iam

package
v1.0.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 23, 2019 License: Apache-2.0 Imports: 6 Imported by: 0

README

IAM Auth Filter

This package enables filtering using IAM service in go-restful apps.

Usage

Importing
import "github.com/AccelByte/go-restful-plugins/pkg/auth/iam"
Create filter

This filter depends on IAM client passed through the constructor.

The client should be ready to do local token validation by calling iamClient.StartLocalValidation() first. To do permission checking too, the client will need client token, which can be retrived using iamClient.ClientTokenGrant().

filter := iam.NewFilter(iamClient)
Constructing filter

The default Auth() filter only validates if the JWT access token is valid.

ws := new(restful.WebService)
ws.Filter(filter.Auth())

However, it can be expanded through FilterOption parameters. There are several built-in expansions in this package ready for use.

ws.Filter(
    filter.Auth(
        iam.WithValidUser(),
        iam.WithPermission(
            &iamSDK.Permission{
                Resource: "NAMESPACE:{namespace}:ECHO",
                Action:   iamSDK.ActionCreate | iamSDK.ActionRead,
            }),
    ))
Reading JWT Claims

Auth() filter will inject the parsed IAM SDK's JWT claims to restful.Request.attribute. To retrieve it, use:

claims := iam.RetrieveJWTClaims(request)

Note

Retrieved claims can be nil if the request not filtered using Auth()

Filter all endpoints
ws := new(restful.WebService)
ws.Filter(filter.Auth())
Filter specific endpoint
ws := new(restful.WebService)
ws.Route(ws.GET("/user/{id}").
    Filter(filter.Auth()).
    To(func(request *restful.Request, response *restful.Response) {
}))

Documentation

Index

Constants

View Source 
const ClaimsAttribute = "JWTClaims"

ClaimsAttribute is the key for JWT claims stored in the request

Variables

This section is empty.

Functions

func RetrieveJWTClaims 

func RetrieveJWTClaims(request *restful.Request) *iam.JWTClaims

RetrieveJWTClaims is a convenience function to retrieve JWT claims from restful.Request. Warning: the claims can be nil if the request wasn't filtered through Auth()

Types

type Filter 

type Filter struct {
	// contains filtered or unexported fields
}

Filter handles auth using filter

func NewFilter 

func NewFilter(client iam.Client) *Filter

NewFilter creates new Filter instance

func (*Filter) Auth 

func (filter *Filter) Auth(opts ...FilterOption) restful.FilterFunction

Auth returns a filter that filters request with valid access token in auth header The token's claims will be passed in the request.attributes["JWTClaims"] = *iam.JWTClaims{} This filter is expandable through FilterOption parameter Example: iam.Auth( 

WithValidUser(),
WithPermission("ADMIN"),

)

type FilterOption 

type FilterOption func(req *restful.Request, iamClient iam.Client, claims *iam.JWTClaims) error

FilterOption extends the basic auth filter functionality

func WithPermission 

func WithPermission(permission *iam.Permission) FilterOption

WithPermission filters request with valid permission only

func WithRole 

func WithRole(role string) FilterOption

WithRole filters request with valid role only

func WithValidUser 

func WithValidUser() FilterOption

WithValidUser filters request with valid user only

func WithVerifiedEmail 

func WithVerifiedEmail() FilterOption

WithVerifiedEmail filters request from a user with verified email address only

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.