tfaps

package
v1.1.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 19, 2023 License: MIT Imports: 21 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func ClearCSRFCookie 

func ClearCSRFCookie(r *http.Request, c *http.Cookie) *http.Cookie

ClearCSRFCookie makes an expired csrf cookie to clear csrf cookie

func ClearCookie 

func ClearCookie(r *http.Request) *http.Cookie

ClearCookie clears the auth cookie

func FindCSRFCookie 

func FindCSRFCookie(r *http.Request) (c *http.Cookie, err error)

FindCSRFCookie extracts the CSRF cookie from the request based on state.

func GetLoginURL 

func GetLoginURL(redirectURI, code string) string

GetLoginURL Construct a login URL for authenticating with Plex

func GetToken 

func GetToken(logger *logrus.Entry, pinId string) (string, error)

GetToken Retrieve an authentication Token using a Pin

func MakeCSRFCookie 

func MakeCSRFCookie(r *http.Request, pinId string, redirectUri string) *http.Cookie

MakeCSRFCookie makes a csrf cookie (used during login only)

Note, CSRF cookies live shorter than auth cookies, a fixed 1h. That's because some CSRF cookies may belong to auth flows that don't complete and thus may not get cleared by ClearCookie.

func MakeCookie 

func MakeCookie(r *http.Request, email string) *http.Cookie

MakeCookie creates an auth cookie

func NewDefaultLogger 

func NewDefaultLogger() *logrus.Logger

NewDefaultLogger creates a new logger based on the current configuration

func Sanitize added in v1.1.1 

func Sanitize(input string) string

Sanitize strip newlines from externally-sources strings to avoid log injection attacks

func ValidateCSRFCookie 

func ValidateCSRFCookie(c *http.Cookie) (valid bool, pinId string, redirect string, err error)

ValidateCSRFCookie validates the csrf cookie against state

func ValidateCookie 

func ValidateCookie(r *http.Request, c *http.Cookie) (string, error)

ValidateCookie verifies that a cookie matches the expected format of: Cookie = hash(secret, cookie domain, email, expires)|expires|email

func ValidateDomains 

func ValidateDomains(email string, domains CommaSeparatedList) bool

ValidateDomains checks if the email matches a whitelisted domain

func ValidateEmail 

func ValidateEmail(email, ruleName string) bool

ValidateEmail checks if the given email address matches either a whitelisted email address, as defined by the "whitelist" config parameter. Or is part of a permitted domain, as defined by the "domains" config parameter

func ValidateWhitelist 

func ValidateWhitelist(email string, whitelist CommaSeparatedList) bool

ValidateWhitelist checks if the email is in whitelist

Types

type AccessTier added in v1.1.0 

type AccessTier int64
const (
	NoAccess AccessTier = iota
	NormalUser
	HomeUser
	Owner
)

func GetAccessTier added in v1.1.0 

func GetAccessTier(logger *logrus.Entry, token string) (AccessTier, error)

GetAccessTier Retrieve the access tier of this user on a configured server

func (AccessTier) String added in v1.1.0 

func (a AccessTier) String() string

type CommaSeparatedList 

type CommaSeparatedList []string

CommaSeparatedList provides legacy support for config values provided as csv

func (*CommaSeparatedList) MarshalFlag 

func (c *CommaSeparatedList) MarshalFlag() (string, error)

MarshalFlag converts an array back to a comma separated list

func (*CommaSeparatedList) UnmarshalFlag 

func (c *CommaSeparatedList) UnmarshalFlag(value string) error

UnmarshalFlag converts a comma separated list to an array

type Config 

type Config struct {
	LogLevel  string `` /* 174-byte string literal not displayed */
	LogFormat string `long:"log-format"  env:"LOG_FORMAT" default:"text" choice:"text" choice:"json" choice:"pretty" description:"Log format"`

	AuthHost               string               `long:"auth-host" env:"AUTH_HOST" description:"Single host to use when returning from 3rd party auth"`
	Config                 func(s string) error `long:"config" env:"CONFIG" description:"Path to config file" json:"-"`
	CookieDomains          []CookieDomain       `long:"cookie-domain" env:"COOKIE_DOMAIN" env-delim:"," description:"Domain to set auth cookie on, can be set multiple times"`
	InsecureCookie         bool                 `long:"insecure-cookie" env:"INSECURE_COOKIE" description:"Use insecure cookies"`
	CookieName             string               `long:"cookie-name" env:"COOKIE_NAME" default:"_forward_auth" description:"Cookie Name"`
	CSRFCookieName         string               `long:"csrf-cookie-name" env:"CSRF_COOKIE_NAME" default:"_forward_auth_csrf" description:"CSRF Cookie Name"`
	DefaultAction          string               `long:"default-action" env:"DEFAULT_ACTION" default:"auth" choice:"auth" choice:"allow" description:"Default action"`
	Domains                CommaSeparatedList   `long:"domain" env:"DOMAIN" env-delim:"," description:"Only allow given email domains, can be set multiple times"`
	LifetimeString         int                  `long:"lifetime" env:"LIFETIME" default:"43200" description:"Lifetime in seconds"`
	LogoutRedirect         string               `long:"logout-redirect" env:"LOGOUT_REDIRECT" description:"URL to redirect to following logout"`
	MatchWhitelistOrDomain bool                 `` /* 157-byte string literal not displayed */
	Path                   string               `long:"url-path" env:"URL_PATH" default:"/_oauth" description:"Callback URL Path"`
	SecretString           string               `long:"secret" env:"SECRET" description:"Secret used for signing (required)" json:"-"`
	Whitelist              CommaSeparatedList   `long:"whitelist" env:"WHITELIST" env-delim:"," description:"Only allow given email addresses, can be set multiple times"`
	Port                   int                  `long:"port" env:"PORT" default:"4181" description:"Port to listen on"`
	Product                string               `` /* 148-byte string literal not displayed */
	ClientIdentifierString string               `` /* 156-byte string literal not displayed */
	ServerIdentifier       string               `` /* 147-byte string literal not displayed */

