Documentation
¶
Index ¶
- Constants
- Variables
- func CtxGetState(ctx context.Context) *contextState
- func CtxInitState(ctx context.Context) context.Context
- func Login(ctx context.Context, config *Config, setupKey string, jwtToken string) error
- func ManagementURLDefault() *url.URL
- func ParseURL(serviceName, managementURL string) (*url.URL, error)
- func RunClient(ctx context.Context, config *Config, statusRecorder *isecStatus.Status) error
- func SignalOfferAnswer(offerAnswer peer.OfferAnswer, myKey wgtypes.Key, remoteKey wgtypes.Key, ...) error
- type Claims
- type Config
- type DeviceAuthInfo
- type DeviceAuthorizationFlow
- type Engine
- type EngineConfig
- type HTTPClient
- type Hosted
- type OAuthClient
- type Peer
- type ProviderConfig
- type RequestDeviceCodePayload
- type StatusType
- type TokenInfo
- type TokenRequestPayload
- type TokenRequestResponse
Constants ¶
const ( PeerConnectionTimeoutMax = 45000 // ms PeerConnectionTimeoutMin = 30000 // ms )
PeerConnectionTimeoutMax is a timeout of an initial connection attempt to a remote peer. E.g. this peer will wait PeerConnectionTimeoutMax for the remote peer to respond, if not successful then it will retry the connection attempt. Todo pass timeout at EnginConfig
const ( HostedGrantType = "urn:ietf:params:oauth:grant-type:device_code" HostedRefreshGrant = "refresh_token" )
HostedGrantType grant type for device flow on Hosted
const ManagementLegacyPort = 33073
ManagementLegacyPort is the port that was used before by the Management gRPC server. It is used for backward compatibility now. NB: hardcoded from github.com/isecwaypro/isecway/management/cmd to avoid import
Variables ¶
var ErrResetConnection = fmt.Errorf("reset connection")
Functions ¶
func CtxGetState ¶
CtxGetState object to get/update state/errors of process.
func CtxInitState ¶
CtxInitState setup context state into the context tree.
This function should be used to initialize context before CtxGetState will be executed.
func ManagementURLDefault ¶
Types ¶
type Claims ¶
type Claims struct {
Audience interface{} `json:"aud"`
}
Claims used when validating the access token
type Config ¶
type Config struct {
// Wireguard private key of local peer
PrivateKey string
ManagementURL *url.URL
AdminURL *url.URL
WgIface string
WgPort int
IFaceBlackList []string
// SSHKey is a private SSH key in a PEM format
SSHKey string
}
Config Configuration type
func ReadConfig ¶
ReadConfig reads existing config. In case provided managementURL is not empty overrides the read property
func UpdateOldManagementPort ¶
func UpdateOldManagementPort(ctx context.Context, config *Config, configPath string) (*Config, error)
UpdateOldManagementPort checks whether client can switch to the new Management port 443. If it can switch, then it updates the config and returns a new one. Otherwise, it returns the provided config. The check is performed only for the ISecWay's managed version.
type DeviceAuthInfo ¶
type DeviceAuthInfo struct {
DeviceCode string `json:"device_code"`
UserCode string `json:"user_code"`
VerificationURI string `json:"verification_uri"`
VerificationURIComplete string `json:"verification_uri_complete"`
ExpiresIn int `json:"expires_in"`
Interval int `json:"interval"`
}
DeviceAuthInfo holds information for the OAuth device login flow
type DeviceAuthorizationFlow ¶
type DeviceAuthorizationFlow struct {
Provider string
ProviderConfig ProviderConfig
}
DeviceAuthorizationFlow represents Device Authorization Flow information
func GetDeviceAuthorizationFlowInfo ¶
func GetDeviceAuthorizationFlowInfo(ctx context.Context, config *Config) (DeviceAuthorizationFlow, error)
type Engine ¶
type Engine struct {
// STUNs is a list of STUN servers used by ICE
STUNs []*ice.URL
// TURNs is a list of STUN servers used by ICE
TURNs []*ice.URL
// contains filtered or unexported fields
}
Engine is a mechanism responsible for reacting on Signal and Management stream events and managing connections to the remote peers.
