pkg

package
v0.0.0-...-bb96c00 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 4, 2023 License: Apache-2.0 Imports: 18 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	CurrentUserProfilePath   = "/v1beta1/users/self"
	CheckAccessPath          = "/v1beta1/check"
	ServiceUserPublicKeyPath = "/v1beta1/serviceusers/%s/keys/%s"
	JWKSAccessPath           = "/.well-known/jwks.json"
)
View Source 
const (
	DefaultUserTokenHeader = consts.UserTokenRequestKey
	DefaultSessionID       = consts.SessionRequestKey
)

Variables

View Source 
var (
	ErrMissingHost    = errors.New("missing frontier host")
	ErrInvalidHeader  = errors.New("invalid auth header")
	ErrInvalidToken   = errors.New("failed to verify a valid token")
	ErrJWKsFetch      = errors.New("failed to fetch jwks")
	ErrInvalidSession = errors.New("invalid session, failed to fetch user")
	ErrInternalServer = errors.New("internal server error")
)

Functions

func CheckAccess 

func CheckAccess(ctx context.Context, client HTTPClient, frontierHost *url.URL, headers http.Header,
	resourceID string, permission string) (bool, error)

CheckAccess uses frontier api to check if user has access to perform action on resource

func GetAuthenticatedUser 

func GetAuthenticatedUser(r *http.Request, httpClient HTTPClient, frontierHost *url.URL, frontierKeySet jwk.Set) (*frontierv1beta1.User, map[string]any, string, error)

func GetTokenClaims 

func GetTokenClaims(ctx context.Context, httpClient HTTPClient, frontierHost *url.URL, frontierKeySet jwk.Set, userToken []byte) (map[string]any, error)

GetTokenClaims parse & verify jwt with frontier public keys or user public keys

func GetUserFromClaims 

func GetUserFromClaims(claims map[string]any) *frontierv1beta1.User

func GetUserProfile 

func GetUserProfile(ctx context.Context, client HTTPClient, frontierHost *url.URL, headers http.Header) (*frontierv1beta1.User, string, error)

GetUserProfile fetches profile of authorized user from frontier server

func SplitResourceID 

func SplitResourceID(resourceID string) (string, string)

SplitResourceID splits resourceID into namespace and id

Types

type FrontierJWKCache 

type FrontierJWKCache interface {
	// Get returns jwks set
	Get(ctx context.Context) (jwk.Set, error)
	Refresh(ctx context.Context) (jwk.Set, error)

	// Register registers the URL to be used for fetching JWKs
	// it is mandatory to call this method before calling Get/Refresh
	Register(option ...jwk.RegisterOption) error
}

type HTTPClient 

type HTTPClient interface {
	Do(r *http.Request) (*http.Response, error)
	Get(string) (*http.Response, error)
}

type JWKCache 

type JWKCache struct {
	*jwk.Cache
	// contains filtered or unexported fields
}

func NewJWKCacheForURL 

func NewJWKCacheForURL(url string, ctx context.Context, options ...jwk.CacheOption) *JWKCache

func (*JWKCache) Get 

func (c *JWKCache) Get(ctx context.Context) (jwk.Set, error)

func (*JWKCache) Refresh 

func (c *JWKCache) Refresh(ctx context.Context) (jwk.Set, error)

func (*JWKCache) Register 

func (c *JWKCache) Register(option ...jwk.RegisterOption) error

type ServiceUserTokenGenerator 

type ServiceUserTokenGenerator func() ([]byte, error)

func GetServiceUserTokenGenerator 

func GetServiceUserTokenGenerator(credential *frontierv1beta1.KeyCredential) (ServiceUserTokenGenerator, error)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.