessions
const DroneUserTokenType bauth.TokenType = "user"
DroneUserTokenType is the Drone token type used for API sessions
Variables ¶
var ( Auth *auth.Auth // JwtIssuer ("iss") claim identifies principal that issued the JWT JwtIssuer string // JwtAudience ("aud") claim identifies the recipients that the JWT is intended for JwtAudience string Handler gin.HandlerFunc )
Init authorization
Functions ¶
func AddDefaultRoleForUser ¶
func AddDefaultRoleForUser(userID interface{})
AddDefaultRoleForUser adds all the default non-org-specific role to a user.
func AddDefaultRoleForVirtualUser ¶
func AddDefaultRoleForVirtualUser(userID interface{})
AddDefaultRoleForVirtualUser adds org list role to a virtual user.
func AddOrgRoleForUser ¶
func AddOrgRoleForUser(userID interface{}, orgids ...uint)
AddOrgRoleForUser adds a user to an organization by adding the associated organization role.
func AddOrgRoles ¶
func AddOrgRoles(orgids ...uint)
AddOrgRoles creates an organization role, by adding the default (*) org policies for the given organization.
func BanzaiLogoutHandler ¶
BanzaiLogoutHandler does the qor/auth DefaultLogoutHandler default logout behaviour + deleting the Drone cookie
func DelCookie ¶
func DelCookie(w http.ResponseWriter, r *http.Request, name string)
DelCookie deletes a cookie.
func DeleteOrgRoleForUser ¶
DeleteOrgRoleForUser removes a user from an organization by removing the associated organization role.
func DeleteToken ¶
DeleteToken deletes the calling user's access token specified by token id
func GetGithubUser ¶
GetGithubUser returns github user by token
func GetOrgNameFromVirtualUser ¶
GetOrgNameFromVirtualUser returns the organization name for which the virtual user has access
func GormErrorToStatusCode ¶
GormErrorToStatusCode translates GORM errors to HTTP status codes
func Install ¶
Install the whole OAuth and JWT Token based auth/authz mechanism to the specified Gin Engine.
func IsHttps ¶
IsHttps is a helper function that evaluates the http.Request and returns True if the Request uses HTTPS. It is able to detect, using the X-Forwarded-Proto, if the original request was HTTPS and routed through a reverse proxy with SSL termination.
func NewAuthorizer ¶
func NewAuthorizer() gin.HandlerFunc
NewAuthorizer returns the MySQL based default authorizer
func NewGithubAuthorizeHandler ¶
func NewGithubAuthorizeHandler(provider *githubauth.GithubProvider) func(context *auth.Context) (*claims.Claims, error)
NewGithubAuthorizeHandler handler for Github auth
Types ¶
type BanzaiSessionStorer ¶
type BanzaiSessionStorer struct {
auth.SessionStorer
}
BanzaiSessionStorer stores the banzai session
func (*BanzaiSessionStorer) Update ¶
func (sessionStorer *BanzaiSessionStorer) Update(w http.ResponseWriter, req *http.Request, claims *claims.Claims) error
Update updates the BanzaiSessionStorer
type BanzaiUserStorer ¶
type BanzaiUserStorer struct {
auth.UserStorer
// contains filtered or unexported fields
}
BanzaiUserStorer struct
type BearerAuthorizer ¶
type BearerAuthorizer struct {
// contains filtered or unexported fields
}
BearerAuthorizer stores the casbin handler
func (*BearerAuthorizer) CheckPermission ¶
func (a *BearerAuthorizer) CheckPermission(r *http.Request) bool
CheckPermission checks the user/method/path combination from the request. Returns true (permission granted) or false (permission forbidden)
func (*BearerAuthorizer) GetUserID ¶
func (a *BearerAuthorizer) GetUserID(r *http.Request) string
GetUserID gets the user name from the request. Currently, only HTTP Bearer token authentication is supported
func (*BearerAuthorizer) RequirePermission ¶
func (a *BearerAuthorizer) RequirePermission(c *gin.Context)
RequirePermission returns the 403 Forbidden to the client
type DroneClaims ¶
type DroneClaims struct {
*claims.Claims
Type bauth.TokenType `json:"type,omitempty"`
Text string `json:"text,omitempty"`
}
DroneClaims struct to store the drone claim related things
type DroneUser ¶
type DroneUser struct {
ID int64 `gorm:"column:user_id;primary_key"`
Login string `gorm:"column:user_login"`
Token string `gorm:"column:user_token"`
Secret string `gorm:"column:user_secret"`
Expiry int64 `gorm:"column:user_expiry"`
Email string `gorm:"column:user_email"`
Image string `gorm:"column:user_avatar"`
Active bool `gorm:"column:user_active"`
Admin bool `gorm:"column:user_admin"`
Hash string `gorm:"column:user_hash"`
Synced int64 `gorm:"column:user_synced"`
}
DroneUser struct
type GithubExtraInfo ¶
GithubExtraInfo struct for github credentials
type Organization ¶
type Organization struct {
ID uint `gorm:"primary_key" json:"id"`
GithubID *int64 `gorm:"unique" json:"githubId,omitempty"`
CreatedAt time.Time `json:"createdAt"`
UpdatedAt time.Time `json:"updatedAt"`
Name string `gorm:"unique,not null" json:"name"`
Users []User `gorm:"many2many:user_organizations" json:"users,omitempty"`
Clusters []model.ClusterModel `gorm:"foreignkey:organization_id" json:"clusters,omitempty"`
Role string `json:"-" gorm:"-"` // Used only internally
}
Organization struct
func GetCurrentOrganization ¶
func GetCurrentOrganization(req *http.Request) *Organization
GetCurrentOrganization return the user's organization
func (*Organization) IDString ¶
func (org *Organization) IDString() string
IDString returns the ID as string
type User ¶
type User struct {
ID uint `gorm:"primary_key" json:"id"`
CreatedAt time.Time `json:"createdAt"`
UpdatedAt time.Time `json:"updatedAt"`
Name string `form:"name" json:"name,omitempty"`
Email string `form:"email" json:"email,omitempty"`
Login string `gorm:"unique;not null" form:"login" json:"login"`
Image string `form:"image" json:"image,omitempty"`
Organizations []Organization `gorm:"many2many:user_organizations" json:"organizations,omitempty"`
Virtual bool `json:"-" gorm:"-"` // Used only internally
}
User struct
func GetCurrentUser ¶
GetCurrentUser returns the current user
func GetCurrentUserFromDB ¶
GetCurrentUserFromDB returns the current user from the database
type UserOrganization ¶
type UserOrganization struct {
UserID uint
OrganizationID uint
Role string `gorm:"default:'admin'"`
}
UserOrganization describes the user organization
Source Files