Documentation
¶
Overview ¶
Package password is the password-based authentication driver for github.com/hiendv/gate
Example ¶
var auth gate.Auth
userService := fixtures.NewMyUserService([]fixtures.User{
{
ID: "id",
Email: "email@local",
Roles: []string{"role-id"},
},
})
tokenService := fixtures.NewMyTokenService(nil)
roleService := fixtures.NewMyRoleService([]fixtures.Role{
{
ID: "role-id",
Abilities: []fixtures.Ability{
{Action: "GET", Object: "/api/v1/*"},
{Action: "POST", Object: "/api/v1/users*"},
},
},
})
account := fixtures.Account{Email: "email@local", Password: "password"}
auth = New(
Config{gate.NewConfig("jwt-secret", "jwt-secret", time.Hour*1, false)},
func(driver Driver, email, password string) (gate.HasEmail, error) {
if account.Valid(email, password) {
return account, nil
}
return nil, errors.New("invalid credentials")
},
dependency.NewContainer(userService, tokenService, roleService),
)
if auth == nil {
fmt.Println("auth should not be nil")
return
}
user, err := auth.Login(map[string]string{"email": "email@local", "password": "password"})
if err != nil {
fmt.Println(err)
return
}
fmt.Printf("Tokens: %d\n", tokenService.Count())
jwt, err := auth.IssueJWT(user)
if err != nil {
fmt.Println(err)
return
}
fmt.Printf("Tokens: %d\n", tokenService.Count())
parsedUser, err := auth.Authenticate(jwt.Value)
if err != nil {
fmt.Println(err)
return
}
fmt.Printf("%s:%s - %v\n", parsedUser.GetID(), parsedUser.GetEmail(), err)
err = auth.Authorize(parsedUser, "GET", "/api/v1/users")
fmt.Printf("%v\n", err)
err = auth.Authorize(parsedUser, "GET", "/api/v1/posts")
fmt.Printf("%v\n", err)
err = auth.Authorize(parsedUser, "POST", "/api/v1/users")
fmt.Printf("%v\n", err)
err = auth.Authorize(parsedUser, "POST", "/api/v1/posts")
fmt.Printf("%v\n", err)
Output: Tokens: 0 Tokens: 1 id:email@local - <nil> <nil> <nil> <nil> forbidden
Index ¶
- type Config
- type Driver
- func (auth Driver) Authenticate(tokenString string) (user gate.User, err error)
- func (auth Driver) Authorize(user gate.User, action, object string) (err error)
- func (auth Driver) GetUserAbilities(user gate.User) (abilities []gate.UserAbility, err error)
- func (auth Driver) GetUserFromJWT(token gate.JWT) (user gate.User, err error)
- func (auth Driver) IssueJWT(user gate.User) (token gate.JWT, err error)
- func (auth Driver) Login(credentials map[string]string) (user gate.User, err error)
- func (auth Driver) LoginURL(state string) (string, error)
- func (auth Driver) ParseJWT(tokenString string) (token gate.JWT, err error)
- func (auth Driver) StoreJWT(token gate.JWT) (err error)
- type LoginFunc
Examples ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Driver ¶
type Driver struct {
dependency.Container
// contains filtered or unexported fields
}
Driver is password-based authentication
func New ¶
func New(config Config, handler LoginFunc, container dependency.Container) *Driver
New is the constructor for Driver
func (Driver) Authenticate ¶
Authenticate performs the authentication using JWT
Example ¶
userService := fixtures.NewMyUserService([]fixtures.User{
{
ID: "id",
Email: "email@local",
Roles: []string{},
},
})
tokenService := fixtures.NewMyTokenService(nil)
auth := New(
Config{gate.NewConfig("jwt-secret", "jwt-secret", time.Hour*1, true)},
LoginFuncStub,
// Role service is omitted
dependency.NewContainer(userService, tokenService, nil),
)
if auth == nil {
fmt.Println("auth should not be nil")
return
}
user, err := auth.Authenticate("eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyIjp7ImlkIjoiaWQiLCJ1c2VybmFtZSI6InVzZXJuYW1lIiwicm9sZXMiOlsicm9sZSJdfSwiZXhwIjoxNjA1MDUyODAwLCJqdGkiOiJjbGFpbXMtaWQiLCJpYXQiOjE2MDUwNDkyMDB9.b0gxC2uZRek-SPwHSqyLOoW_DjSYroSivLqJG96Zxl0")
