ssolib

package
v0.0.0-...-01681b2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 10, 2018 License: MIT Imports: 42 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	OPENID_SCOPE = "openid"
	ID_TOKEN     = "id_token"
)
View Source 
const (
	TOKEN_IDTOKEN osin.AuthorizeRequestType = "token id_token"
)

Variables

View Source 
var (
	ErrNotAdmin = errors.New("only user in app's admin role can modify the app's role tree.")
)

Functions

func CreateIDToken 

func CreateIDToken(issuer string, client_id string, sub string, userInfo *UserWithGroups, nonce string, access_token string, scopes []string) (string, error)

func HeartbeatToDB 

func HeartbeatToDB(ctx context.Context)

在某些网络环境下,如果 ssoserver 和 mysql 之间的长连接在 idle 一段时间后,此连接上发送的数据包会被丢弃,导致查询超时。 为避免这种情况的发生,可以定时查询数据库,以保持连接 live 。

func IsAuthorizeRequestTypeEqual 

func IsAuthorizeRequestTypeEqual(t1, t2 osin.AuthorizeRequestType) bool

func NewAuthenticateMiddleware 

func NewAuthenticateMiddleware() server.Middleware

func ValidateFullName 

func ValidateFullName(fullname string) error

func ValidateSlug 

func ValidateSlug(slug string, maxLen int) error

func ValidateURI 

func ValidateURI(uri string) error

func ValidateUserEmail 

func ValidateUserEmail(email string, ctx context.Context) error

Types

type AddHandles 

type AddHandles func(*Server)

添加一些与后端相关的 handler, 如用户注册相关等

type ApiError 

type ApiError struct {
	Message string      `json:"message"`
	Data    interface{} `json:"data"`
}

type App 

type App struct {
	Id          int    `json:"id"`
	FullName    string `json:"fullname"`
	Secret      string `json:"secret"`
	RedirectUri string `json:"redirect_uri"`
	AdminGroup  *Group `json:"admin_group"`
}

type AppResource 

type AppResource struct {
	server.BaseResource
}

func (AppResource) Get 

func (ar AppResource) Get(ctx context.Context, r *http.Request) (int, interface{})

only user in admin group of app can use this.

func (AppResource) Put 

func (ar AppResource) Put(ctx context.Context, r *http.Request) (int, interface{})

type AppRole 

type AppRole struct {
	AppId    int    `json:"app_id"`
	RoleName string `json:"role_name"`
	RoleId   int    `json:"role_id"`
}

type AppRoleResource 

type AppRoleResource struct {
	server.BaseResource
}

AppRole: can get roles of everyone related to the app, not only the app owner

func (AppRoleResource) Delete 

func (ar AppRoleResource) Delete(ctx context.Context, r *http.Request) (int, interface{})

func (AppRoleResource) Get 

func (ar AppRoleResource) Get(ctx context.Context, r *http.Request) (int, interface{})

func (AppRoleResource) Post 

func (ar AppRoleResource) Post(ctx context.Context, r *http.Request) (int, interface{})

type AppRolesOfUser 

type AppRolesOfUser struct {
	AppId       int        `json:"id"`
	AppFullName string     `json:"fullname"`
	Roles       []UserRole `json:"roles"`
}

type AppsResource 

type AppsResource struct {
	server.BaseResource
}

func (AppsResource) Get 

func (ar AppsResource) Get(ctx context.Context, r *http.Request) (int, interface{})

func (AppsResource) Post 

func (ar AppsResource) Post(ctx context.Context, r *http.Request) (int, interface{})

type AuthenticateWare 

type AuthenticateWare struct {
}

func (*AuthenticateWare) ServeHTTP 

func (aw *AuthenticateWare) ServeHTTP(ctx context.Context, w http.ResponseWriter, r *http.Request, next server.Handler) context.Context

type BackendGroup 

type BackendGroup struct {
	Group
	Backend iuser.GroupType `json:"backend"`
	Rules   string          `json:"rules"`
}

func (*BackendGroup) Validate 

func (bg *BackendGroup) Validate() error

type Group 

type Group struct {
	Name     string `json:"name"`
	FullName string `json:"fullname"`
}

func (*Group) Validate 

func (g *Group) Validate() error

type GroupMemberResource 

type GroupMemberResource struct {
	server.BaseResource
}

func (GroupMemberResource) Delete 

func (gmr GroupMemberResource) Delete(ctx context.Context, r *http.Request) (int, interface{})

func (GroupMemberResource) Put 

func (gmr GroupMemberResource) Put(ctx context.Context, r *http.Request) (int, interface{})

type GroupMemberRole 

type GroupMemberRole struct {
	Name     string `json:"name"`
	FullName string `json:"fullname"`
	Role     string `json:"role"`
}

type GroupResource 

type GroupResource struct {
	server.BaseResource
}

func (GroupResource) Delete 

func (gr GroupResource) Delete(ctx context.Context, r *http.Request) (int, interface{})

func (GroupResource) Get 

func (gr GroupResource) Get(ctx context.Context, r *http.Request) (int, interface{})

type GroupWithMembers 

type GroupWithMembers struct {
	Name         string            `json:"name"`
	FullName     string            `json:"fullname"`
	Members      []MemberRole      `json:"members"`
	GroupMembers []GroupMemberRole `json:"group_members"`
}

type GroupWithRole 

type GroupWithRole struct {
	Name     string `json:"name"`
	FullName string `json:"fullname"`
	Role     string `json:"role"`
}

type GroupsResource 

type GroupsResource struct {
	server.BaseResource
}

func (GroupsResource) Get 

func (gr GroupsResource) Get(ctx context.Context, r *http.Request) (int, interface{})

登录的用户得到自己所在的 groups 列表

func (GroupsResource) Post 

func (gr GroupsResource) Post(ctx context.Context, r *http.Request) (int, interface{})

type JWKs 

type JWKs struct {
	Keys []*gojwk.Key `json:"keys"`
}

type JWT 

type JWT struct {
	Header map[string]interface{}
	Claims map[string]interface{}
	Sig    string
	Token  string
}

func (*JWT) ClaimsJson 

func (jwt *JWT) ClaimsJson() []byte

func (*JWT) HeaderJson 

func (jwt *JWT) HeaderJson() []byte

func (*JWT) Init 

func (jwt *JWT) Init()

func (*JWT) Sign 

func (jwt *JWT) Sign() error

type MeResource 

type MeResource struct {
	server.BaseResource
}

func (MeResource) Get 

func (mr MeResource) Get(ctx context.Context, r *http.Request) (int, interface{})

type MemberResource 

type MemberResource struct {
	server.BaseResource
}

func (MemberResource) Delete 

func (mr MemberResource) Delete(ctx context.Context, r *http.Request) (int, interface{})

func (MemberResource) Get 

func (mr MemberResource) Get(ctx context.Context, r *http.Request) (int, interface{})

func (MemberResource) Put 

func (mr MemberResource) Put(ctx context.Context, r *http.Request) (int, interface{})

type MemberRole 

type MemberRole struct {
	Name string `json:"name"`
	Role string `json:"role"`
}

type Mock 

type Mock struct {
	Restore func()
}

for test only

func MockParams 

func MockParams(t *testing.T, pairs map[string]string) *Mock

for test only

func MockReverse 

func MockReverse(t *testing.T, url string) *Mock

for test only

type OIDC_Configuration 

type OIDC_Configuration struct {
	Issuer                string                      `json:"issuer"`
	AuthEnd               string                      `json:"authorization_endpoint"`
	TokenEnd              string                      `json:"token_endpoint"`
	UserInfoEnd           string                      `json:"userinfo_endpoint"`
	JwksUri               string                      `json:"jwks_uri"`
	ResponseTypeSupported []osin.AuthorizeRequestType `json:"response_types_supported"`
	ScopesSupported       []string                    `json:"scopes_supported"`
	ClaimsSupported       []string                    `json:"claims_supported"`
}

TODO 完整的 openid-configuration

type Resource 

type Resource struct {
	Id          int    `json:"id"`
	Name        string `json:"name"`
	Description string `json:"description"`
	Data        string `json:"data"`
}

type ResourceResource 

type ResourceResource struct {
	server.BaseResource
}

func (ResourceResource) Delete 

func (rr ResourceResource) Delete(ctx context.Context, r *http.Request) (int, interface{})

func (ResourceResource) Get 

func (rr ResourceResource) Get(ctx context.Context, r *http.Request) (int, interface{})

func (ResourceResource) Post 

func (rr ResourceResource) Post(ctx context.Context, r *http.Request) (int, interface{})

type Resources 

type Resources struct {
	Resources []Resource `json:"resources"`
}

type ResourcesResource 

type ResourcesResource struct {
	server.BaseResource
}

func (ResourcesResource) Get 

func (rsr ResourcesResource) Get(ctx context.Context, r *http.Request) (int, interface{})

func (ResourcesResource) Post 

func (rsr ResourcesResource) Post(ctx context.Context, r *http.Request) (int, interface{})

type Role 

type Role struct {
	RoleId int    `json:"id"`
	Type   string `json:"type"`
	Name   string `json:"name"`
	Parent int    `json:"parent_id"`
}

type RoleMember 

type RoleMember struct {
	UserName   string `json:"user"`
	MemberType string `json:"type"`
}

type RoleMemberResource 

type RoleMemberResource struct {
	server.BaseResource
}

func (RoleMemberResource) Delete 

func (rmr RoleMemberResource) Delete(ctx context.Context, r *http.Request) (int, interface{})

func (RoleMemberResource) Put 

func (rmr RoleMemberResource) Put(ctx context.Context, r *http.Request) (int, interface{})

add member to role

type RoleMemberType 

type RoleMemberType struct {
	MemberType string `json:"type"`
}

type RoleMembers 

type RoleMembers struct {
	role.Role
	Type    string       `json:"type"`
	Members []RoleMember `json:"members"`
}

type RoleMembersReq 

type RoleMembersReq struct {
	RoleId     int
	Action     string
	MemberList []RoleMember `json:"members"`
}

type RoleModifyReq 

type RoleModifyReq struct {
	Name   string `json:"name"`
	Desc   string `json:"description"`
	Parent int    `json:"parent_id"`
}

type RoleReq 

type RoleReq struct {
	AppId  int    `json:"app_id"`
	Name   string `json:"name"`
	Desc   string `json:"description"`
	Parent int    `json:"parent_id"`
}

type RoleResource 

type RoleResource struct {
	server.BaseResource
}

func (RoleResource) Delete 

func (rr RoleResource) Delete(ctx context.Context, r *http.Request) (int, interface{})

func (RoleResource) Post 

func (rr RoleResource) Post(ctx context.Context, r *http.Request) (int, interface{})

type RoleResourceReq 

type RoleResourceReq struct {
	Action    string
	Resources []int `json:"resource_list"`
}

type RoleResourceResource 

type RoleResourceResource struct {
	server.BaseResource
}

func (RoleResourceResource) Post 

func (rrr RoleResourceResource) Post(ctx context.Context, r *http.Request) (int, interface{})

type RolesResource 

type RolesResource struct {
	server.BaseResource
}

func (RolesResource) Get 

func (rsr RolesResource) Get(ctx context.Context, r *http.Request) (int, interface{})

func (RolesResource) Post 

func (rsr RolesResource) Post(ctx context.Context, r *http.Request) (int, interface{})

type Server 

type Server struct {
	*server.Server
	// contains filtered or unexported fields
}

func NewServer 

func NewServer(
	mysqlDSN, siteURL, smtpAddr, emailFrom, emailFromPassword, emailSuffix string,
	emailTLS, isDebug bool, prikeyfile string, pubkeyfile string, sentryDSN string, queryUser bool) *Server

func (*Server) AuthorizationEndpoint 

func (s *Server) AuthorizationEndpoint(ctx context.Context, w http.ResponseWriter, r *http.Request) context.Context

func (*Server) BatchUsers 

func (s *Server) BatchUsers(ctx context.Context, w http.ResponseWriter, r *http.Request) context.Context

Batch return users' profiles and groups(optional)

func (*Server) Home 

func (s *Server) Home(ctx context.Context, w http.ResponseWriter, r *http.Request) context.Context

func (*Server) Jwks_uriEndpoint 

func (s *Server) Jwks_uriEndpoint(ctx context.Context, w http.ResponseWriter, r *http.Request) context.Context

func (*Server) ListenAndServe 

func (s *Server) ListenAndServe(addr string, addHandlers AddHandles) error

func (*Server) NewOidcConfig 

func (s *Server) NewOidcConfig(ctx context.Context) *OIDC_Configuration

func (*Server) OidcConfig 

func (s *Server) OidcConfig(ctx context.Context, w http.ResponseWriter, r *http.Request) context.Context

func (*Server) PageApplication 

func (s *Server) PageApplication(ctx context.Context, w http.ResponseWriter, r *http.Request) context.Context

func (*Server) RoleMembers 

func (s *Server) RoleMembers(ctx context.Context, w http.ResponseWriter, r *http.Request) context.Context

func (*Server) SetUserBackend 

func (s *Server) SetUserBackend(ub iuser.UserBackend)

func (*Server) UserInfo 

func (s *Server) UserInfo(ctx context.Context, w http.ResponseWriter, r *http.Request) context.Context

func (*Server) UsersList 

func (s *Server) UsersList(ctx context.Context, w http.ResponseWriter, r *http.Request) context.Context

type TestHelper 

type TestHelper struct {
	T   *testing.T
	Ctx context.Context
}

func NewTestHelper 

func NewTestHelper(t *testing.T) *TestHelper

type TokenConfig 

type TokenConfig struct {
	Issuer     string
	CertFile   string
	KeyFile    string
	Expiration int64
	// contains filtered or unexported fields
}

type TokenEndpoint 

type TokenEndpoint struct {
	server.BaseResource
}

func (TokenEndpoint) Get 

func (te TokenEndpoint) Get(ctx context.Context, r *http.Request) (int, interface{})

func (TokenEndpoint) Post 

func (te TokenEndpoint) Post(ctx context.Context, r *http.Request) (int, interface{})

type UserResource 

type UserResource struct {
	server.BaseResource
}

func (UserResource) Delete 

func (ur UserResource) Delete(ctx context.Context, r *http.Request) (int, interface{})

func (UserResource) Get 

func (ur UserResource) Get(ctx context.Context, r *http.Request) (int, interface{})

this api will return both ldap groups and database groups, but if database=true, only database groups will be returned. in database, both ldap groups and database groups exist and ldap groups' backend=1, database groups' backend=0

type UserRole 

type UserRole struct {
	RoleName string `json:"name"`
	RoleId   int    `json:"id"`
	Type     string `json:"type"`
	Parent   int    `json:"parent_id"`
}

type UserRoles 

type UserRoles []UserRole

type UserWithGroups 

type UserWithGroups struct {
	User   iuser.UserProfile `json:"user,omitempty"`
	Groups []string          `json:"groups"`
}

func GetUserWithGroups 

func GetUserWithGroups(ctx context.Context, u iuser.User) *UserWithGroups

func (*UserWithGroups) MarshalJSON 

func (ug *UserWithGroups) MarshalJSON() ([]byte, error)

该函数必须是 *UserWithGroups, 否则会产生递归调用,即 绝对不可写成 func (ug UserWithGroups) MarshalJSON() ([]byte, error) {} 即想要调用也必须传入 *UserWithGroups

Source Files

View all Source files

Directories

Path Synopsis
app
group
iuser
oauth2
role
testbackend
testhelper

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.