auth

package
v0.0.0-...-60192f8 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 26, 2024 License: AGPL-3.0 Imports: 11 Imported by: 0

Documentation

Overview

Package auth defines Readeck's authentication providers.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func GetPermissions 

func GetPermissions(r *http.Request) []string

GetPermissions returns all the permissions available for the request. If the authentication provider implements it, a subset of permissions is sent, otherwise, the user own permissions is returned.

func GetRequestUser 

func GetRequestUser(r *http.Request) *users.User

GetRequestUser returns the current request's user.

func HasPermission 

func HasPermission(r *http.Request, obj, act string) bool

HasPermission returns true if the user that's connected can perform the action "act" on object "obj". It will check the user permissions and any scope given by the authentication provider.

func Init 

func Init(providers ...Provider) func(next http.Handler) http.Handler

Init returns an http.Handler that will try to find a suitable authentication provider on each request. The first to return true with its IsActive() method becomes the request authentication provider.

If no provider could be found, the NullProvider will then be used.

The provider is then stored in the request's context and can be retrieved using GetRequestProvider().

func Required 

func Required(next http.Handler) http.Handler

Required returns an http.Handler that will enforce authentication on the request. It uses the request authentication provider to perform the authentication.

A provider performing a successful authentication must store its authentication information using SetRequestAuthInfo.

When the request has this attribute it will carry on. Otherwise it stops the response with a 403 error.

The logged in user can be retrieved with GetRequestUser().

func SetRequestAuthInfo 

func SetRequestAuthInfo(r *http.Request, info *Info) *http.Request

SetRequestAuthInfo stores the request's user.

Types

type BasicAuthProvider 

type BasicAuthProvider struct{}

BasicAuthProvider handles basic HTTP authentication method with "Authorization: Basic {payload}" header.

func (*BasicAuthProvider) Authenticate 

func (p *BasicAuthProvider) Authenticate(w http.ResponseWriter, r *http.Request) (*http.Request, error)

Authenticate performs the authentication using the HTTP basic authentication information provided.

func (*BasicAuthProvider) CsrfExempt 

func (p *BasicAuthProvider) CsrfExempt(_ *http.Request) bool

CsrfExempt is always true for this provider.

func (*BasicAuthProvider) GetPermissions 

func (p *BasicAuthProvider) GetPermissions(r *http.Request) []string

GetPermissions returns all the permissions attached to the current authentication provider role list. If no role is defined, it will fallback to the user permission list.

func (*BasicAuthProvider) HasPermission 

func (p *BasicAuthProvider) HasPermission(r *http.Request, obj, act string) bool

HasPermission checks the permission on the current authentication provider role list. If the role list is empty, the user permissions apply.

func (*BasicAuthProvider) IsActive 

func (p *BasicAuthProvider) IsActive(r *http.Request) bool

IsActive returns true when the client submits basic HTTP authorization header.

type FeatureCsrfProvider 

type FeatureCsrfProvider interface {
	// Must return true to disable CSRF protection for the request.
	CsrfExempt(*http.Request) bool
}

FeatureCsrfProvider allows a provider to implement a method to bypass all CSRF protection.

type FeaturePermissionProvider 

type FeaturePermissionProvider interface {
	HasPermission(*http.Request, string, string) bool
	GetPermissions(*http.Request) []string
}

FeaturePermissionProvider allows a provider to implement a permission check of its own. Usually providing scoped permissions.

type Info 

type Info struct {
	Provider *ProviderInfo
	User     *users.User
}

Info is the payload with the currently authenticated user and some information about the provider.

func GetRequestAuthInfo 

func GetRequestAuthInfo(r *http.Request) *Info

GetRequestAuthInfo returns the current request's auth info.

type NullProvider 

type NullProvider struct{}

NullProvider is the provider returned when no other provider could be activated.

func (*NullProvider) Authenticate 

func (p *NullProvider) Authenticate(_ http.ResponseWriter, r *http.Request) (*http.Request, error)

Authenticate doesn't do anything.

func (*NullProvider) Info 

func (p *NullProvider) Info(_ *http.Request) *ProviderInfo

Info return information about the provider.

func (*NullProvider) IsActive 

func (p *NullProvider) IsActive(_ *http.Request) bool

IsActive is always false.

type Provider 

type Provider interface {
	// Must return true to enable the provider for the current request.
	IsActive(*http.Request) bool

	// Must return a request with the Info provided when successful.
	Authenticate(http.ResponseWriter, *http.Request) (*http.Request, error)
}

Provider is the interface that must implement any authentication provider.

func GetRequestProvider 

func GetRequestProvider(r *http.Request) Provider

GetRequestProvider returns the current request's authentication provider.

type ProviderInfo 

type ProviderInfo struct {
	Name        string
	Application string
	Roles       []string
	ID          string
}

ProviderInfo contains information about the provider.

type SessionAuthProvider 

type SessionAuthProvider struct {
	// A function that returns the request's session
	GetSession func(*http.Request) *sessions.Session

	// A function that sets a Location header when
	// authentication fails.
	UnauthorizedHandler func(http.ResponseWriter, *http.Request)
}

SessionAuthProvider is the last authentication provider. It's alway enabled in case of every previous provider failing.

func (*SessionAuthProvider) Authenticate 

func (p *SessionAuthProvider) Authenticate(w http.ResponseWriter, r *http.Request) (*http.Request, error)

Authenticate checks if the request's session cookie is valid and the user exists.

func (*SessionAuthProvider) IsActive 

func (p *SessionAuthProvider) IsActive(_ *http.Request) bool

IsActive always returns true. As it's the last provider, when authentication fail it will with a redirect to the login page.

type TokenAuthProvider 

type TokenAuthProvider struct{}

TokenAuthProvider handles authentication using a bearer token passed in the request "Authorization" header with the scheme "Bearer".

func (*TokenAuthProvider) Authenticate 

func (p *TokenAuthProvider) Authenticate(w http.ResponseWriter, r *http.Request) (*http.Request, error)

Authenticate performs the authentication using the "Authorization: Bearer" header provided.

func (*TokenAuthProvider) CsrfExempt 

func (p *TokenAuthProvider) CsrfExempt(_ *http.Request) bool

CsrfExempt is always true for this provider.

func (*TokenAuthProvider) GetPermissions 

func (p *TokenAuthProvider) GetPermissions(r *http.Request) []string

GetPermissions returns all the permissions attached to the current authentication provider role list. If no role is defined, it will fallback to the user permission list.

func (*TokenAuthProvider) HasPermission 

func (p *TokenAuthProvider) HasPermission(r *http.Request, obj, act string) bool

HasPermission checks the permission on the current authentication provider role list. If the role list is empty, the user permissions apply.

func (*TokenAuthProvider) IsActive 

func (p *TokenAuthProvider) IsActive(r *http.Request) bool

IsActive returns true when the client submits a bearer token.

Source Files

View all Source files

Directories

Path Synopsis
Package credentials contains the models and functions to manage user credentials.
 Package credentials contains the models and functions to manage user credentials.
Package onboarding provides the routes and forms for the initial onboarding process.
 Package onboarding provides the routes and forms for the initial onboarding process.
Package signin contains the routes for Readeck sign-in process.
 Package signin contains the routes for Readeck sign-in process.
Package tokens contains the models and functions to manage user API tokens.
 Package tokens contains the models and functions to manage user API tokens.
Package users contains the models and functions to manage users.
 Package users contains the models and functions to manage users.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.