Documentation ¶
Overview ¶
`go-gdpr` is an experimental implementation of the OpenGDPR specification.
Index ¶
- Constants
- Variables
- func Callback(cbReq *CallbackRequest, opts *CallbackOptions) error
- func ErrInvalidRequestSignature(signature string, err error) error
- func ErrMissingRequiredField(field string) error
- func ErrNotFound(id string) error
- func ErrUnsupportedIdentity(id Identity) error
- func ErrUnsupportedRequestType(st SubjectType) error
- func SupportedFunc(opts *ServerOptions) func(*Request) error
- func ValidateRequest(opts *ServerOptions) func(*Request) error
- type Builder
- type CallbackOptions
- type CallbackRequest
- type CancellationResponse
- type Client
- type ClientOptions
- type Controller
- type DiscoveryResponse
- type Error
- type ErrorResponse
- type Handler
- type HandlerMap
- type Identity
- type IdentityFormat
- type IdentityType
- type KeyOptions
- type NoopSigner
- type NoopVerifier
- type Processor
- type Request
- type RequestStatus
- type Response
- type Server
- type ServerOptions
- type Signer
- type StatusResponse
- type SubjectType
- type Verifier
Constants ¶
const ( SUBJECT_ACCESS = SubjectType("access") SUBJECT_PORTABILITY = SubjectType("portability") SUBJECT_ERASURE = SubjectType("erasure") )
const ( IDENTITY_CONTROLLER_CUSTOMER_ID = IdentityType("controller_customer_id") IDENTITY_ANDROID_ADVERTISING_ID = IdentityType("android_advertising_id") IDENTITY_ANDROID_ID = IdentityType("android_id") IDENTITY_EMAIL = IdentityType("email") IDENTITY_FIRE_ADVERTISING_ID = IdentityType("fire_advertising_id") IDENTITY_IOS_ADVERTISING_ID = IdentityType("ios_advertising_id") IDENTITY_IOS_VENDOR_ID = IdentityType("ios_vendor_id") IDENTITY_MICROSOFT_ADVERTISING_ID = IdentityType("microsoft_advertising_id") IDENTITY_MICROSOFT_PUBLISHER_ID = IdentityType("microsoft_publisher_id") IDENTITY_ROKU_PUBLISHER_ID = IdentityType("roku_publisher_id") IDENTITY_ROKU_ADVERTISING_ID = IdentityType("roku_advertising_id") )
const ( FORMAT_RAW = IdentityFormat("raw") FORMAT_SHA1 = IdentityFormat("sha1") FORMAT_MD5 = IdentityFormat("md5") FORMAT_SHA256 = IdentityFormat("sha256") )
const ( STATUS_PENDING = RequestStatus("pending") STATUS_IN_PROGRESS = RequestStatus("in_progress") STATUS_COMPLETED = RequestStatus("completed") STATUS_CANCELLED = RequestStatus("cancelled") )
const ApiVersion = "0.1"
Variables ¶
var IdentityFormatMap = map[string]IdentityFormat{ "raw": FORMAT_RAW, "sha1": FORMAT_SHA1, "md5": FORMAT_MD5, "sha256": FORMAT_SHA256, }
var IdentityTypeMap = map[string]IdentityType{ "controller_customer_id": IDENTITY_CONTROLLER_CUSTOMER_ID, "android_advertising_id": IDENTITY_ANDROID_ADVERTISING_ID, "android_id": IDENTITY_ANDROID_ID, "email": IDENTITY_EMAIL, "fire_advertising_id": IDENTITY_FIRE_ADVERTISING_ID, "ios_advertising_id": IDENTITY_IOS_ADVERTISING_ID, "ios_vendor_id": IDENTITY_IOS_VENDOR_ID, "microsoft_advertising_id": IDENTITY_MICROSOFT_ADVERTISING_ID, "microsoft_publisher_id": IDENTITY_MICROSOFT_PUBLISHER_ID, "roku_publisher_id": IDENTITY_ROKU_PUBLISHER_ID, "roku_advertising_id": IDENTITY_ROKU_ADVERTISING_ID, }
var RequestStatusMap = map[string]RequestStatus{ "pending": STATUS_PENDING, "in_progress": STATUS_IN_PROGRESS, "completed": STATUS_COMPLETED, "cancelled": STATUS_CANCELLED, }
var SubjectTypeMap = map[string]SubjectType{ "access": SUBJECT_ACCESS, "portability": SUBJECT_PORTABILITY, "erasure": SUBJECT_ERASURE, }
Functions ¶
func Callback ¶
func Callback(cbReq *CallbackRequest, opts *CallbackOptions) error
Callback sends the CallbackRequest type to the configured StatusCallbackUrl. If it fails to deliver in n attempts or the request is invalid it will return an error.