if err != nil {
fmt.Println(err)
return
}
fmt.Printf("%s:%s - %v", user.GetID(), user.GetEmail(), err)
Output: id:email@local - <nil>
func (Driver) Authorize ¶
Authorize performs the authorization when a given user takes an action on an object using RBAC
func (Driver) GetUserAbilities ¶
GetUserAbilities returns a user's abilities
func (Driver) GetUserFromJWT ¶
GetUserFromJWT returns a user from a given JWT
func (Driver) IssueJWT ¶
IssueJWT issues and stores a JWT for a specific user
Example ¶
userService := fixtures.NewMyUserService([]fixtures.User{
{
ID: "id",
Email: "email@local",
Roles: []string{"role"},
},
})
tokenService := fixtures.NewMyTokenService(nil)
account := fixtures.Account{Email: "email@local", Password: "password"}
auth := New(
Config{gate.NewConfig("jwt-secret", "jwt-secret", time.Hour*1, false)},
func(driver Driver, email, password string) (gate.HasEmail, error) {
if account.Valid(email, password) {
return account, nil
}
return nil, errors.New("invalid credentials")
},
// Role service is omitted
dependency.NewContainer(userService, tokenService, nil),
)
if auth == nil {
fmt.Println("auth should not be nil")
return
}
jwtConfig, err := gate.NewHMACJWTConfig("HS256", auth.config.JWTSigningKey(), auth.config.JWTExpiration(), auth.config.JWTSkipClaimsValidation())
if err != nil {
fmt.Println(err)
return
}
mockedJWTService := gate.NewJWTService(jwtConfig)
mockedJWTService.Now = func() time.Time {
return time.Date(2020, time.November, 10, 23, 0, 0, 0, time.UTC)
}
mockedJWTService.GenerateClaimsID = func() string {
return "claims-id"
}
auth.Container.SetJWTService(mockedJWTService)
user, err := auth.Login(map[string]string{"email": "email@local", "password": "password"})
if err != nil {
fmt.Println(err)
return
}
jwt, err := auth.IssueJWT(user)
if err != nil {
fmt.Println(err)
return
}
fmt.Printf("%s:%s@%s - %v", jwt.ID, jwt.Value, jwt.UserID, err)
Output: claims-id:eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyIjp7ImlkIjoiaWQiLCJlbWFpbCI6ImVtYWlsQGxvY2FsIiwicm9sZXMiOlsicm9sZSJdfSwiZXhwIjoxNjA1MDUyODAwLCJqdGkiOiJjbGFpbXMtaWQiLCJpYXQiOjE2MDUwNDkyMDB9.aCp3Bx6aH48sYAeCSXhQyXGAYTiyr9VSkC3mT7dmUeE@id - <nil>
func (Driver) Login ¶
Login resolves password-based authentication with the given handler and credentials
Example ¶
userService := fixtures.NewMyUserService([]fixtures.User{
{
ID: "id",
Email: "email@local",
Roles: []string{"role-id"},
},
})
account := fixtures.Account{Email: "email@local", Password: "password"}
anotherAccount := fixtures.Account{Email: "email2@local", Password: "password2"}
auth := New(
Config{gate.NewConfig("jwt-secret", "jwt-secret", time.Hour*1, false)},
func(driver Driver, email, password string) (gate.HasEmail, error) {
if account.Valid(email, password) {
return account, nil
}
if anotherAccount.Valid(email, password) {
return anotherAccount, nil
}
return nil, errors.New("invalid credentials")
},
// Token and Role services are omitted
dependency.NewContainer(userService, nil, nil),
)
if auth == nil {
fmt.Println("auth should not be nil")
return
}
user, err := auth.Login(map[string]string{"email": "email@local", "password": "password"})
if err != nil {
fmt.Println(err)
return
}
fmt.Printf("%s:%s - %v\n", user.GetID(), user.GetEmail(), err)
userService.GenerateMyUserID = func() string {
return "a-fixed-id"
}
secondUser, err := auth.Login(map[string]string{"email": "email2@local", "password": "password2"})
if err != nil {
fmt.Println(err)
return
}
fmt.Printf("%s:%s - %v\n", secondUser.GetID(), secondUser.GetEmail(), err)
Output: id:email@local - <nil> a-fixed-id:email2@local - <nil>
Source Files
Click to show internal directories.
Click to hide internal directories.