Documentation ¶
Index ¶
- Variables
- func Asset(name string) ([]byte, error)
- func AssetDir(name string) ([]string, error)
- func AssetInfo(name string) (os.FileInfo, error)
- func AssetNames() []string
- func MustAsset(name string) []byte
- func NewStaticUserAuth(users map[string]*Requirements) *staticUsersAuth
- func RestoreAsset(dir, name string) error
- func RestoreAssets(dir, name string) error
- type Authenticator
- type CodeToTokenResponse
- type D2hubAuth
- type D2hubAuthConfig
- type GoogleAuth
- type GoogleAuthConfig
- type GoogleAuthRequest
- type GoogleTokenInfo
- type LDAPAuth
- type LDAPAuthConfig
- type MongoAuth
- type MongoAuthConfig
- type PasswordString
- type ProfileResponse
- type RefreshTokenResponse
- type Requirements
- type TokenDBValue
Constants ¶
This section is empty.
Variables ¶
var NoMatch = errors.New("did not match any rule")
Functions ¶
func Asset ¶
Asset loads and returns the asset for the given name. It returns an error if the asset could not be found or could not be loaded.
func AssetDir ¶
AssetDir returns the file names below a certain directory embedded in the file by go-bindata. For example if you run go-bindata on data/... and data contains the following hierarchy:
data/ foo.txt img/ a.png b.png
then AssetDir("data") would return []string{"foo.txt", "img"} AssetDir("data/img") would return []string{"a.png", "b.png"} AssetDir("foo.txt") and AssetDir("notexist") would return an error AssetDir("") will return []string{"data"}.
func AssetInfo ¶
AssetInfo loads and returns the asset info for the given name. It returns an error if the asset could not be found or could not be loaded.
func MustAsset ¶
MustAsset is like Asset but panics when Asset would return an error. It simplifies safe initialization of global variables.
func NewStaticUserAuth ¶
func NewStaticUserAuth(users map[string]*Requirements) *staticUsersAuth
func RestoreAsset ¶
RestoreAsset restores an asset under the given directory
func RestoreAssets ¶
RestoreAssets restores an asset under the given directory recursively
Types ¶
type Authenticator ¶
type Authenticator interface { // Given a user name and a password (plain text), responds with the result or an error. // Error should only be reported if request could not be serviced, not if it should be denied. // A special NoMatch error is returned if the authorizer could not reach a decision, // e.g. none of the rules matched. // Implementations must be goroutine-safe. Authenticate(user string, password PasswordString) (bool, error) // Finalize resources in preparation for shutdown. // When this call is made there are guaranteed to be no Authenticate requests in flight // and there will be no more calls made to this instance. Stop() // Human-readable name of the authenticator. Name() string }
Authentication plugin interface.
type CodeToTokenResponse ¶
type CodeToTokenResponse struct { IDToken string `json:"id_token,omitempty"` AccessToken string `json:"access_token,omitempty"` RefreshToken string `json:"refresh_token,omitempty"` ExpiresIn int64 `json:"expires_in,omitempty"` TokenType string `json:"token_type,omitempty"` // Returned in case of error. Error string `json:"error,omitempty"` ErrorDescription string `json:"error_description,omitempty"` }
CodeToTokenResponse is sent by Google servers in response to the grant_type=authorization_code request.
type D2hubAuth ¶
type D2hubAuth struct {
// contains filtered or unexported fields
}
func NewD2hubAuth ¶
func NewD2hubAuth(c *D2hubAuthConfig) (*D2hubAuth, error)
func (*D2hubAuth) Authenticate ¶
func (da *D2hubAuth) Authenticate(user string, password PasswordString) (bool, error)
type D2hubAuthConfig ¶
type D2hubAuthConfig struct {
D2HubURL string `yaml:"d2hub_url"`
}
type GoogleAuth ¶
type GoogleAuth struct {
// contains filtered or unexported fields
}
func NewGoogleAuth ¶
func NewGoogleAuth(c *GoogleAuthConfig) (*GoogleAuth, error)
func (*GoogleAuth) Authenticate ¶
func (ga *GoogleAuth) Authenticate(user string, password PasswordString) (bool, error)
func (*GoogleAuth) DoGoogleAuth ¶
func (ga *GoogleAuth) DoGoogleAuth(rw http.ResponseWriter, req *http.Request)
func (*GoogleAuth) Name ¶
func (ga *GoogleAuth) Name() string
func (*GoogleAuth) Stop ¶
func (ga *GoogleAuth) Stop()
type GoogleAuthConfig ¶
type GoogleAuthConfig struct { Domain string `yaml:"domain,omitempty"` ClientId string `yaml:"client_id,omitempty"` ClientSecret string `yaml:"client_secret,omitempty"` ClientSecretFile string `yaml:"client_secret_file,omitempty"` TokenDB string `yaml:"token_db,omitempty"` HTTPTimeout int `yaml:"http_timeout,omitempty"` }
