Documentation ¶
Index ¶
- Constants
- func IsToken(val string) bool
- func IsToken68(val string) bool
- func IsTokenRune(r rune) bool
- func ValidateBearerChallenge(w *WWWAuthenticateError) error
- func ValidateFormattableAsQuotedPair(val string) error
- func WriteQuotedPair(sb *strings.Builder, val string) error
- type Authorizer
- type BearerTokenAuthorizer
- type Challenge
- type Param
- type Range
- type WWWAuthenticateError
Constants ¶
const ( // HeaderNameAuthorization is the name of the Authorization header HeaderNameAuthorization = "Authorization" // HeaderNameWWWAuthenticate is the name of the WWW-Authenticate header HeaderNameWWWAuthenticate = "WWW-Authenticate" )
const (
AuthenticationSchemeBasic = "Basic"
)
const (
// AuthenticationSchemeBearer is the Bearer authentication scheme as defined by https://tools.ietf.org/html/rfc6750.
AuthenticationSchemeBearer = "Bearer"
)
Variables ¶
This section is empty.
Functions ¶
func IsToken ¶
IsToken returns true if and only if val is a valid token as per https://tools.ietf.org/html/rfc7230.
func IsTokenRune ¶
IsTokenRune returns true if and only if r can be part of a sequence of characters that is a valid token as per https://tools.ietf.org/html/rfc7230.
func ValidateBearerChallenge ¶
func ValidateBearerChallenge(w *WWWAuthenticateError) error
ValidateBearerChallenge validates a challenge as per https://tools.ietf.org/html/rfc6750.
func ValidateFormattableAsQuotedPair ¶
ValidateFormattableAsQuotedPair returns nil iff val can be formatted as a quoted pair (as defined in https://tools.ietf.org/html/rfc7230) that parses into val.
func WriteQuotedPair ¶
WriteQuotedPair writes a quoted-pair production as defined in https://tools.ietf.org/html/rfc7230 that parses into val to sb.
Types ¶
type Authorizer ¶
type Authorizer interface { // data is nil if and only if a response has been written to w. // If data is nil then typically the response has status code 401, 403 or 407. // data is an unspecified representation of permissions associated with the request. Authorize(w http.ResponseWriter, req *http.Request) (data interface{}) }
Authorizer is a service that authorizes requests.
func NewBearerAuthorizer ¶
func NewBearerAuthorizer(realm string, bearerTokenAuthorizer BearerTokenAuthorizer) (Authorizer, error)
NewBearerAuthorizer is an Authorizer for the Bearer authentication scheme defined in https://tools.ietf.org/html/rfc6750 and defines the authorization of a single realm (https://tools.ietf.org/html/rfc2617). See also BearerTokenAuthorizer. The returned Authorizer will set the WWW-Authenticate response header if bearerTokenAuthorizer returns an error that is a valid *WWWAuthenticateError. Otherwise, an Internal Server Error is written.
type BearerTokenAuthorizer ¶
type BearerTokenAuthorizer = func(ctx context.Context, bearerToken string) (data interface{}, err error)
BearerTokenAuthorizer is a function that authorizes a token. If err is nil then data must not be nil. Most use-cases where a failed authentication is successfully computed should return an error returned from ErrorInvalidBearerToken. data is an unspecified representation of permissions. See also NewBearerAuthorizer.
type Challenge ¶
Challenge is part of a WWWAuthenticate error. See NewWWWAuthenticateError.
type Range ¶
type Range struct { // FirstBytePos is -1 if a suffix-byte-range-spec is represented. // Otherwise, FirstBytePos is the offset of the first byte in the range. FirstBytePos int64 // LastBytePos has two interpretations, depending on the value of FirstBytePos. // If FirstBytePos >= 0 then // If LastBytePos is -1 then the range includes all bytes with offset >= FirstBytePos. // Otherwise, if LastBytePos >= 0, LastBytePos is the offset of the last byte in the range (inclusive). // Otherwise, if FirstBytePos < 0 then // The range includes only the last -LastBytePos (note that LastBytePos is negative) bytes of the // requested resource. LastBytePos int64 }
Range represents an RFC7233 (suffix) byte range spec. See https://tools.ietf.org/html/rfc7233#page-7
type WWWAuthenticateError ¶
type WWWAuthenticateError struct {
// contains filtered or unexported fields
}
WWWAuthenticateError is an error used to control WWW-Authenticate response headers.
func ErrorInvalidBearerToken ¶
func ErrorInvalidBearerToken(error string) *WWWAuthenticateError
ErrorInvalidBearerToken is convenient wrapper around NewWWWAuthenticateError. Where NewWWWAuthenticateError returns an error on RFC violations, this function strips invalid characters from strings and as such never violates RFC.
func NewWWWAuthenticateError ¶
func NewWWWAuthenticateError(error string, challenges []*Challenge) (w *WWWAuthenticateError, err error)
NewWWWAuthenticateError returns an error that can be used to control WWW-Authenticate response headers. challenges must not be modified after being supplied to this function. Most developers will want to use ErrorInvalidBearerToken instead of this function.
func (*WWWAuthenticateError) Error ¶
func (w *WWWAuthenticateError) Error() string
func (*WWWAuthenticateError) HeaderValue ¶
func (w *WWWAuthenticateError) HeaderValue(defaultRealm string) (string, error)
HeaderValue formts the challenges represented by w into a single header value. If a challenge does not have a realm then a realm is added and set to defaultRealm (even if defaultRealm is an empty string).