authz

package
v0.0.0-...-e2863eb Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 22, 2024 License: Apache-2.0 Imports: 8 Imported by: 1

Documentation

Overview

Copyright 2023 Northern.tech AS 

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

    http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

Copyright 2023 Northern.tech AS 

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

    http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

Index

Constants

View Source 
const (
	// token's key in request.Env
	ReqToken = "authz_token"
)

Variables

View Source 
var (
	ErrAuthzUnauthorized = errors.New("unauthorized")
	ErrAuthzNoAuth       = errors.New("authorization not present in header")
	ErrInvalidAuthHeader = errors.New("malformed Authorization header")
	ErrAuthzTokenInvalid = errors.New("invalid jwt")
)

Functions

func ExtractToken 

func ExtractToken(req *http.Request) (string, error)

extracts JWT from authorization header

func GetRequestToken 

func GetRequestToken(env map[string]interface{}) *jwt.Token

Types

type Action 

type Action struct {
	Resource string
	Method   string
}

Action combines info about the requested resourd + http method.

type Authorizer 

type Authorizer interface {
	// Authorize checks if the given user (identified by token) has permissions to an action on a
	// resource.
	// returns:
	// nil if authorization is granted
	// ErrAuthzUnauthorized otherwise
	// ErrAuthzTokenInvalid if can't parse token
	Authorize(ctx context.Context, token *jwt.Token, resource, action string) error
}

Authorizer defines the interface for checking the permissions of a given user(token) vs an action on a resource.

type AuthzMiddleware 

type AuthzMiddleware struct {
	Authz              Authorizer
	ResFunc            ResourceActionExtractor
	JWTHandlers        map[int]jwt.Handler
	JWTFallbackHandler jwt.Handler
}

AuthzMiddleware checks the authorization on a given request. It retrieves the token + requested resource and action, and delegates the authz check to an Authorizer.

func (*AuthzMiddleware) MiddlewareFunc 

func (mw *AuthzMiddleware) MiddlewareFunc(h rest.HandlerFunc) rest.HandlerFunc

MiddlewareFunc makes AuthzMiddleware implement the Middleware interface.

type ResourceActionExtractor 

type ResourceActionExtractor func(r *rest.Request) (*Action, error)

ResourceActionExtractor extracts Actions from requests.

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.