auth

package
v1.1.5 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 20, 2020 License: LGPL-3.0 Imports: 8 Imported by: 0

Documentation

Index

Constants

View Source 
const ChannelAccessTokenExpirationPeriod = 30 * 24 * time.Hour

ChannelAccessTokenExpirationPeriod is the default channel access expiration period. Once granted channel access needs to be renewed after 30 days.

View Source 
const DefaultTokenLength = 16

DefaultTokenLength is the default length for IssueToken

Variables

View Source 
var (
	ErrInvalidSigningMethod = Error{Message: "Unsupported token signing method", Code: http.StatusBadRequest}
	ErrExpiredToken         = Error{Message: "Token is expired", Code: http.StatusUnauthorized}
	ErrInvalidToken         = Error{Message: "Invalid token", Code: http.StatusUnauthorized}
	ErrInvalidTokenFormat   = Error{Message: "Invalid token format", Code: http.StatusBadRequest}
	ErrNoChannelAccess      = Error{Message: "No channel access", Code: http.StatusUnauthorized}
	ErrExpiredChannelAccess = Error{Message: "Channel access expired", Code: http.StatusUnauthorized}
)
View Source 
var None = noopAuth{}

None is TokenAuthenticator and TokenIssuer that always issues an empty token and authenticates everything.

Functions

func ChannelAccessTokenFromRequest added in v1.1.3 

func ChannelAccessTokenFromRequest(r *http.Request) string

ChannelAccessTokenFromRequest reads and returns signed JWT from request. If the request doesn't contain access token this method returns an empty string.

func StoreChannelAccessToken added in v1.1.3 

func StoreChannelAccessToken(w http.ResponseWriter, tokenString string, expTime time.Time)

StoreChannelAccessToken writes tokenString into Auth= cookie expiring in expTime.

func TokenAuthenticationMiddleware added in v1.1.3 

func TokenAuthenticationMiddleware(h http.Handler, authenticator TokenAuthenticator, jwtSecret []byte) http.Handler

TokenAuthenticationMiddleware wraps an http.Handler and checks if the request contains token parameter which value can be authenticated by given authenticator. If the token is authenticated CahnnelAuthenticator grants access to requested channel. If there was no token provided, the request gets passed further leaving the underlying handler to deal with authorization.

Types

type ChannelAuthenticator added in v1.1.3 

type ChannelAuthenticator struct {
	// contains filtered or unexported fields
}

func (*ChannelAuthenticator) ServeHTTP added in v1.1.3 

func (h *ChannelAuthenticator) ServeHTTP(w http.ResponseWriter, r *http.Request)

type ChannelAuthorizer added in v1.1.3 

type ChannelAuthorizer struct {
	// contains filtered or unexported fields
}

func ChannelAuthorizerMiddleware added in v1.1.3 

func ChannelAuthorizerMiddleware(h http.Handler, jwtSecret []byte) *ChannelAuthorizer

ChannelAuthorizerMiddleware calls an undelying http.Handler once and only there is a valid JWT provided in Authorization header.

func (*ChannelAuthorizer) ServeHTTP added in v1.1.3 

func (h *ChannelAuthorizer) ServeHTTP(w http.ResponseWriter, r *http.Request)

type Error added in v1.1.3 

type Error struct {
	Message string
	Code    int
}

func (Error) Error added in v1.1.3 

func (e Error) Error() string

type JWTChannelClaims added in v1.1.3 

type JWTChannelClaims struct {
	jwt.StandardClaims

	Channels map[string]time.Time `json:"channels"`
}

func ParseChannelAccessTokenClaims added in v1.1.3 

func ParseChannelAccessTokenClaims(tokenString string, key interface{}) (claims *JWTChannelClaims, err error)

ParseChannelAccessTokenClaims verifies and parses signed JWT string and returns encoded JWTChannelClaims. Most of the time the returned error is of type auth.Error.

type OneTimeTokenAuthenticator added in v1.1.3 

type OneTimeTokenAuthenticator struct {
	// contains filtered or unexported fields
}

OneTimeTokenAuthenticator issues tokens that can be used for authorization only once.

func NewOneTimeTokenAuthenticator added in v1.1.3 

func NewOneTimeTokenAuthenticator(src TokenGenerator) *OneTimeTokenAuthenticator

NewOneTimeTokenAuthenticator returns an instance of *OneTimeTokenAuthenticator that uses src as a token source.

func (*OneTimeTokenAuthenticator) Authenticate added in v1.1.3 

func (s *OneTimeTokenAuthenticator) Authenticate(token string) bool

Authenticate checks if provided token has been issued by this instance of OneTimeTokenAuthenticator and annuls it.

func (*OneTimeTokenAuthenticator) IssueToken added in v1.1.3 

func (s *OneTimeTokenAuthenticator) IssueToken(tokenLen int) (token string, err error)

IssueToken generates and stores a new unused token. This method returns an error if it failed to generate an unused token after 16777216 (2^24) attempts.

type RandomTokenSource 

type RandomTokenSource struct {
	Src rand.Source
	// contains filtered or unexported fields
}

func (*RandomTokenSource) Generate 

func (gen *RandomTokenSource) Generate(tokenLen int) string

Credits for this great solution go to Stack Overflow user icza. See his answer http://stackoverflow.com/a/31832326 for explanation.

type TokenAuthenticator added in v1.1.3 

type TokenAuthenticator interface {
	Authenticate(token string) bool
}

TokenAuthenticator is an interface that wraps Authenticate method.

Authenticate is used to check token authenticity.

type TokenGenerator 

type TokenGenerator interface {
	Generate(tokenLen int) string
}

TokenGenerator is an interface that wraps Generate method.

Generate is used to generate strings of given length and is used to issue tokens.

type TokenIssuer 

type TokenIssuer interface {
	IssueToken(tokenLen int) (token string, err error)
}

TokenIssuer is an interface that wraps IssueToken method.

IssueToken is used to generate a new token of given length.

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.