appcontext

package

v0.1.0 Latest Latest Go to latest Published: Feb 3, 2018 License: GPL-3.0 Imports: 9 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/authplz/authplz-core

Links

Open Source Insights

Documentation ¶

Index ¶

type AuthPlzCtx
type AuthPlzGlobalCtx
- func NewGlobalCtx(sessionStore *sessions.CookieStore) AuthPlzGlobalCtx
type MiddlewareFunc
- func BindContext(globalCtx *AuthPlzGlobalCtx) MiddlewareFunc
type SecondFactorRequest
type SudoSession
type User

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type AuthPlzCtx ¶

type AuthPlzCtx struct {
	Global *AuthPlzGlobalCtx
	// contains filtered or unexported fields
}

AuthPlzCtx is the common per-request context Modules implement their own contexts that extend this as a base

func (*AuthPlzCtx) Bind2FARequest ¶

func (c *AuthPlzCtx) Bind2FARequest(rw web.ResponseWriter, req *web.Request, userID string, action string)

Bind2FARequest Bind a 2fa request and action for a user

func (*AuthPlzCtx) BindInst ¶

func (c *AuthPlzCtx) BindInst(rw web.ResponseWriter, req *web.Request, sessionKey, dataKey string, inst interface{}) error

BindInst Binds an object instance to a session key and writes to the browser session store TODO: Bindings should probably time out eventually

func (*AuthPlzCtx) BindRecoveryRequest ¶

func (c *AuthPlzCtx) BindRecoveryRequest(userID string, rw web.ResponseWriter, req *web.Request)

BindRecoveryRequest binds an authenticated recovery request to the session This should only be called after all [possible] authentication has been executed

func (*AuthPlzCtx) BindRedirect ¶

func (c *AuthPlzCtx) BindRedirect(url string, rw web.ResponseWriter, req *web.Request)

BindRedirect binds a redirect URL to the user session This is called post-login (or other action) to allow users to return to

func (*AuthPlzCtx) CanSudo ¶

func (c *AuthPlzCtx) CanSudo(rw web.ResponseWriter, req *web.Request) bool

CanSudo checks whether a user has a current sudo session

func (*AuthPlzCtx) ClearSudo ¶

func (c *AuthPlzCtx) ClearSudo(rw web.ResponseWriter, req *web.Request)

ClearSudo removes a sudo session from a user session

func (*AuthPlzCtx) DoRedirect ¶

func (c *AuthPlzCtx) DoRedirect(url string, rw web.ResponseWriter, req *web.Request)

DoRedirect writes a redirect to the client

func (*AuthPlzCtx) Get2FARequest ¶

func (c *AuthPlzCtx) Get2FARequest(rw web.ResponseWriter, req *web.Request) (string, string)

Get2FARequest Fetch a 2fa request and action for a user

func (*AuthPlzCtx) GetFlashMessage ¶

func (c *AuthPlzCtx) GetFlashMessage(rw web.ResponseWriter, req *web.Request) string

Helper function to get a flash message to display to the user

func (*AuthPlzCtx) GetIPMiddleware ¶

func (c *AuthPlzCtx) GetIPMiddleware(rw web.ResponseWriter, req *web.Request, next web.NextMiddlewareFunc)

GetIPMiddleware Middleware to grab IP & forwarding headers and store in session

func (*AuthPlzCtx) GetInst ¶

func (c *AuthPlzCtx) GetInst(rw web.ResponseWriter, req *web.Request, sessionKey, dataKey string) (interface{}, error)

GetInst Fetches an object instance by session key from the browser session store

func (*AuthPlzCtx) GetMeta ¶

func (c *AuthPlzCtx) GetMeta() map[string]string

func (*AuthPlzCtx) GetNamedSession ¶

func (c *AuthPlzCtx) GetNamedSession(rw web.ResponseWriter, req *web.Request, sessionKey string) (*sessions.Session, error)

GetNamedSession fetches a session by name

func (*AuthPlzCtx) GetRecoveryRequest ¶

func (c *AuthPlzCtx) GetRecoveryRequest(rw web.ResponseWriter, req *web.Request) string

GetRecoveryRequest fetches an authenticated recovery request from the session This allows a module to accept new password settings for the provided user id

func (*AuthPlzCtx) GetRedirect ¶

func (c *AuthPlzCtx) GetRedirect(rw web.ResponseWriter, req *web.Request) string

GetRedirect fetches a redirect from a user session to allow for post-login (or re-auth) user redirection

func (*AuthPlzCtx) GetSession ¶

func (c *AuthPlzCtx) GetSession() *sessions.Session

GetSession fetches the base user session instance Modules can use this base session or their own session instances

func (*AuthPlzCtx) GetUserID ¶

func (c *AuthPlzCtx) GetUserID() string

GetUserID Fetch user id from a session Blank if a user is not logged in

func (*AuthPlzCtx) LoginUser ¶

func (c *AuthPlzCtx) LoginUser(userid string, rw web.ResponseWriter, req *web.Request)

