middleware

package

v0.4.34 Latest Latest Go to latest Published: Feb 8, 2024 License: Apache-2.0 Imports: 20 Imported by: 11

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/devtron-labs/authenticator

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
Variables
func Authorizer(sessionManager *SessionManager, whitelistChecker func(url string) bool, ...) func(next http.Handler) http.Handler
func Username(ctx context.Context) string
func WhitelistChecker(url string) bool
type Account
type AccountCapability
type Config
- func GetConfig() *Config
type LoginService
- func NewUserLogin(sessionManager *SessionManager, k8sClient *client.K8sClient) *LoginService
- func (impl *LoginService) Create(ctxt context.Context, username string, password string) (string, error)
- func (impl *LoginService) GetAccount(name string) (*Account, error)
type SessionManager
- func NewSessionManager(settings *oidc.Settings, config *client.DexConfig, ...) *SessionManager
type Token

Constants ¶

View Source

const (
	// SessionManagerClaimsIssuer fills the "iss" field of the token.
	SessionManagerClaimsIssuer = "argocd"

	// ApiTokenClaimIssuer is the issuer who generated api-token for APIs
	ApiTokenClaimIssuer = "apiTokenIssuer"
)

View Source

const (
	AccountCapabilityLogin = "login"
)

View Source

const ApiTokenHeaderKey = "api-token"

Variables ¶

View Source

var (
	InvalidLoginErr = status.Errorf(codes.Unauthenticated, invalidLoginError)
)

Functions ¶

func Authorizer ¶

func Authorizer(sessionManager *SessionManager, whitelistChecker func(url string) bool, userStatusCheckInDb func(token string) (bool, int32, error)) func(next http.Handler) http.Handler

Authorizer is a middleware for authorization

func Username ¶

func Username(ctx context.Context) string

Username is a helper to extract a human readable username from a context

func WhitelistChecker ¶

func WhitelistChecker(url string) bool

Types ¶

type Account ¶

type Account struct {
	PasswordHash  string
	PasswordMtime *time.Time
	Enabled       bool
	Capabilities  []AccountCapability
	Tokens        []Token
}

func (*Account) FormatCapabilities ¶

func (a *Account) FormatCapabilities() string

FormatCapabilities returns comma separate list of user capabilities.

func (*Account) FormatPasswordMtime ¶

func (a *Account) FormatPasswordMtime() string

FormatPasswordMtime return the formatted password modify time or empty string of password modify time is nil.

func (*Account) HasCapability ¶

func (a *Account) HasCapability(capability AccountCapability) bool

HasCapability return true if the account has the specified capability.

func (*Account) TokenIndex ¶

func (a *Account) TokenIndex(id string) int

TokenIndex return an index of a token with the given identifier or -1 if token not found.

type AccountCapability ¶

type AccountCapability string

type Config ¶

type Config struct {
	AuthEnabled bool
}

func GetConfig ¶

func GetConfig() *Config

type LoginService ¶

type LoginService struct {
	// contains filtered or unexported fields
}

func NewUserLogin ¶

func NewUserLogin(sessionManager *SessionManager, k8sClient *client.K8sClient) *LoginService

func (*LoginService) Create ¶ added in v0.4.19

func (impl *LoginService) Create(ctxt context.Context, username string, password string) (string, error)

func (*LoginService) GetAccount ¶

func (impl *LoginService) GetAccount(name string) (*Account, error)

type SessionManager ¶

type SessionManager struct {
	// contains filtered or unexported fields
}

SessionManager generates and validates JWT tokens for login sessions.

func NewSessionManager ¶

func NewSessionManager(settings *oidc.Settings, config *client.DexConfig, apiTokenSecretStore *apiTokenAuth.ApiTokenSecretStore) *SessionManager

NewSessionManager creates a new session manager from Argo CD settings

func (*SessionManager) Create ¶

func (mgr *SessionManager) Create(subject string, secondsBeforeExpiry int64, id string) (string, error)

Create creates a new token for a given subject (user) and returns it as a string. Passing a value of `0` for secondsBeforeExpiry creates a token that never expires.

func (*SessionManager) GetUserSessionDuration ¶

func (mgr *SessionManager) GetUserSessionDuration() time.Duration

func (*SessionManager) Parse ¶

func (mgr *SessionManager) Parse(tokenString string) (jwt.Claims, error)

Parse tries to parse the provided string and returns the token claims for local superuser login.

func (*SessionManager) ParseApiToken ¶ added in v0.4.28

func (mgr *SessionManager) ParseApiToken(tokenString string) (jwt.Claims, error)

ParseApiToken tries to parse the provided string and returns the token claims for api-token user.

func (*SessionManager) UpdateSettings ¶ added in v0.4.24

func (mgr *SessionManager) UpdateSettings(settings *oidc.Settings, config *client.DexConfig)

func (*SessionManager) VerifyToken ¶

func (mgr *SessionManager) VerifyToken(tokenString string) (jwt.Claims, error)

VerifyToken verifies if a token is correct. Tokens can be issued either from us or by an IDP. We choose how to verify based on the issuer.

type Token ¶

type Token struct {
	ID        string `json:"id"`
	IssuedAt  int64  `json:"iat"`
	ExpiresAt int64  `json:"exp,omitempty"`
}

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL