Documentation ¶
Overview ¶
Package password is the password-based authentication driver for github.com/hiendv/gate
Example ¶
var auth gate.Auth userService := fixtures.NewMyUserService([]fixtures.User{ { ID: "id", Email: "email@local", Roles: []string{"role-id"}, }, }) tokenService := fixtures.NewMyTokenService(nil) roleService := fixtures.NewMyRoleService([]fixtures.Role{ { ID: "role-id", Abilities: []fixtures.Ability{ {Action: "GET", Object: "/api/v1/*"}, {Action: "POST", Object: "/api/v1/users*"}, }, }, }) account := fixtures.Account{Email: "email@local", Password: "password"} auth = New( Config{gate.NewConfig("jwt-secret", "jwt-secret", time.Hour*1, false)}, func(driver Driver, email, password string) (gate.HasEmail, error) { if account.Valid(email, password) { return account, nil } return nil, errors.New("invalid credentials") }, dependency.NewContainer(userService, tokenService, roleService), ) if auth == nil { fmt.Println("auth should not be nil") return } user, err := auth.Login(map[string]string{"email": "email@local", "password": "password"}) if err != nil { fmt.Println(err) return } fmt.Printf("Tokens: %d\n", tokenService.Count()) jwt, err := auth.IssueJWT(user) if err != nil { fmt.Println(err) return } fmt.Printf("Tokens: %d\n", tokenService.Count()) parsedUser, err := auth.Authenticate(jwt.Value) if err != nil { fmt.Println(err) return } fmt.Printf("%s:%s - %v\n", parsedUser.GetID(), parsedUser.GetEmail(), err) err = auth.Authorize(parsedUser, "GET", "/api/v1/users") fmt.Printf("%v\n", err) err = auth.Authorize(parsedUser, "GET", "/api/v1/posts") fmt.Printf("%v\n", err) err = auth.Authorize(parsedUser, "POST", "/api/v1/users") fmt.Printf("%v\n", err) err = auth.Authorize(parsedUser, "POST", "/api/v1/posts") fmt.Printf("%v\n", err)
Output: Tokens: 0 Tokens: 1 id:email@local - <nil> <nil> <nil> <nil> forbidden
Index ¶
- type Config
- type Driver
- func (auth Driver) Authenticate(tokenString string) (user gate.User, err error)
- func (auth Driver) Authorize(user gate.User, action, object string) (err error)
- func (auth Driver) GetUserAbilities(user gate.User) (abilities []gate.UserAbility, err error)
- func (auth Driver) GetUserFromJWT(token gate.JWT) (user gate.User, err error)
- func (auth Driver) IssueJWT(user gate.User) (token gate.JWT, err error)
- func (auth Driver) Login(credentials map[string]string) (user gate.User, err error)
- func (auth Driver) LoginURL(state string) (string, error)
- func (auth Driver) ParseJWT(tokenString string) (token gate.JWT, err error)
- func (auth Driver) StoreJWT(token gate.JWT) (err error)
- type LoginFunc
Examples ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Driver ¶
type Driver struct { dependency.Container // contains filtered or unexported fields }
Driver is password-based authentication
func New ¶
func New(config Config, handler LoginFunc, container dependency.Container) *Driver
New is the constructor for Driver
func (Driver) Authenticate ¶
Authenticate performs the authentication using JWT
Example ¶
userService := fixtures.NewMyUserService([]fixtures.User{ { ID: "id", Email: "email@local", Roles: []string{}, }, }) tokenService := fixtures.NewMyTokenService(nil) auth := New( Config{gate.NewConfig("jwt-secret", "jwt-secret", time.Hour*1, true)}, LoginFuncStub, // Role service is omitted dependency.NewContainer(userService, tokenService, nil), ) if auth == nil { fmt.Println("auth should not be nil") return } user, err := auth.Authenticate("eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyIjp7ImlkIjoiaWQiLCJ1c2VybmFtZSI6InVzZXJuYW1lIiwicm9sZXMiOlsicm9sZSJdfSwiZXhwIjoxNjA1MDUyODAwLCJqdGkiOiJjbGFpbXMtaWQiLCJpYXQiOjE2MDUwNDkyMDB9.b0gxC2uZRek-SPwHSqyLOoW_DjSYroSivLqJG96Zxl0") if err != nil { fmt.Println(err) return } fmt.Printf("%s:%s - %v", user.GetID(), user.GetEmail(), err)
