Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
View Source
var ( // ErrNoTeam holds error: User is not in required team ErrNoTeam = errors.New("User is not in required team") // ErrAuthNotGranted holds error: Auth not granted ErrAuthNotGranted = errors.New("Auth not granted") // ErrStateUnknown holds error: Unknown state ErrStateUnknown = errors.New("Unknown state") // ErrBasicTokenExpected holds error when username <> token ErrBasicTokenExpected = errors.New("Basuc Auth username is 'token'") // ErrBasicAuthRequired holds 401 for docker client ErrBasicAuthRequired = errors.New("Basuc Auth is required") )
View Source
var DL = 1
Package debug level
View Source
var ( // Providers holds supported Authorization Servers properties Providers = map[string]*ProviderConfig{ "gitea": { Auth: "/login/oauth/authorize", Token: "/login/oauth/access_token", User: "/api/v1/user", Team: "/api/v1/user/orgs", TokenPrefix: "token ", TeamName: "username", }, "mmost": { Auth: "/oauth/authorize", Token: "/oauth/access_token", User: "/api/v4/users/me", Team: "/api/v4/users/%s/teams", TokenPrefix: "Bearer ", TeamName: "name", }, } )
Functions ¶
This section is empty.
Types ¶
type Config ¶
type Config struct {
MyURL string `long:"my_url" default:"http://narra.dev.lan" description:"Own host URL"`
CallBackURL string `long:"cb_url" default:"/login" description:"URL for Auth server's redirect"`
//nolint:staticcheck // Multiple struct tag "choice" is allowed
Type string `long:"type" env:"TYPE" default:"gitea" choice:"gitea" choice:"mmost" description:"Authorization Server type (gitea|mmost)"`
Do401 bool `long:"do401" env:"DO401" description:"Do not redirect with http.StatusUnauthorized, process it itself"`
Host string `long:"host" env:"HOST" default:"http://gitea:8080" description:"Authorization Server host"`
Team string `long:"team" env:"TEAM" default:"dcape" description:"Authorization Server team which members has access to resource"`
ClientID string `long:"client_id" env:"CLIENT_ID" description:"Authorization Server Client ID"`
ClientKey string `long:"client_key" env:"CLIENT_KEY" description:"Authorization Server Client key"`
AuthHeader string `long:"auth_header" default:"X-narra-token" description:"Use token from this header if given"`
CookieDomain string `long:"cookie_domain" description:"Auth cookie domain"`
CookieName string `long:"cookie_name" default:"narra_token" description:"Auth cookie name"`
CookieSignKey string `long:"cookie_sign" env:"COOKIE_SIGN_KEY" description:"Cookie sign key (32 or 64 bytes)"`
CookieCryptKey string `long:"cookie_crypt" env:"COOKIE_CRYPT_KEY" description:"Cookie crypt key (16, 24, or 32 bytes)"`
UserHeader string `long:"user_header" env:"USER_HEADER" default:"X-Username" description:"HTTP Response Header for username"`
}
Config holds package options and constants
type Option ¶
type Option func(*Service)
Option is a functional options return type
func Cookie ¶
func Cookie(cookie *securecookie.SecureCookie) Option
Cookie allows to change default cookie lib
func Provider ¶
func Provider(prov *ProviderConfig) Option
Provider allows to change authorization server config
type ProviderConfig ¶
type ProviderConfig struct {
Auth string
Token string
User string
Team string
TokenPrefix string
TeamName string
}
ProviderConfig holds Authorization Server properties
type Service ¶
type Service struct {
Config Config
// contains filtered or unexported fields
}
Service holds service attributes
func (*Service) AuthHandler ¶
AuthHandler is a Nginx auth_request handler
func (*Service) LogoutHandler ¶
func (*Service) Stage1Handler ¶
Stage1Handler handles 401 error & redirects user to auth server
func (*Service) Stage2Handler ¶
Stage2Handler handles redirect from auth provider, fetches token & user info
Source Files
Click to show internal directories.
Click to hide internal directories.