The highest tagged major version is
README
¶
osecure
OSecure provide login functionality via cookie session and an OAuth2 provider
Documentation
¶
Overview ¶
Package osecure provides simple login service based on OAuth client.
Package osecure provides simple login service based on OAuth client.
Index ¶
- Variables
- func AttachRequestWithSessionData(r *http.Request, sessionData *AuthSessionData) *http.Request
- type AuthSessionCookieData
- type AuthSessionData
- type CookieConfig
- type GetPermissionsFunc
- type IntrospectTokenFunc
- type OAuthConfig
- type OAuthSession
- func (s *OAuthSession) Authorize(w http.ResponseWriter, r *http.Request) (*AuthSessionData, error)
- func (s *OAuthSession) CallbackView(w http.ResponseWriter, r *http.Request)
- func (s *OAuthSession) DecryptServerToken(tokenString string, sourceClientId string) (*ServerToken, error)
- func (s *OAuthSession) ExpireSession(redirect string) http.HandlerFunc
- func (s *OAuthSession) GetServerToken(targetClientId string) (*ServerTokenReply, error)
- func (s *OAuthSession) SecuredF(h http.HandlerFunc) http.HandlerFunc
- func (s *OAuthSession) SecuredH(h http.Handler) http.Handler
- func (s *OAuthSession) StartOAuth(w http.ResponseWriter, r *http.Request)
- type ServerToken
- type ServerTokenReply
- type ServerTokenRequest
- type TokenVerifier
Constants ¶
This section is empty.
Variables ¶
var ( ErrorInvalidSession = errors.New("invalid session") ErrorInvalidAuthorizationHeaderFormat = errors.New("invalid authorization header format") ErrorUnsupportedAuthorizationType = errors.New("unsupported authorization type") ErrorInvalidClientID = errors.New("invalid client ID (audience of token)") ErrorInvalidUserID = errors.New("invalid user ID (subject of token)") )
var ( SessionExpireTime = 86400 PermissionExpireTime = 600 )
var ( ErrorInvalidServerToken = errors.New("invalid server token") ErrorPermissionDenied = errors.New("permission denied") )
Functions ¶
func AttachRequestWithSessionData ¶
func AttachRequestWithSessionData(r *http.Request, sessionData *AuthSessionData) *http.Request
AttachRequestWithSessionData append session data into request context
Types ¶
type AuthSessionCookieData ¶
type AuthSessionData ¶
type AuthSessionData struct {
UserID string //
ClientID string //
*AuthSessionCookieData
}
func GetRequestSessionData ¶
func GetRequestSessionData(r *http.Request) (*AuthSessionData, bool)
GetRequestSessionData get session data from request context
func (*AuthSessionData) GetClientID ¶
func (data *AuthSessionData) GetClientID() string
GetClientID get client ID of the current user session.
func (*AuthSessionData) GetPermissions ¶
func (data *AuthSessionData) GetPermissions() []string
GetPermissions lists the permissions of the current user and client.
func (*AuthSessionData) GetUserID ¶
func (data *AuthSessionData) GetUserID() string
GetUserID get user ID of the current user session.
func (*AuthSessionData) HasPermission ¶
func (data *AuthSessionData) HasPermission(permission string) bool
HasPermission checks if the current user has such permission.
type CookieConfig ¶
type CookieConfig struct {
SigningKey string `yaml:"signing_key" env:"skey"`
EncryptionKey string `yaml:"encryption_key" env:"ekey"`
}
CookieConfig is a config of github.com/gorilla/securecookie. Recommended configurations are base64 of 64 bytes key for SigningKey, and base64 of 32 bytes key for EncryptionKey.
type GetPermissionsFunc ¶
type IntrospectTokenFunc ¶
type OAuthConfig ¶
type OAuthConfig struct {
ClientID string `yaml:"client_id" env:"client_id"`
ClientSecret string `yaml:"client_secret" env:"client_secret"`
Scopes []string `yaml:"scopes" env:"scopes"`
AuthURL string `yaml:"auth_url" env:"auth_url"`
TokenURL string `yaml:"token_url" env:"token_url"`
AppIDList []string `yaml:"app_id_list" env:"app_id_list"`
InterServerClientID string `yaml:"inter_server_client_id" env:"inter_server_client_id"`
ServerTokenURL string `yaml:"server_token_url" env:"server_token_url"`
ServerTokenEncryptionKey string `yaml:"server_token_encryption_key" env:"server_token_encryption_key"`
}
OAuthConfig is a config of osecure.
type OAuthSession ¶
type OAuthSession struct {
// contains filtered or unexported fields
}
func NewOAuthSession ¶
func NewOAuthSession(name string, cookieConf *CookieConfig, oauthConf *OAuthConfig, tokenVerifier *TokenVerifier, callbackURL string) *OAuthSession
NewOAuthSession creates osecure session.
func (*OAuthSession) Authorize ¶
func (s *OAuthSession) Authorize(w http.ResponseWriter, r *http.Request) (*AuthSessionData, error)
Authorize authorize user by verifying cookie or bearer token. if user is authorized, return session data. else, return error.
func (*OAuthSession) CallbackView ¶
func (s *OAuthSession) CallbackView(w http.ResponseWriter, r *http.Request)
CallbackView is a http handler for the authentication redirection of the auth server.
func (*OAuthSession) DecryptServerToken ¶
func (s *OAuthSession) DecryptServerToken(tokenString string, sourceClientId string) (*ServerToken, error)
func (*OAuthSession) ExpireSession ¶
func (s *OAuthSession) ExpireSession(redirect string) http.HandlerFunc
ExpireSession is a http function to log out the user.
func (*OAuthSession) GetServerToken ¶
func (s *OAuthSession) GetServerToken(targetClientId string) (*ServerTokenReply, error)
func (*OAuthSession) SecuredF ¶
func (s *OAuthSession) SecuredF(h http.HandlerFunc) http.HandlerFunc
SecuredF is a http middleware for http.HandlerFunc to check if the current user has logged in.
func (*OAuthSession) SecuredH ¶
func (s *OAuthSession) SecuredH(h http.Handler) http.Handler
SecuredH is a http middleware for http.Handler to check if the current user has logged in.
func (*OAuthSession) StartOAuth ¶
func (s *OAuthSession) StartOAuth(w http.ResponseWriter, r *http.Request)
StartOAuth redirect to endpoint of OAuth service provider for OAuth flow.
type ServerToken ¶
type ServerTokenReply ¶
type ServerTokenRequest ¶
type TokenVerifier ¶
type TokenVerifier struct {
IntrospectTokenFunc IntrospectTokenFunc
GetPermissionsFunc GetPermissionsFunc
}
Source Files
Directories