func NewEngine ¶
func NewEngine( ctx context.Context, cancel context.CancelFunc, signalClient signal.Client, mgmClient mgm.Client, config *EngineConfig, statusRecorder *isecstatus.Status, ) *Engine
NewEngine creates a new Connection Engine
func (*Engine) GetConnectedPeers ¶
GetConnectedPeers returns a connection Status or nil if peer connection wasn't found
func (*Engine) GetPeerConnectionStatus ¶
func (e *Engine) GetPeerConnectionStatus(peerKey string) peer.ConnStatus
GetPeerConnectionStatus returns a connection Status or nil if peer connection wasn't found
func (*Engine) Start ¶
Start creates a new Wireguard tunnel interface and listens to events from Signal and Management services Connections to remote peers are not established here. However, they will be established once an event with a list of peers to connect to will be received from Management Service
type EngineConfig ¶
type EngineConfig struct {
WgPort int
WgIfaceName string
// WgAddr is a Wireguard local address (Isecway Network IP)
WgAddr string
// WgPrivateKey is a Wireguard private key of our peer (it MUST never leave the machine)
WgPrivateKey wgtypes.Key
// IFaceBlackList is a list of network interfaces to ignore when discovering connection candidates (ICE related)
IFaceBlackList []string
// UDPMuxPort default value 0 - the system will pick an available port
UDPMuxPort int
// UDPMuxSrflxPort default value 0 - the system will pick an available port
UDPMuxSrflxPort int
// SSHKey is a private SSH key in a PEM format
SSHKey []byte
}
EngineConfig is a config for the Engine
type HTTPClient ¶
HTTPClient http client interface for API calls
type Hosted ¶
type Hosted struct {
// Hosted API Audience for validation
Audience string
// Hosted Native application client id
ClientID string
// TokenEndpoint to request access token
TokenEndpoint string
// DeviceAuthEndpoint to request device authorization code
DeviceAuthEndpoint string
HTTPClient HTTPClient
}
Hosted client
func NewHostedDeviceFlow ¶
func NewHostedDeviceFlow(audience string, clientID string, tokenEndpoint string, deviceAuthEndpoint string) *Hosted
NewHostedDeviceFlow returns an Hosted OAuth client
func (*Hosted) GetClientID ¶
GetClientID returns the provider client id
func (*Hosted) RequestDeviceCode ¶
func (h *Hosted) RequestDeviceCode(ctx context.Context) (DeviceAuthInfo, error)
RequestDeviceCode requests a device code login flow information from Hosted
type OAuthClient ¶
type OAuthClient interface {
RequestDeviceCode(ctx context.Context) (DeviceAuthInfo, error)
WaitToken(ctx context.Context, info DeviceAuthInfo) (TokenInfo, error)
GetClientID(ctx context.Context) string
}
OAuthClient is a OAuth client interface for various idp providers
type ProviderConfig ¶
type ProviderConfig struct {
// ClientID An IDP application client id
ClientID string
// ClientSecret An IDP application client secret
ClientSecret string
// Domain An IDP API domain
// Deprecated. Use OIDCConfigEndpoint instead
Domain string
// Audience An Audience for to authorization validation
Audience string
// TokenEndpoint is the endpoint of an IDP manager where clients can obtain access token
TokenEndpoint string
// DeviceAuthEndpoint is the endpoint of an IDP manager where clients can obtain device authorization code
DeviceAuthEndpoint string
}
ProviderConfig has all attributes needed to initiate a device authorization flow
type RequestDeviceCodePayload ¶
type RequestDeviceCodePayload struct {
Audience string `json:"audience"`
ClientID string `json:"client_id"`
}
RequestDeviceCodePayload used for request device code payload for auth0
type StatusType ¶
type StatusType string
const ( StatusIdle StatusType = "Idle" StatusConnecting StatusType = "Connecting" StatusConnected StatusType = "Connected" StatusNeedsLogin StatusType = "NeedsLogin" StatusLoginFailed StatusType = "LoginFailed" )
type TokenInfo ¶
type TokenInfo struct {
AccessToken string `json:"access_token"`
RefreshToken string `json:"refresh_token"`
IDToken string `json:"id_token"`
TokenType string `json:"token_type"`
ExpiresIn int `json:"expires_in"`
}
TokenInfo holds information of issued access token
type TokenRequestPayload ¶
type TokenRequestPayload struct {
GrantType string `json:"grant_type"`
DeviceCode string `json:"device_code,omitempty"`
ClientID string `json:"client_id"`
RefreshToken string `json:"refresh_token,omitempty"`
}
TokenRequestPayload used for requesting the auth0 token
type TokenRequestResponse ¶
type TokenRequestResponse struct {
Error string `json:"error"`
ErrorDescription string `json:"error_description"`
TokenInfo
}
TokenRequestResponse used for parsing Hosted token's response
Source Files
Directories