type GoogleAuthRequest ¶
type GoogleTokenInfo ¶
type GoogleTokenInfo struct { // AccessType: The access type granted with this token. It can be // offline or online. AccessType string `json:"access_type,omitempty"` // Audience: Who is the intended audience for this token. In general the // same as issued_to. Audience string `json:"audience,omitempty"` // Email: The email address of the user. Present only if the email scope // is present in the request. Email string `json:"email,omitempty"` // ExpiresIn: The expiry time of the token, as number of seconds left // until expiry. ExpiresIn int64 `json:"expires_in,omitempty"` // IssuedTo: To whom was the token issued to. In general the same as // audience. IssuedTo string `json:"issued_to,omitempty"` // Scope: The space separated list of scopes granted to this token. Scope string `json:"scope,omitempty"` // TokenHandle: The token handle associated with this token. TokenHandle string `json:"token_handle,omitempty"` // UserId: The obfuscated user id. UserId string `json:"user_id,omitempty"` // VerifiedEmail: Boolean flag which is true if the email address is // verified. Present only if the email scope is present in the request. VerifiedEmail bool `json:"verified_email,omitempty"` // Returned in case of error. Error string `json:"error,omitempty"` ErrorDescription string `json:"error_description,omitempty"` }
From github.com/google-api-go-client/oauth2/v2/oauth2-gen.go
type LDAPAuth ¶
type LDAPAuth struct {
// contains filtered or unexported fields
}
func NewLDAPAuth ¶
func NewLDAPAuth(c *LDAPAuthConfig) (*LDAPAuth, error)
func (*LDAPAuth) Authenticate ¶
func (la *LDAPAuth) Authenticate(account string, password PasswordString) (bool, error)
How to authenticate user, please refer to https://github.com/go-ldap/ldap/blob/master/example_test.go#L166
type LDAPAuthConfig ¶
type LDAPAuthConfig struct { Addr string `yaml:"addr,omitempty"` TLS string `yaml:"tls,omitempty"` InsecureTLSSkipVerify bool `yaml:"insecure_tls_skip_verify,omitempty"` Base string `yaml:"base,omitempty"` Filter string `yaml:"filter,omitempty"` BindDN string `yaml:"bind_dn,omitempty"` BindPasswordFile string `yaml:"bind_password_file,omitempty"` GroupBaseDN string `yaml:"group_base_dn,omitempty"` GroupFilter string `yaml:"group_filter,omitempty"` }
type MongoAuth ¶
type MongoAuth struct { Collection string `yaml:"collection,omitempty"` // contains filtered or unexported fields }
func NewMongoAuth ¶
func NewMongoAuth(c *MongoAuthConfig) (*MongoAuth, error)
func (*MongoAuth) Authenticate ¶
func (mauth *MongoAuth) Authenticate(account string, password PasswordString) (bool, error)
type MongoAuthConfig ¶
type MongoAuthConfig struct { MongoConfig *mgo_session.Config `yaml:"dial_info,omitempty"` Collection string `yaml:"collection,omitempty"` }
func (*MongoAuthConfig) Validate ¶
func (c *MongoAuthConfig) Validate(configKey string) error
Validate ensures that any custom config options in a Config are set correctly.
type PasswordString ¶
type PasswordString string
func (PasswordString) String ¶
func (ps PasswordString) String() string
type ProfileResponse ¶
type ProfileResponse struct { Email string `json:"email,omitempty"` VerifiedEmail bool `json:"verified_email,omitempty"` }
ProfileResponse is sent by the /userinfo/v2/me endpoint. We use it to validate access token and (re)verify the email address associated with it.
type RefreshTokenResponse ¶
type RefreshTokenResponse struct { AccessToken string `json:"access_token,omitempty"` ExpiresIn int64 `json:"expires_in,omitempty"` TokenType string `json:"token_type,omitempty"` // Returned in case of error. Error string `json:"error,omitempty"` ErrorDescription string `json:"error_description,omitempty"` }
CodeToTokenResponse is sent by Google servers in response to the grant_type=refresh_token request.
type Requirements ¶
type Requirements struct {
Password *PasswordString `yaml:"password,omitempty" json:"password,omitempty"`
}
func (Requirements) String ¶
func (r Requirements) String() string
type TokenDBValue ¶
type TokenDBValue struct { TokenType string `json:"token_type,omitempty"` // Usually "Bearer" AccessToken string `json:"access_token,omitempty"` RefreshToken string `json:"refresh_token,omitempty"` ValidUntil time.Time `json:"valid_until,omitempty"` // DockerPassword is the temporary password we use to authenticate Docker users. // Gneerated at the time of token creation, stored here as a BCrypt hash. DockerPassword string `json:"docker_password,omitempty"` }
TokenDBValue is stored in the database, JSON-serialized.