LoginUser Helper function to login a user

func (*AuthPlzCtx) LogoutUser ¶

func (c *AuthPlzCtx) LogoutUser(rw web.ResponseWriter, req *web.Request)

LogoutUser Helper function to logout a user

func (*AuthPlzCtx) RequireAccountMiddleware ¶

func (c *AuthPlzCtx) RequireAccountMiddleware(rw web.ResponseWriter, req *web.Request, next web.NextMiddlewareFunc)

RequireAccountMiddleware to ensure only logged in access to an endpoint

func (*AuthPlzCtx) SessionMiddleware ¶

func (c *AuthPlzCtx) SessionMiddleware(rw web.ResponseWriter, req *web.Request, next web.NextMiddlewareFunc)

SessionMiddleware User session layer Middleware matches user session if it exists and saves userid to the session object

func (*AuthPlzCtx) SetFlashMessage ¶

func (c *AuthPlzCtx) SetFlashMessage(message string, rw web.ResponseWriter, req *web.Request)

Helper function to set a flash message for display to the user

func (*AuthPlzCtx) SetSudo ¶

func (c *AuthPlzCtx) SetSudo(userID string, timeout time.Duration, rw web.ResponseWriter, req *web.Request)

SetSudo used to indicate a user has reauthorized to allow protected account actions TODO: could this be pinned to more things? (user agent, IP, real invalidation so it can't be reused if cancelled?) Guess re-use is a bit moot given there is no reason to cancel atm

func (*AuthPlzCtx) UserAction ¶

func (c *AuthPlzCtx) UserAction(userid, action string, rw web.ResponseWriter, req *web.Request)

UserAction executes a user action, such as `login` This is provided to allow modules to execute global actions as a given user across the API boundaries For example, this allows 2fa to be used to validate a user action TODO: a more elegant solution to this could be nice.

func (*AuthPlzCtx) WriteAPIResult ¶

func (c *AuthPlzCtx) WriteAPIResult(w http.ResponseWriter, code string)

WriteAPIResult Helper to write API result messages

func (*AuthPlzCtx) WriteAPIResultWithCode ¶

func (c *AuthPlzCtx) WriteAPIResultWithCode(w http.ResponseWriter, status int, code string)

WriteAPIResultWithCode Helper to write API result messsages while setting the HTTP response code

func (*AuthPlzCtx) WriteInternalError ¶

func (c *AuthPlzCtx) WriteInternalError(w http.ResponseWriter)

WriteInternalError helper to write internal error status and message

func (*AuthPlzCtx) WriteJSON ¶

func (c *AuthPlzCtx) WriteJSON(w http.ResponseWriter, i interface{})

WriteJSON Helper to write objects out as JSON

func (*AuthPlzCtx) WriteJSONWithStatus ¶

func (c *AuthPlzCtx) WriteJSONWithStatus(w http.ResponseWriter, status int, i interface{})

WriteJSON Helper to write objects out as JSON

func (*AuthPlzCtx) WriteUnauthorized ¶

func (c *AuthPlzCtx) WriteUnauthorized(w http.ResponseWriter)

WriteUnauthorized helper to write unauthorized status and message

type AuthPlzGlobalCtx ¶

type AuthPlzGlobalCtx struct {
	SessionStore *sessions.CookieStore
}

AuthPlzGlobalCtx Application global / static context

func NewGlobalCtx ¶

func NewGlobalCtx(sessionStore *sessions.CookieStore) AuthPlzGlobalCtx

NewGlobalCtx creates a new global context instance

type MiddlewareFunc ¶

type MiddlewareFunc func(c *AuthPlzCtx, rw web.ResponseWriter, req *web.Request, next web.NextMiddlewareFunc)

MiddlewareFunc Convenience type to describe middleware functions

func BindContext ¶

func BindContext(globalCtx *AuthPlzGlobalCtx) MiddlewareFunc

BindContext Helper to bind the global context object into the router context This is a closure to run over an instance of the global context

type SecondFactorRequest ¶

type SecondFactorRequest struct {
	UserID string
	Action string
}

SecondFactorRequest is a request for 2fa This is used to register a request that can be fetched by 2fa implementations

type SudoSession ¶

type SudoSession struct {
	UserID       string
	SessionStart time.Time
	SessionEnd   time.Time
}

SudoSession used to store user reauthorization sessions for protected account actions Such as password changes or 2fa alterations

type User ¶

type User interface {
	GetExtID() string
	IsAdmin() string
}

User is the user instance interface used in the app context

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL