auth

package module

v0.0.0-...-4a026ba Latest Latest Go to latest Published: Apr 27, 2021 License: MIT Imports: 6 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/ashmidgley/auth

Links

Open Source Insights

README ¶

Auth0 Wrapper

Travis (.com) branch

A package to make it easier to handle Auth0 authorization and check whether a user is valid or has permissions based on API scopes.

Setup

Create scopes for your API in Auth0.
If using ValidUser, add a custom claims rule in Auth0 to include your key in the access token returned to the user:

function (user, context, callback) {
 context.accessToken['http://example.com/username'] = user.username;
 return callback(null, user, context);
}

Install

go get github.com/ashmidgley/auth

Usage

JWT Middleware

Use the middleware to enforce authorization on routes:

package main

import (
  "net/http"
  
  "github.com/ashmidgley/auth"
  "github.com/example/api/users"
  "github.com/example/api/scores"
  "github.com/gorilla/mux"
)

func main() {
  router := mux.NewRouter()
  jwtMiddleware := auth.GetJwtMiddleware("example_audience", "example_issuer")
  
  router.Handle("/api/users", jwtMiddleware.Handler(users.GetUsers)).Methods("GET")
  router.Handle("/api/scores", jwtMiddleware.Handler(scores.CreateScore)).Methods("POST")
  
  http.ListenAndServe(":8080", router)
}

Has Permission?

Ensure a requester has a specified permission before performing an action:

package users

import (
  "fmt"
  "net/http"
  
  "github.com/ashmidgley/auth"
)

var GetUsers = http.HandlerFunc(func(writer http.ResponseWriter, request *http.Request) {
  up := auth.UserPermission{
    Request:    request,
    Permission: "read_users",
  }

  if hasPermission, err := auth.HasPermission(up); err != nil {
    http.Error(writer, fmt.Sprintf("%v\n", err), http.StatusInternalServerError)
    return
  } else if !hasPermission {
    http.Error(writer, "invalid permissions to make request", http.StatusUnauthorized)
    return
  }
  
  // User has permission...
})

Valid User?

Confirm the requester is either making changes to their own data or has the correct permission to complete the action. Note that the UserValidation 'Identifier' value below is the same as we specified in our custom claims rule in Setup.

package scores

import (
  "fmt"
  "net/http"
  
  "github.com/ashmidgley/auth"
)

var CreateScore = http.HandlerFunc(func(writer http.ResponseWriter, request *http.Request) {
  user := getUser(request)
  
  uv := auth.UserValidation{
    Request:    request,
    Permission: "write_scores",
    Identifier: "http://example.com/username",
    Key:        user.username,
  }

  if code, err := auth.ValidUser(uv); err != nil {
    http.Error(writer, fmt.Sprintf("%v\n", err), code)
    return
  }

  // User is valid...
})

Documentation ¶

Index ¶

Variables
func GetJwtMiddleware(audience, issuer string) *jwtmiddleware.JWTMiddleware
type JSONWebKeys
type Jwks
type Response
type UserPermission
type UserValidation

Constants ¶

This section is empty.

Variables ¶

View Source

var HasPermission = func(up UserPermission) (bool, error) {
	permissions, err := getPermissions(up.Request)
	if err != nil {
		return false, err
	}
	return permissionPresent(permissions, up.Permission), nil
}

HasPermission confirms the requester has the correct permission to complete the action.

View Source

var ValidUser = func(uv UserValidation) (int, error) {
	if matchingUser, err := matchingUser(uv.Request, uv.Identifier, uv.Key); err != nil {
		return http.StatusInternalServerError, err
	} else if !matchingUser {
		up := UserPermission{
			Request:    uv.Request,
			Permission: uv.Permission,
		}

		if hasPermission, err := HasPermission(up); err != nil {
			return http.StatusInternalServerError, err
		} else if !hasPermission {
			return http.StatusUnauthorized, errors.New("missing or invalid permissions")
		}
	}

	return 200, nil
}

ValidUser confirms the requester is either making changes to their own data or has the correct permission to complete the action.

Functions ¶

func GetJwtMiddleware ¶

func GetJwtMiddleware(audience, issuer string) *jwtmiddleware.JWTMiddleware

GetJwtMiddleware returns the Auth0 middleware used to handle authorized endpoints.

Types ¶

type JSONWebKeys ¶

type JSONWebKeys struct {
	Kty string   `json:"kty"`
	Kid string   `json:"kid"`
	Use string   `json:"use"`
	N   string   `json:"n"`
	E   string   `json:"e"`
	X5c []string `json:"x5c"`
}

JSONWebKeys holds fields related to the JSON Web Key Set for this API.

type Jwks ¶

type Jwks struct {
	Keys []JSONWebKeys `json:"keys"`
}

Jwks holds a list of json web keys.

type Response ¶

type Response struct {
	Message string `json:"message"`
}

Response holds the response message.

type UserPermission ¶

type UserPermission struct {
	Request    *http.Request
	Permission string
}

UserPermission is the data used in HasPermission.

type UserValidation ¶

type UserValidation struct {
	Request    *http.Request
	Permission string
	Identifier string
	Key        string
}

UserValidation is the data used in ValidUser.

Source Files ¶

View all Source files

auth.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL