services

package
v1.0.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 28, 2022 License: MIT Imports: 16 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func ValidateConfig 

func ValidateConfig(cfg *models.Config) error

ValidateConfig validates a parsed Config struct against following constraints:

- Both claim policies and route policies must not be nil. Empty map/slices are allowed.

- All ClaimRequirement instances must have a claim named.

- All RoutePolicy instances must have a path configured.

- If a RoutePolicy is flagged with AllowAnonymous, it cannot name any claim policies

- If a RoutePolicy has a claim policy named, that claim policy should be defined in the ClaimPolicies section.

Types

type Authenticator 

type Authenticator interface {
	Authenticate(authHeader string) (claims map[string]any, err error)
}

Authenticator interface

type AuthenticatorImpl 

type AuthenticatorImpl struct {
	// contains filtered or unexported fields
}

AuthenticatorImpl is a JWT based authentication implementation

func NewAuthenticator 

func NewAuthenticator(
	signingKey []byte,
	signingAlgorithm string,
	config models.AuthenticationConfig) (*AuthenticatorImpl, error)

NewAuthenticator creates a new AuthenticatorImpl instance

func (AuthenticatorImpl) Authenticate 

func (a AuthenticatorImpl) Authenticate(authHeader string) (map[string]any, error)

Authenticate implements Bearer token authentication

type Authorizer 

type Authorizer interface {
	Authorize(policyNames []string, claims map[string]any) (failedPolicy string, err error)
	IsAnonymousAllowed(matchedPolicies []models.RoutePolicy, method string) bool
}

Authorizer is the claims-based authorization interface

type AuthorizerImpl 

type AuthorizerImpl struct {
	// contains filtered or unexported fields
}

AuthorizerImpl implements claims base authorization

func NewAuthorizer 

func NewAuthorizer(claimPolicies map[string][]models.ClaimRequirement) *AuthorizerImpl

NewAuthorizer creates a new AuthorizerImpl instance

func (AuthorizerImpl) Authorize 

func (a AuthorizerImpl) Authorize(policyNames []string, claims map[string]any) (failedClaim string, err error)

Authorize checks claim values and returns the first failed claim

func (AuthorizerImpl) IsAnonymousAllowed 

func (a AuthorizerImpl) IsAnonymousAllowed(matchedPolicies []models.RoutePolicy, method string) bool

IsAnonymousAllowed allows anonymous requests if the most specific route that matches the request has AllowAnonymous set to true.

This function expects the matchedPolicies to be sorted by decreasing path length and wildcard specificity.

If more than one route with the same path and wildcard specifity matches the request, first one that also matches the method decides if allowed anonymously.

If no route policy is matched to the request, the default behavior is to authenticate.

type ConfigParser 

type ConfigParser interface {
	ParseConfig(reader io.Reader) (*models.Config, error)
}

ConfigParser is the config parsing interface

type RouteMatcher 

type RouteMatcher interface {
	MatchRoutePolicies(path string, method string) ([]models.RoutePolicy, error)
}

RouteMatcher matches given path and method to configured route policies

type RouteMatcherImpl 

type RouteMatcherImpl struct {
	// contains filtered or unexported fields
}

RouteMatcherImpl implements glob-based route matching

func NewRouteMatcher 

func NewRouteMatcher(routePolicies []models.RoutePolicy) *RouteMatcherImpl

NewRouteMatcher creates a new RouteMatcherImpl instance

func (RouteMatcherImpl) MatchRoutePolicies 

func (g RouteMatcherImpl) MatchRoutePolicies(path string, method string) ([]models.RoutePolicy, error)

MatchRoutePolicies matches given the request path-method pair to configured routes Paths are matched using standard wildcard globs If no method is specified in the configuration, that route matches to all methods

type Server 

type Server struct {
	// contains filtered or unexported fields
}

Server struct holds references to necessary services

func NewServer 

func NewServer(
	upstream http.Handler,
	routeMatcher RouteMatcher,
	authorizer Authorizer,
	authenticator Authenticator,
	config models.ServerConfig) *Server

NewServer checks if upstream is set to enable proxy behavior, then returns a new Server instance

func (Server) Handle 

func (s Server) Handle(writer http.ResponseWriter, request *http.Request)

Handle performs authentication and authorization challenges based on given configuration and forwards the request to the upstream server.

type YamlConfigParser 

type YamlConfigParser struct{}

YamlConfigParser is the YAML deserialization implementation of ConfigParser

func (YamlConfigParser) ParseConfig 

func (YamlConfigParser) ParseConfig(reader io.Reader) (*models.Config, error)

ParseConfig implements config parsing from YAML files

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.