authn

package
v0.0.0-...-edb06f6 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 27, 2023 License: Apache-2.0, Apache-2.0 Imports: 23 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var NoMatch = errors.New("did not match any rule")

Functions

func Asset 

func Asset(name string) ([]byte, error)

Asset loads and returns the asset for the given name. It returns an error if the asset could not be found or could not be loaded.

func AssetDir 

func AssetDir(name string) ([]string, error)

AssetDir returns the file names below a certain directory embedded in the file by go-bindata. For example if you run go-bindata on data/... and data contains the following hierarchy: 

data/
  foo.txt
  img/
    a.png
    b.png

then AssetDir("data") would return []string{"foo.txt", "img"} AssetDir("data/img") would return []string{"a.png", "b.png"} AssetDir("foo.txt") and AssetDir("notexist") would return an error AssetDir("") will return []string{"data"}.

func AssetInfo 

func AssetInfo(name string) (os.FileInfo, error)

AssetInfo loads and returns the asset info for the given name. It returns an error if the asset could not be found or could not be loaded.

func AssetNames 

func AssetNames() []string

AssetNames returns the names of the assets.

func MustAsset 

func MustAsset(name string) []byte

MustAsset is like Asset but panics when Asset would return an error. It simplifies safe initialization of global variables.

func NewStaticUserAuth 

func NewStaticUserAuth(users map[string]*Requirements) *staticUsersAuth

func RestoreAsset 

func RestoreAsset(dir, name string) error

RestoreAsset restores an asset under the given directory

func RestoreAssets 

func RestoreAssets(dir, name string) error

RestoreAssets restores an asset under the given directory recursively

Types

type Authenticator 

type Authenticator interface {
	// Given a user name and a password (plain text), responds with the result or an error.
	// Error should only be reported if request could not be serviced, not if it should be denied.
	// A special NoMatch error is returned if the authorizer could not reach a decision,
	// e.g. none of the rules matched.
	// Implementations must be goroutine-safe.
	Authenticate(user string, password PasswordString) (bool, error)

	// Finalize resources in preparation for shutdown.
	// When this call is made there are guaranteed to be no Authenticate requests in flight
	// and there will be no more calls made to this instance.
	Stop()

	// Human-readable name of the authenticator.
	Name() string
}

Authentication plugin interface.

type CodeToTokenResponse 

type CodeToTokenResponse struct {
	IDToken      string `json:"id_token,omitempty"`
	AccessToken  string `json:"access_token,omitempty"`
	RefreshToken string `json:"refresh_token,omitempty"`
	ExpiresIn    int64  `json:"expires_in,omitempty"`
	TokenType    string `json:"token_type,omitempty"`

	// Returned in case of error.
	Error            string `json:"error,omitempty"`
	ErrorDescription string `json:"error_description,omitempty"`
}

CodeToTokenResponse is sent by Google servers in response to the grant_type=authorization_code request.

type D2hubAuth 

type D2hubAuth struct {
	// contains filtered or unexported fields
}

func NewD2hubAuth 

func NewD2hubAuth(c *D2hubAuthConfig) (*D2hubAuth, error)

func (*D2hubAuth) Authenticate 

func (da *D2hubAuth) Authenticate(user string, password PasswordString) (bool, error)

func (*D2hubAuth) Name 

func (da *D2hubAuth) Name() string

func (*D2hubAuth) Stop 

func (da *D2hubAuth) Stop()

type D2hubAuthConfig 

type D2hubAuthConfig struct {
	D2HubURL string `yaml:"d2hub_url"`
}

type GoogleAuth 

type GoogleAuth struct {
	// contains filtered or unexported fields
}

func NewGoogleAuth 

func NewGoogleAuth(c *GoogleAuthConfig) (*GoogleAuth, error)

func (*GoogleAuth) Authenticate 

func (ga *GoogleAuth) Authenticate(user string, password PasswordString) (bool, error)

func (*GoogleAuth) DoGoogleAuth 

func (ga *GoogleAuth) DoGoogleAuth(rw http.ResponseWriter, req *http.Request)

func (*GoogleAuth) Name 

func (ga *GoogleAuth) Name() string

func (*GoogleAuth) Stop 

func (ga *GoogleAuth) Stop()

type GoogleAuthConfig 

type GoogleAuthConfig struct {
	Domain           string `yaml:"domain,omitempty"`
	ClientId         string `yaml:"client_id,omitempty"`
	ClientSecret     string `yaml:"client_secret,omitempty"`
	ClientSecretFile string `yaml:"client_secret_file,omitempty"`
	TokenDB          string `yaml:"token_db,omitempty"`
	HTTPTimeout      int    `yaml:"http_timeout,omitempty"`
}

type GoogleAuthRequest 

type GoogleAuthRequest struct {
	Action string `json:"action,omitempty"`
	Code   string `json:"code,omitempty"`
	Token  string `json:"token,omitempty"`
}

type GoogleTokenInfo 

type GoogleTokenInfo struct {
	// AccessType: The access type granted with this token. It can be
	// offline or online.
	AccessType string `json:"access_type,omitempty"`

	// Audience: Who is the intended audience for this token. In general the
	// same as issued_to.
	Audience string `json:"audience,omitempty"`

	// Email: The email address of the user. Present only if the email scope
	// is present in the request.
	Email string `json:"email,omitempty"`

	// ExpiresIn: The expiry time of the token, as number of seconds left
	// until expiry.
	ExpiresIn int64 `json:"expires_in,omitempty"`

	// IssuedTo: To whom was the token issued to. In general the same as
	// audience.
	IssuedTo string `json:"issued_to,omitempty"`

	// Scope: The space separated list of scopes granted to this token.
	Scope string `json:"scope,omitempty"`

	// TokenHandle: The token handle associated with this token.
	TokenHandle string `json:"token_handle,omitempty"`

	// UserId: The obfuscated user id.
	UserId string `json:"user_id,omitempty"`

	// VerifiedEmail: Boolean flag which is true if the email address is
	// verified. Present only if the email scope is present in the request.
	VerifiedEmail bool `json:"verified_email,omitempty"`

	// Returned in case of error.
	Error            string `json:"error,omitempty"`
	ErrorDescription string `json:"error_description,omitempty"`
}

From github.com/google-api-go-client/oauth2/v2/oauth2-gen.go

type LDAPAuth 

type LDAPAuth struct {
	// contains filtered or unexported fields
}

func NewLDAPAuth 

func NewLDAPAuth(c *LDAPAuthConfig) (*LDAPAuth, error)

func (*LDAPAuth) Authenticate 

func (la *LDAPAuth) Authenticate(account string, password PasswordString) (bool, error)

How to authenticate user, please refer to https://github.com/go-ldap/ldap/blob/master/example_test.go#L166

func (*LDAPAuth) Name 

func (la *LDAPAuth) Name() string

func (*LDAPAuth) Stop 

func (la *LDAPAuth) Stop()

type LDAPAuthConfig 

type LDAPAuthConfig struct {
	Addr                  string `yaml:"addr,omitempty"`
	TLS                   string `yaml:"tls,omitempty"`
	InsecureTLSSkipVerify bool   `yaml:"insecure_tls_skip_verify,omitempty"`
	Base                  string `yaml:"base,omitempty"`
	Filter                string `yaml:"filter,omitempty"`
	BindDN                string `yaml:"bind_dn,omitempty"`
	BindPasswordFile      string `yaml:"bind_password_file,omitempty"`
	GroupBaseDN           string `yaml:"group_base_dn,omitempty"`
	GroupFilter           string `yaml:"group_filter,omitempty"`
}

type MongoAuth 

type MongoAuth struct {
	Collection string `yaml:"collection,omitempty"`
	// contains filtered or unexported fields
}

func NewMongoAuth 

func NewMongoAuth(c *MongoAuthConfig) (*MongoAuth, error)

func (*MongoAuth) Authenticate 

func (mauth *MongoAuth) Authenticate(account string, password PasswordString) (bool, error)

func (*MongoAuth) Name 

func (ga *MongoAuth) Name() string

func (*MongoAuth) Stop 

func (ma *MongoAuth) Stop()

type MongoAuthConfig 

type MongoAuthConfig struct {
	MongoConfig *mgo_session.Config `yaml:"dial_info,omitempty"`
	Collection  string              `yaml:"collection,omitempty"`
}

func (*MongoAuthConfig) Validate 

func (c *MongoAuthConfig) Validate(configKey string) error

Validate ensures that any custom config options in a Config are set correctly.

type PasswordString 

type PasswordString string

func (PasswordString) String 

func (ps PasswordString) String() string

type ProfileResponse 

type ProfileResponse struct {
	Email         string `json:"email,omitempty"`
	VerifiedEmail bool   `json:"verified_email,omitempty"`
}

ProfileResponse is sent by the /userinfo/v2/me endpoint. We use it to validate access token and (re)verify the email address associated with it.

type RefreshTokenResponse 

type RefreshTokenResponse struct {
	AccessToken string `json:"access_token,omitempty"`
	ExpiresIn   int64  `json:"expires_in,omitempty"`
	TokenType   string `json:"token_type,omitempty"`

	// Returned in case of error.
	Error            string `json:"error,omitempty"`
	ErrorDescription string `json:"error_description,omitempty"`
}

CodeToTokenResponse is sent by Google servers in response to the grant_type=refresh_token request.

type Requirements 

type Requirements struct {
	Password *PasswordString `yaml:"password,omitempty" json:"password,omitempty"`
}

func (Requirements) String 

func (r Requirements) String() string

type TokenDBValue 

type TokenDBValue struct {
	TokenType    string    `json:"token_type,omitempty"` // Usually "Bearer"
	AccessToken  string    `json:"access_token,omitempty"`
	RefreshToken string    `json:"refresh_token,omitempty"`
	ValidUntil   time.Time `json:"valid_until,omitempty"`
	// DockerPassword is the temporary password we use to authenticate Docker users.
	// Gneerated at the time of token creation, stored here as a BCrypt hash.
	DockerPassword string `json:"docker_password,omitempty"`
}

TokenDBValue is stored in the database, JSON-serialized.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.