func ErrInvalidRequestSignature ¶
ErrInvalidRequestSignature indicates the payload could not be verified with the given signature.
func ErrMissingRequiredField ¶
ErrMissingRequiredField indicates the request is missing a required field.
func ErrNotFound ¶
ErrNotFound indicates a request could not be found by the processor.
func ErrUnsupportedIdentity ¶
ErrUnsupportedIdentity indicates the processor does not support the given identity type.
func ErrUnsupportedRequestType ¶
func ErrUnsupportedRequestType(st SubjectType) error
ErrUnsupportedRequestType indicates the processor cannot fullfil a request for the given RequestType.
func SupportedFunc ¶
func SupportedFunc(opts *ServerOptions) func(*Request) error
SupportedFunc returns a function that checks if the server can support a specific request.
func ValidateRequest ¶
func ValidateRequest(opts *ServerOptions) func(*Request) error
Types ¶
type Builder ¶
type Builder func(opts *ServerOptions) Handler
Builder is a functional option to construct a Handler.
type CallbackOptions ¶
type CallbackOptions struct { MaxAttempts int Backoff time.Duration ProcessorDomain string Client *http.Client Signer Signer }
CallBackOptions configure an HTTP callback
type CallbackRequest ¶
type CallbackRequest struct { ControllerId string `json:"controller_id"` ExpectedCompletionTime time.Time `json:"expected_completion_time"` StatusCallbackUrl string `json:"status_callback_url"` SubjectRequestId string `json:"subject_request_id"` RequestStatus RequestStatus `json:"request_status"` ResultsUrl string `json:"results_url"` }
type CancellationResponse ¶
type Client ¶
type Client struct {
// contains filtered or unexported fields
}
Client is an HTTP helper client for making requests to an OpenGDPR processor server.
func NewClient ¶
func NewClient(opts *ClientOptions) *Client
NewClient returns a new OpenGDPR client.
func (*Client) Cancel ¶
func (c *Client) Cancel(id string) (*CancellationResponse, error)
Cancel cancels an existing GDPR request.
func (*Client) Discovery ¶
func (c *Client) Discovery() (*DiscoveryResponse, error)
Discovery describes the remote OpenGDPR speciication.
type ClientOptions ¶
ClientOptions conifigure a Client.
type Controller ¶
type Controller interface { // Process a callback from a remote // processor. Callback(req *CallbackRequest) error }
Controller makes new requests to a Processor and processes Callback requests.
type DiscoveryResponse ¶
type DiscoveryResponse struct { ApiVersion string `json:"api_version"` SupportedIdentities []Identity `json:"supported_identities"` SupportedSubjectRequestTypes []SubjectType `json:"supported_subject_request_types"` ProcessorCertificate string `json:"processor_certificate"` }
type Error ¶
type ErrorResponse ¶
type ErrorResponse struct { Code int `json:"-"` Message string `json:"-"` Errors []Error `json:"-"` }
func (ErrorResponse) Error ¶
func (e ErrorResponse) Error() string
func (ErrorResponse) MarshalJSON ¶
func (e ErrorResponse) MarshalJSON() ([]byte, error)
func (*ErrorResponse) UnmarshalJSON ¶
func (e *ErrorResponse) UnmarshalJSON(raw []byte) error
type HandlerMap ¶
HandlerMap is a map of route/methods to Builder.
func (HandlerMap) Merge ¶
func (hm HandlerMap) Merge(other HandlerMap)
Merge merges another HandlerMap into itself.
type Identity ¶
type Identity struct { Type IdentityType `json:"identity_type"` Format IdentityFormat `json:"identity_format"` Value string `json:"identity_value,omitempty"` }
type IdentityFormat ¶
type IdentityFormat string
func (*IdentityFormat) UnmarshalJSON ¶
func (i *IdentityFormat) UnmarshalJSON(raw []byte) error
func (IdentityFormat) Valid ¶
func (i IdentityFormat) Valid() bool
type IdentityType ¶
type IdentityType string
func (*IdentityType) UnmarshalJSON ¶
func (i *IdentityType) UnmarshalJSON(raw []byte) error
func (IdentityType) Valid ¶
func (i IdentityType) Valid() bool
type KeyOptions ¶
type KeyOptions struct { KeyPath string KeyBytes []byte // Optional byte string to decrypt // a private key file. Password []byte }
KeyOptions specify the path or bytes of a public or private key.
