README
¶
auth
Define interfaces used for authentication and authorization
An non-compiling example of basic auth. Don't use this in the real world, it's just an example of an implementation.
...
type basicAuth struct {
Users map[string][]byte
}
func (ba *basicAuth) Authenticate(input interface{}) error {
req, ok := input.(*http.Request)
if !ok {
return errors.New("basic auth: parameter is not an http request")
}
username, password, ok := req.BasicAuth()
if !ok {
return errors.New("basic auth: not supported")
}
stored, ok := ba.Users[username]
if !ok {
return errors.New("basic auth: no such user " + username)
}
return bcrypt.CompareHashAndPassword(stored, []byte(pasword))
}
func (ba *basicAuth) Authorizor() auth.Authorizor {
return new(auth.AllowAll)
}
func newBasicAuthenticator() *basicAuth {
// Don't ignore errors, especially in auth code
hash, _ := bcrypt.GenerateFromPassword([]byte("12345"), 0)
m := make(map[string][]byte)
m["luggage"] = hash
return &basicAuth{Users: m}
}
var auth auth.Authenticator = newBasicAuthenticator()
func(rw http.ResponseWriter, req *http.Request){
if err := auth.Authenticate(req); err != nil {
http.NewError(rw, "401 Unauthorized", http.StatusUnauthorized)
return
}
// This is an allow all authorizor so it will never fail.
if err := auth.Authorizor().Authorize(req); err != nil {
http.NewError(rw, "401 Unauthorized", http.StatusForbidden)
return
}
}
...
Documentation
¶
Overview ¶
Package auth defines Authentication and Authorization interfaces which are used in to authenticate and authorized endpoints.
Index ¶
Examples ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AllowAll ¶
type AllowAll struct{}
AllowAll allows all requests
func (*AllowAll) Authenticate ¶
Authenticate always allows a request
type Authenticator ¶
type Authenticator interface {
Authenticate(interface{}) error
Authorizor() Authorizor
}
Authenticator authorizes access to an endpoint. If error is nil, then the request is authorized. The error should contain useful information which identifies why the authorization failed
Example ¶
package main
import (
"errors"
"fmt"
"net/http"
"bitbucket.org/cvvs/auth"
)
type basicAuth struct {
Users map[string]string
}
func (ba *basicAuth) Authenticate(input interface{}) error {
req, ok := input.(*http.Request)
if !ok {
return errors.New("basic auth: parameter is not an http request")
}
username, password, ok := req.BasicAuth()
if !ok {
return errors.New("basic auth: not supported")
}
stored, ok := ba.Users[username]
if !ok {
return errors.New("basic auth: no such user " + username)
} else if password == stored {
return nil
}
return errors.New("basic auth: password mismatch")
}
func (ba *basicAuth) Authorizor() auth.Authorizor {
return new(auth.AllowAll)
}
func main() {
var auth auth.Authenticator = &basicAuth{Users: map[string]string{"luggage": "12345"}}
req, _ := http.NewRequest(http.MethodGet, "http://www.example.com", nil)
req.SetBasicAuth("luggage", "12345")
if err := auth.Authenticate(req); err != nil {
fmt.Println("error authenticating user: ", err)
}
if err := auth.Authorizor().Authorize(req); err != nil {
fmt.Println("error authorizing user")
}
}
Output:
type Authorizor ¶
type Authorizor interface {
Authorize(interface{}) error
}
Authorizor authorizes access to an endpoint. If error is nil, then the request is authorized. The error should contain useful information which identifies why the authorization failed
Source Files