	Rules map[string]*Rule `long:"rule.<name>.<param>" description:"Rule definitions, param can be: \"action\" or \"rule\""`

	// Filled during transformations
	Secret           []byte `json:"-"`
	Lifetime         time.Duration
	ClientIdentifier string `json:"-"`
}

Config holds the runtime application config

func NewConfig 

func NewConfig(args []string) (*Config, error)

NewConfig parses and validates provided configuration into a config object

func NewGlobalConfig 

func NewGlobalConfig() *Config

NewGlobalConfig creates a new global config, parsed from command arguments

func (Config) String 

func (c Config) String() string

func (*Config) Validate 

func (c *Config) Validate()

Validate validates a config object

type CookieDomain 

type CookieDomain struct {
	Domain       string
	DomainLen    int
	SubDomain    string
	SubDomainLen int
}

CookieDomain holds cookie domain info

func NewCookieDomain 

func NewCookieDomain(domain string) *CookieDomain

NewCookieDomain creates a new CookieDomain from the given domain string

func (*CookieDomain) MarshalFlag 

func (c *CookieDomain) MarshalFlag() (string, error)

MarshalFlag converts a CookieDomain to a string

func (*CookieDomain) Match 

func (c *CookieDomain) Match(host string) bool

Match checks if the given host matches this CookieDomain

func (*CookieDomain) UnmarshalFlag 

func (c *CookieDomain) UnmarshalFlag(value string) error

UnmarshalFlag converts a string to a CookieDomain

type CookieDomains 

type CookieDomains []CookieDomain

CookieDomains provides legacy sypport for comma separated list of cookie domains

func (*CookieDomains) MarshalFlag 

func (c *CookieDomains) MarshalFlag() (string, error)

MarshalFlag converts an array of CookieDomain to a comma separated list

func (*CookieDomains) UnmarshalFlag 

func (c *CookieDomains) UnmarshalFlag(value string) error

UnmarshalFlag converts a comma separated list of cookie domains to an array of CookieDomains

type Pin 

type Pin struct {
	XMLName xml.Name `xml:"pin"`
	Id      string   `xml:"id,attr"`
	Code    string   `xml:"code,attr"`
	Token   string   `xml:"authToken,attr"`
}

Pin A pin response from Plex's auth system

func GetPin 

func GetPin(logger *logrus.Entry) (Pin, error)

GetPin Retrieve a Pin (with Id and Code) from Plex

type Resources added in v1.1.0 

type Resources struct {
	XMLName xml.Name `xml:"MediaContainer"`
	Devices []struct {
		ClientIdentifier string `xml:"clientIdentifier,attr"`
		Owned            string `xml:"owned,attr"`
		Home             string `xml:"home,attr"`
	} `xml:"Device"`
}

Resources A collection of device resources associated with a User

type Rule 

type Rule struct {
	Action    string
	Rule      string
	Whitelist CommaSeparatedList
	Domains   CommaSeparatedList
}

Rule holds defined rules

func NewRule 

func NewRule() *Rule

NewRule creates a new rule object

func (*Rule) Validate 

func (r *Rule) Validate() error

Validate validates a rule

type Server 

type Server struct {
	// contains filtered or unexported fields
}

Server contains router and handler methods

func NewServer 

func NewServer() *Server

NewServer creates a new server object and builds router

func (*Server) AllowHandler 

func (s *Server) AllowHandler(rule string) http.HandlerFunc

AllowHandler Allows requests

func (*Server) AuthCallbackHandler 

func (s *Server) AuthCallbackHandler() http.HandlerFunc

AuthCallbackHandler Handles auth callback request

func (*Server) AuthHandler 

func (s *Server) AuthHandler(rule string) http.HandlerFunc

AuthHandler Authenticates requests

func (*Server) LogoutHandler 

func (s *Server) LogoutHandler() http.HandlerFunc

LogoutHandler logs a user out

func (*Server) RootHandler 

func (s *Server) RootHandler(w http.ResponseWriter, r *http.Request)

RootHandler Overwrites the request method, host and URL with those from the forwarded request so it's correctly routed by mux

type User 

type User struct {
	XMLName xml.Name `xml:"user"`
	Email   string   `xml:"email,attr"`
}

User A user record from Plex, deserialized from XML

func GetUser 

func GetUser(logger *logrus.Entry, token string) (User, error)

GetUser Retrieve an authenticated User

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.