type NoopVerifier ¶
type NoopVerifier struct{}
NoopVerifier is useful to forgo all certificate verification.
func (NoopVerifier) Cert ¶
func (v NoopVerifier) Cert() *x509.Certificate
type Processor ¶
type Processor interface { // Request accepts an incoming Request type // and is expected to process it in some way. Request(*Request) (*Response, error) // Status validates the status of an existing // request sent to this processor. Status(id string) (*StatusResponse, error) // Cancel prevents any further processing of // the Request. Cancel(id string) (*CancellationResponse, error) }
Processor implements the business logic for processing GDPR requests. The Processor interface is intended to be wrapped by the Server type and provide an HTTP REST server. Any method may return an ErrorResponse type which will be serialized as JSON and handled in accordance to the OpenGDPR specification.
type Request ¶
type Request struct { SubjectRequestId string `json:"subject_request_id"` SubjectRequestType SubjectType `json:"subject_request_type"` SubmittedTime time.Time `json:"submitted_time"` ApiVersion string `json:"api_version"` StatusCallbackUrls []string `json:"status_callback_urls"` SubjectIdentities []Identity `json:"subject_identities"` // TODO Extensions json.RawMessage `json:"extensions"` }
Request represents a GDPR request
type RequestStatus ¶
type RequestStatus string
RequestStatus represents the status of a GDPR request
func (*RequestStatus) UnmarshalJSON ¶
func (r *RequestStatus) UnmarshalJSON(raw []byte) error
func (RequestStatus) Valid ¶
func (r RequestStatus) Valid() bool
type Server ¶
type Server struct {
// contains filtered or unexported fields
}
Server exposes an HTTP interface to an underlying Processor or Controller. Server relies on httprouter for route matching, in the future we might expand this to support other mux and frameworks.
func NewServer ¶
func NewServer(opts *ServerOptions) *Server
NewServer returns a server type that statisfies the http.Handler interface.
func (*Server) After ¶
func (s *Server) After(handlers ...http.HandlerFunc)
After applys any http.HandlerFunc to the request after it has been handled by the controller/processor.
func (*Server) Before ¶
func (s *Server) Before(handlers ...http.HandlerFunc)
Before applys any http.HandlerFunc to the request before sending it on to the controller/processor. Note that if a handler incecepts the body of the request via request.Body they must ensure it's contents are added back to request or signature verification will fail!
type ServerOptions ¶
type ServerOptions struct { // Controller to process callback requests. Controller Controller // Processor to handle GDPR requests. Processor Processor // Signs all responses. Signer Signer // Verifies any incoming callbacks. Verifier Verifier // Array of identity types supported by // the server. Identities []Identity // Array of subject types supported by // the server. SubjectTypes []SubjectType // Optional map allowing the user to // override specific routes. HandlerMap HandlerMap // Processor domain of this server. ProcessorDomain string // Remote URL where the public certificate // of this server can be downloaded and used // to verify subsequent response payload ProcessorCertificateUrl string }
ServerOptions contains configuration options that effect the operation of the HTTP server.
type Signer ¶
Signer accepts a byte array which it creates a hash from and generates a signature which it base64 encodes as a string.
func MustNewSigner ¶
func MustNewSigner(opts *KeyOptions) Signer
func NewSigner ¶
func NewSigner(opts *KeyOptions) (Signer, error)
NewSigner creates a new RSA backed Signer
type StatusResponse ¶
type StatusResponse struct { ControllerId string `json:"controller_id"` ExpectedCompletionTime time.Time `json:"expected_completion_time"` SubjectRequestId string `json:"subject_request_id"` RequestStatus RequestStatus `json:"request_status"` ApiVersion string `json:"api_version"` ResultsUrl string `json:"results_url"` }
type SubjectType ¶
type SubjectType string
SubjectType is the type of request that is being made.
func (*SubjectType) UnmarshalJSON ¶
func (s *SubjectType) UnmarshalJSON(raw []byte) error
func (SubjectType) Valid ¶
func (s SubjectType) Valid() bool
type Verifier ¶
type Verifier interface { // return the underlying cerificate Cert() *x509.Certificate // verify the digest of the signature Verify(body []byte, signature string) error }
Verifier accepts a byte array and base64 encoded signature. It hashes the byte array and compares it's decoded value.
func MustNewVerifier ¶
func MustNewVerifier(opts *KeyOptions) Verifier
func NewVerifier ¶
func NewVerifier(opts *KeyOptions) (Verifier, error)
NewVerifier creates a new RSA backed Verifier