Output: id:email@local - <nil>
func (Driver) Authorize ¶
Authorize performs the authorization when a given user takes an action on an object using RBAC
func (Driver) GetUserAbilities ¶
GetUserAbilities returns a user's abilities
func (Driver) GetUserFromJWT ¶
GetUserFromJWT returns a user from a given JWT
func (Driver) IssueJWT ¶
IssueJWT issues and stores a JWT for a specific user
Example ¶
userService := fixtures.NewMyUserService([]fixtures.User{ { ID: "id", Email: "email@local", Roles: []string{"role"}, }, }) tokenService := fixtures.NewMyTokenService(nil) account := fixtures.Account{Email: "email@local", Password: "password"} auth := New( Config{gate.NewConfig("jwt-secret", "jwt-secret", time.Hour*1, false)}, func(driver Driver, email, password string) (gate.HasEmail, error) { if account.Valid(email, password) { return account, nil } return nil, errors.New("invalid credentials") }, // Role service is omitted dependency.NewContainer(userService, tokenService, nil), ) if auth == nil { fmt.Println("auth should not be nil") return } jwtConfig, err := gate.NewHMACJWTConfig("HS256", auth.config.JWTSigningKey(), auth.config.JWTExpiration(), auth.config.JWTSkipClaimsValidation()) if err != nil { fmt.Println(err) return } mockedJWTService := gate.NewJWTService(jwtConfig) mockedJWTService.Now = func() time.Time { return time.Date(2020, time.November, 10, 23, 0, 0, 0, time.UTC) } mockedJWTService.GenerateClaimsID = func() string { return "claims-id" } auth.Container.SetJWTService(mockedJWTService) user, err := auth.Login(map[string]string{"email": "email@local", "password": "password"}) if err != nil { fmt.Println(err) return } jwt, err := auth.IssueJWT(user) if err != nil { fmt.Println(err) return } fmt.Printf("%s:%s@%s - %v", jwt.ID, jwt.Value, jwt.UserID, err)
Output: claims-id:eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyIjp7ImlkIjoiaWQiLCJlbWFpbCI6ImVtYWlsQGxvY2FsIiwicm9sZXMiOlsicm9sZSJdfSwiZXhwIjoxNjA1MDUyODAwLCJqdGkiOiJjbGFpbXMtaWQiLCJpYXQiOjE2MDUwNDkyMDB9.aCp3Bx6aH48sYAeCSXhQyXGAYTiyr9VSkC3mT7dmUeE@id - <nil>
func (Driver) Login ¶
Login resolves password-based authentication with the given handler and credentials
Example ¶
userService := fixtures.NewMyUserService([]fixtures.User{ { ID: "id", Email: "email@local", Roles: []string{"role-id"}, }, }) account := fixtures.Account{Email: "email@local", Password: "password"} anotherAccount := fixtures.Account{Email: "email2@local", Password: "password2"} auth := New( Config{gate.NewConfig("jwt-secret", "jwt-secret", time.Hour*1, false)}, func(driver Driver, email, password string) (gate.HasEmail, error) { if account.Valid(email, password) { return account, nil } if anotherAccount.Valid(email, password) { return anotherAccount, nil } return nil, errors.New("invalid credentials") }, // Token and Role services are omitted dependency.NewContainer(userService, nil, nil), ) if auth == nil { fmt.Println("auth should not be nil") return } user, err := auth.Login(map[string]string{"email": "email@local", "password": "password"}) if err != nil { fmt.Println(err) return } fmt.Printf("%s:%s - %v\n", user.GetID(), user.GetEmail(), err) userService.GenerateMyUserID = func() string { return "a-fixed-id" } secondUser, err := auth.Login(map[string]string{"email": "email2@local", "password": "password2"}) if err != nil { fmt.Println(err) return } fmt.Printf("%s:%s - %v\n", secondUser.GetID(), secondUser.GetEmail(), err)
Output: id:email@local - <nil> a-fixed-id:email2@local - <nil>
Click to show internal directories.
Click to hide internal directories.