handler

package

v0.0.0-...-1305305 Latest Latest Go to latest Published: Jun 30, 2021 License: Apache-2.0 Imports: 33 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/ibm/world-wire

Documentation ¶

Index ¶

Constants
Variables
func ParticipantAuthorization(w http.ResponseWriter, r *http.Request, next http.HandlerFunc)
func SuperAuthorization(w http.ResponseWriter, r *http.Request, next http.HandlerFunc)
type AuthOperations
- func CreateAuthServiceOperations() (AuthOperations, error)
type IRoutePermissions
type MakerRequestData

Constants ¶

View Source

const (
	// Mongo database name
	AuthDBName   = "auth"
	PortalDBName = "portal-db"

	// Mongo collection name
	UserCollection                   = "users"
	JWTInfoCollection                = "jwt_info"
	JWTSecureCollection              = "jwt_secure"
	InstitutionsCollection           = "institutions"
	ParticipantPermissionsCollection = "participant_permissions"
	ParticipantApprovalsCollection   = "participant_approvals"
	SuperApprovalsCollection         = "super_approvals"
	IDTokenSecureCollection          = "id_token_secure"
	TOTPCollection                   = "totp"
)

Variables ¶

View Source

var LOGGER = logging.MustGetLogger("auth-handlers")

Functions ¶

func ParticipantAuthorization ¶

func ParticipantAuthorization(w http.ResponseWriter, r *http.Request, next http.HandlerFunc)

* ParticipantAuthorization : Authorization for client portal * If JWT is not enabled, the next handler is served. * If JWT is enabled, database ID, institution ID, permission (request/approve), requestID (if permission is approve), participantID are expected in the headers. * The error message can be relayed back with NotifyWWError but it seems sensible to log it.

func SuperAuthorization ¶

func SuperAuthorization(w http.ResponseWriter, r *http.Request, next http.HandlerFunc)

* SuperAuthorization : Authorization for client portal for super users * If JWT is not enabled, the next handler is served. * If JWT is enabled, database ID, institution ID, permission (request/approve), requestID (if permission is approve), participantID are expected in the headers. * Participant ID and Institution ID are no longer mandatory because at the time it wont be necessary that those are available. * All GET requests are direct access, if there is access :- No maker checker * All POSTS are maker-checker except payout point which needs the current security lead/team member to validate before it gets merged in

Types ¶

type AuthOperations ¶

type AuthOperations struct {
	// contains filtered or unexported fields
}

func CreateAuthServiceOperations ¶

func CreateAuthServiceOperations() (AuthOperations, error)

func (*AuthOperations) AuthenticateUser ¶

func (op *AuthOperations) AuthenticateUser(next http.Handler) http.Handler

This middleware will check if the provided ID token contained the user ID and will use this ID to query the record in the DB to check if this user exist. Later on, set the email in the header for later use.

func (*AuthOperations) CheckAccountNameMiddleWare ¶

func (op *AuthOperations) CheckAccountNameMiddleWare(next http.Handler) http.Handler

func (*AuthOperations) CheckPermissions ¶

func (op *AuthOperations) CheckPermissions(next http.Handler) http.Handler

This middleware will extract the request path and check if this user has the permission to access this endpoint

func (*AuthOperations) CheckTOTPMiddleWareIBMIdUser ¶

func (op *AuthOperations) CheckTOTPMiddleWareIBMIdUser(next http.Handler) http.Handler

func (*AuthOperations) CheckTOTPMiddleWarePortalUser ¶

func (op *AuthOperations) CheckTOTPMiddleWarePortalUser(next http.Handler) http.Handler

func (*AuthOperations) ExtractJWTClaims ¶

func (op *AuthOperations) ExtractJWTClaims(tokenStr string, r *http.Request) (jwt.IJWTTokenClaim, bool)

ExtractJWTClaims : parses (decodes) jwt token using secret and returns claims if successful

func (*AuthOperations) HandleGenerateIDToken ¶

func (op *AuthOperations) HandleGenerateIDToken(w http.ResponseWriter, r *http.Request)

func (*AuthOperations) HandleJWTApprove ¶

func (op *AuthOperations) HandleJWTApprove(w http.ResponseWriter, r *http.Request)

#2 Second step for JWT creation

func (*AuthOperations) HandleJWTGenerate ¶

func (op *AuthOperations) HandleJWTGenerate(w http.ResponseWriter, r *http.Request)

#3 Third step for JWT creation

func (*AuthOperations) HandleJWTRefresh ¶

func (op *AuthOperations) HandleJWTRefresh(w http.ResponseWriter, r *http.Request)

func (*AuthOperations) HandleJWTRequest ¶

func (op *AuthOperations) HandleJWTRequest(w http.ResponseWriter, r *http.Request)

#1 First step for JWT creation

func (*AuthOperations) HandleJWTRevoke ¶

func (op *AuthOperations) HandleJWTRevoke(w http.ResponseWriter, r *http.Request)

func (*AuthOperations) HandleJWTVerify ¶

func (op *AuthOperations) HandleJWTVerify(w http.ResponseWriter, r *http.Request)

func (*AuthOperations) HandlePermissionParticipantUpdate ¶

func (op *AuthOperations) HandlePermissionParticipantUpdate(w http.ResponseWriter, r *http.Request)

func (*AuthOperations) HandlePermissionSuperUpdate ¶

func (op *AuthOperations) HandlePermissionSuperUpdate(w http.ResponseWriter, r *http.Request)

func (*AuthOperations) HandlePortalLoginTOTP ¶

func (op *AuthOperations) HandlePortalLoginTOTP(w http.ResponseWriter, r *http.Request)

func (*AuthOperations) HandleSSOToken ¶

func (op *AuthOperations) HandleSSOToken(w http.ResponseWriter, r *http.Request)

func (*AuthOperations) HandleTOTPConfirm ¶

func (op *AuthOperations) HandleTOTPConfirm(w http.ResponseWriter, r *http.Request)

func (*AuthOperations) HandleTOTPCreate ¶

func (op *AuthOperations) HandleTOTPCreate(w http.ResponseWriter, r *http.Request)

func (*AuthOperations) MiddlewareCheck ¶

func (op *AuthOperations) MiddlewareCheck(w http.ResponseWriter, r *http.Request)

func (*AuthOperations) ServiceCheck ¶

func (op *AuthOperations) ServiceCheck(w http.ResponseWriter, r *http.Request)

type IRoutePermissions ¶

type IRoutePermissions struct {
	SuperPermissions       []string
	ParticipantPermissions []string
}

type MakerRequestData ¶

type MakerRequestData struct {
	ID            primitive.ObjectID `json:"_id" bson:"_id"`
	RequestUserID string             `json:"uid_request,omitempty" bson:"uid_request"`
	ApproveUserID string             `json:"uid_approve" bson:"uid_approve"`
	InstitutionID string             `json:"iid,omitempty" bson:"iid"`
	ParticipantID string             `json:"pid,omitempty" bson:"pid"`
	Status        string             `json:"status,omitempty" bson:"status"`
	Endpoint      string             `json:"endpoint,omitempty" bson:"endpoint"`
	Method        string             `json:"method,omitempty" bson:"method"`
	Timestamp     int64              `json:"timestamp_request,omitempty" bson:"timestamp_request"`
}

MakerRequestData is a json-serializable type. This is the data structure that gets committed to database. The ApproveUserId is added from the beginning since altering types later is not possible.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL