Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func Middleware ¶
func Middleware(next http.Handler, auth ...Authenticator) http.Handler
Middleware creates a http handler middleware which authenticates responses using the provided Authenticators If authentication suceeds, the request will have a context which includes a User object If authentication fails, the context will have an authentication error
func MustParseRSAPrivateKeyFromPEM ¶
func MustParseRSAPrivateKeyFromPEM(key string) *rsa.PrivateKey
Types ¶
type Authenticator ¶
Authenticator takes a JWT, validates the JWT and generates a User object
func NewBeneficiaryAuthenticator ¶
func NewBeneficiaryAuthenticator(aud, iss string, key *rsa.PublicKey) Authenticator
NewBeneficiaryAuthenticator returns an Authenticator which authenticates only beneficiary JWTs
func NewJWTAuthenticator ¶
func NewJWTAuthenticator(aud, iss string, key *rsa.PublicKey) Authenticator
NewJWTAuthenticator returns an Authenticator which supports JWTs
type Generator ¶
type Generator interface {
GenerateBeneficiaryJWT(benID, meetingID string, expiry time.Duration) (jti, jwt string, err error)
}
Generator generates beneficiary JWTs for use with self assessments
func NewBeneficiaryJWTGenerator ¶
func NewBeneficiaryJWTGenerator(aud, iss string, private *rsa.PrivateKey) Generator
NewBeneficiaryJWTGenerator returns a beneficiary JWT generator using the provided audience, issuer and private RSA key
type User ¶
type User interface {
// Organisation gets the active organisation the user belongs to
// errors are expected if the user is a beneficiary
Organisation() (string, error)
// Organisations returns the zero or more organisations the user belongs to
// Zero organisations will be returned for beneficairies
// For most authorization, only the user's active organisation should be used
Organisations() []string
// UserID gets the user's ID within the system
// for users this will be their auth0 IDs
// for beneficiaries this will be their beneficiary ID
UserID() string
// IsBeneficiary returns true if the User is a beneficiary user
// beneficiary users do not belong to an organisation and are normally limited in scope
IsBeneficiary() bool
// GetAssessmentScope returns true and the assessment ID if the user is restricted in scope to a single assessment
// this is common for beneficiary users
GetAssessmentScope() (string, bool)
// IsSuperUser returns true if the User has a particular super user scope.
// Super users typically don't belong to organisations and bypass typical permission checks.
// This functionality is intended for communication between the various systems which make up Impactasaurus.
IsSuperUser(scope string) bool
}
User is an object which provides details about the user making the request to the API
Source Files