handlers

package
v0.0.0-...-ef5c1ef Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 28, 2024 License: Apache-2.0 Imports: 32 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	StatePending        = 0
	StateRegistering    = 1
	StateAuthenticating = 2
	StateCompleted      = 3
	StateDenied         = 4

	StateExpirationDuration = 200 * time.Second
)
View Source 
const ChallengeLength = 32

ChallengeLength - Length of bytes to generate for a challenge

View Source 
const DefaultEncryptionKeyLength = 32

DefaultEncryptionKeyLength is the length of the generated encryption keys used for session management.

View Source 
const WebauthnSession = "webauthn-session"

WebauthnSession is the name of the session cookie used to manage session- related information.

Variables

View Source 
var (
	ErrNoStateReceived          = errors.New("no state received")
	ErrInvalidStateReceived     = errors.New("invalid state received")
	ErrNoCredentialFoundInState = errors.New("no credential found in state")
	ErrBadCredentialFormat      = errors.New("credential received not in JSON format")
)
View Source 
var ErrInsufficientBytesRead = errors.New("insufficient bytes read")

ErrInsufficientBytesRead is returned in the rare case that an unexpected number of bytes are returned from the crypto/rand reader when creating session cookie encryption keys.

View Source 
var ErrMarshal = errors.New("error unmarshaling data")

ErrMarshal is returned if unexpected data is present in a webauthn session.

Functions

func GenerateSecureKey 

func GenerateSecureKey(n int) ([]byte, error)

GenerateSecureKey reads and returns n bytes from the crypto/rand reader

func NotFound 

func NotFound(c *fiber.Ctx) error

NotFound returns custom 404 page

func ParseCredentialCreationResponse 

func ParseCredentialCreationResponse(ccr protocol.CredentialCreationResponse) (*protocol.ParsedCredentialCreationData, error)

func ParseCredentialRequestResponse 

func ParseCredentialRequestResponse(car protocol.CredentialAssertionResponse) (*protocol.ParsedCredentialAssertionData, error)

Parse the credential request response into a format that is either required by the specification or makes the assertion verification steps easier to complete. This takes an io.Reader that contains the assertion response data in a raw, mostly base64 encoded format, and parses the data into manageable structures

func StatusToString 

func StatusToString(status byte) string

Types

type Challenge 

type Challenge protocol.URLEncodedBase64

Challenge that should be signed and returned by the authenticator

func CreateChallenge 

func CreateChallenge() (Challenge, error)

Create a new challenge to be sent to the authenticator. The spec recommends using at least 16 bytes with 100 bits of entropy. We use 32 bytes.

func (Challenge) String 

func (c Challenge) String() string

type CreateNaturalPersonRequest 

type CreateNaturalPersonRequest struct {
	Email string `json:"email"`
	Name  string `json:"name"`
}

type LoginResponse 

type LoginResponse struct {
	Response protocol.CredentialAssertionResponse `json:"response"`
	Session  string                               `json:"session"`
}

type Map 

type Map map[string]interface{}

type RegistrationResponse 

type RegistrationResponse struct {
	Response protocol.CredentialCreationResponse `json:"response"`
	Session  string                              `json:"session"`
}

type Server 

type Server struct {
	*fiber.App
	Cfg            *yaml.YAML
	SessionStorage *memory.Storage
}

Server is the struct holding the state of the server

func NewServer 

func NewServer(cfg *yaml.YAML) *Server

func (*Server) HandleHome 

func (s *Server) HandleHome(c *fiber.Ctx) error

func (*Server) HandleStop 

func (s *Server) HandleStop(c *fiber.Ctx) error

func (*Server) HandleWalletProviderHome 

func (v *Server) HandleWalletProviderHome(c *fiber.Ctx) error

HandleWalletProviderHome displays a QR code to be scanned and obtain the wallet

type SessionStore 

type SessionStore struct {
	*sessions.CookieStore
}

SessionStore is a wrapper around sessions.CookieStore which provides some helper methods related to webauthn operations.

func NewSessionStore 

func NewSessionStore(keyPairs ...[]byte) (*SessionStore, error)

NewSessionStore returns a new session store.

func (*SessionStore) GetWebauthnSession 

func (store *SessionStore) GetWebauthnSession(key string, r *http.Request) (webauthn.SessionData, error)

GetWebauthnSession unmarshals and returns the webauthn session information from the session cookie.

func (*SessionStore) SaveWebauthnSession 

func (store *SessionStore) SaveWebauthnSession(key string, data *webauthn.SessionData, r *http.Request, w http.ResponseWriter) ([]byte, error)

SaveWebauthnSession marhsals and saves the webauthn data to the provided key given the request and responsewriter

func (*SessionStore) Set 

func (store *SessionStore) Set(key string, value interface{}, r *http.Request, w http.ResponseWriter) error

Set stores a value to the session with the provided key.

type SignTokenRequest 

type SignTokenRequest struct {
	SubjectDID string `json:"subjectDID"`
	Headers    string `json:"headers"`
	Payload    string `json:"payload"`
}

type State 

type State struct {
	// contains filtered or unexported fields
}

func NewState 

func NewState() *State

func NewStateFromBytes 

func NewStateFromBytes(input []byte) *State

func (*State) Bytes 

func (s *State) Bytes() []byte

func (*State) SetContent 

func (s *State) SetContent(content []byte)

func (*State) SetStatus 

func (s *State) SetStatus(status byte)

func (*State) Status 

func (s *State) Status() byte

func (*State) String 

func (s *State) String() string

type User 

type User interface {
	// User ID according to the Relying Party
	WebAuthnID() []byte
	// User Name according to the Relying Party
	WebAuthnName() string
	// Display Name of the user
	WebAuthnDisplayName() string
	// User's icon url
	WebAuthnIcon() string
	// Credentials owned by the user
	WebAuthnCredentials() []webauthn.Credential
}

User is built to interface with the Relying Party's User entry and elaborate the fields and methods needed for WebAuthn

type WalletServer 

type WalletServer struct {
	// contains filtered or unexported fields
}

func NewWebAuthnHandlerPB 

func NewWebAuthnHandlerPB(app *pocketbase.PocketBase, cfg *yaml.YAML) *WalletServer

func (*WalletServer) AddRoutesPB 

func (s *WalletServer) AddRoutesPB(app *pocketbase.PocketBase)

func (*WalletServer) BeginLoginPB 

func (s *WalletServer) BeginLoginPB(c echo.Context) error

BeginLogin returns to the client app the structure needed by the client to request the Authenticator to create an assertion, using a previously created private key. The Authenticator will sign our challenge (and other items) with its private key, and the client will invoke the FinishLoging API, where we will be able to check the signature with the public key that we stored in a previous registration phase.

func (*WalletServer) BeginRegistrationPB 

func (s *WalletServer) BeginRegistrationPB(c echo.Context) error

BeginRegistration is called from the wallet to start registering a new authenticator device in the server

func (*WalletServer) CreateNaturalPerson 

func (s *WalletServer) CreateNaturalPerson(c echo.Context) error

func (*WalletServer) FinishLoginPB 

func (s *WalletServer) FinishLoginPB(c echo.Context) error

func (*WalletServer) FinishRegistrationPB 

func (s *WalletServer) FinishRegistrationPB(c echo.Context) error

func (*WalletServer) IssuerHome 

func (s *WalletServer) IssuerHome(c echo.Context) error

func (*WalletServer) SignToken 

func (s *WalletServer) SignToken(c echo.Context) error

type WebAuthnHandler 

type WebAuthnHandler struct {
	WebAuthn *webauthn.WebAuthn
	// contains filtered or unexported fields
}

func NewWebAuthnHandler 

func NewWebAuthnHandler(back *Server, sess *memory.Storage, v *vault.Vault, cfg *yaml.YAML) *WebAuthnHandler

func (*WebAuthnHandler) AddRoutes 

func (s *WebAuthnHandler) AddRoutes(f *Server)

func (*WebAuthnHandler) BeginLogin 

func (s *WebAuthnHandler) BeginLogin(c *fiber.Ctx) error

BeginLogin returns to the client app the structure needed by the client to request the Authenticator to create an assertion, using a previously created private key. The Authenticator will sign our challenge (and other items) with its private key, and the client will invoke the FinishLoging API, where we will be able to check the signature with the public key that we stored in a previous registration phase.

func (*WebAuthnHandler) BeginRegistration 

func (s *WebAuthnHandler) BeginRegistration(c *fiber.Ctx) error

BeginRegistration is called from the wallet to start registering a new authenticator device in the server

func (*WebAuthnHandler) FinishLogin 

func (s *WebAuthnHandler) FinishLogin(c *fiber.Ctx) error

func (*WebAuthnHandler) FinishRegistration 

func (s *WebAuthnHandler) FinishRegistration(c *fiber.Ctx) error

func (*WebAuthnHandler) ListCredentials 

func (s *WebAuthnHandler) ListCredentials(c *fiber.Ctx) error

func (*WebAuthnHandler) Logoff 

func (s *WebAuthnHandler) Logoff(c *fiber.Ctx) error

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.