Documentation ¶
Index ¶
- Variables
- func Decrypt(cipherText string, privateKey *rsa.PrivateKey) (string, error)
- func DumpPrivateKeyBase64(privatekey *rsa.PrivateKey) (string, error)
- func DumpPublicKeyBase64(publicKey *rsa.PublicKey) (string, error)
- func Encrypt(plainText string, publicKey *rsa.PublicKey) (string, error)
- func ExportPublicKeyAsString(publicKey *rsa.PublicKey) (string, error)
- func GenerateKey() (*rsa.PrivateKey, *rsa.PublicKey, error)
- func VerifySQLUser(tidbClient *tidb.Client, userName, password string) (writeable bool, err error)
- type AuthService
- func (s *AuthService) GetLoginInfoHandler(c *gin.Context)
- func (s *AuthService) LoginHandler(c *gin.Context)
- func (s *AuthService) MWAuthRequired() gin.HandlerFunc
- func (s *AuthService) MWRequireSharePriv() gin.HandlerFunc
- func (s *AuthService) MWRequireWritePriv() gin.HandlerFunc
- func (s *AuthService) RegisterAuthenticator(typeID utils.AuthType, a Authenticator)
- type AuthenticateForm
- type Authenticator
- type BaseAuthenticator
- type GetLoginInfoResponse
- type GetSignOutInfoRequest
- type SignOutInfo
- type TokenResponse
Constants ¶
This section is empty.
Variables ¶
var ( ErrNS = errorx.NewNamespace("error.api.user") ErrUnsupportedAuthType = ErrNS.NewType("unsupported_auth_type") ErrNSSignIn = ErrNS.NewSubNamespace("signin") ErrSignInOther = ErrNSSignIn.NewType("other") )
var ErrInsufficientPrivs = ErrNSSignIn.NewType("insufficient_priv")
var Module = fx.Options( fx.Provide(NewAuthService), fx.Invoke(registerRouter), )
Functions ¶
func Decrypt ¶
func Decrypt(cipherText string, privateKey *rsa.PrivateKey) (string, error)
Decrypt by private key.
func DumpPrivateKeyBase64 ¶
func DumpPrivateKeyBase64(privatekey *rsa.PrivateKey) (string, error)
Dump private key to base64 string
- Have no header/tailer line
- Key content is merged into one-line format
The output is:
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2y8mEdCRE8siiI7udpge......2QIDAQAB
func DumpPublicKeyBase64 ¶
Dump public key to base64 string
- Have no header/tailer line
- Key content is merged into one-line format
The output is:
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2y8mEdCRE8siiI7udpge......2QIDAQAB
func ExportPublicKeyAsString ¶
Export public key to string Output format: -----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA67F1RPMUO4SjARRe4UfX J7ZOCbcysna0jx2Av14KteGo6AWFHhuIxZwgp83GDqFv0Dhc/be7n+9V5vfq0Ob4 fUtdjBio5ciF4pcqzVGbddfJ0R2e52DF6TI2pDgUFdN+1bmGDwZOCyrwBvVh0wW2 jAI+QfQyRimZOMqFeX97XjW32vGk7cxNYMys9ExyJcfzfLanbzOwp6kdNbPXnYtU Y2nmp+evlPKrRzBPnmO0bpZhYHklrRxLo/u/mThysMEttLkgzCare+JPQyb3z3Si Q2E7WG4yz6+6L/wB4etHDfRljMOtqEwv9z4inUfh5716Mg23Div/AbwqGPiKPZf7 cQIDAQAB -----END PUBLIC KEY-----.
func GenerateKey ¶
func GenerateKey() (*rsa.PrivateKey, *rsa.PublicKey, error)
Generate RSA private/public key.
Types ¶
type AuthService ¶
type AuthService struct { FeatureFlagNonRootLogin *featureflag.FeatureFlag RsaPublicKey *rsa.PublicKey RsaPrivateKey *rsa.PrivateKey // contains filtered or unexported fields }
func NewAuthService ¶
func NewAuthService(featureFlags *featureflag.Registry) *AuthService
func (*AuthService) GetLoginInfoHandler ¶
func (s *AuthService) GetLoginInfoHandler(c *gin.Context)
@ID userGetLoginInfo @Summary Get log in information, like supported authenticate types @Success 200 {object} GetLoginInfoResponse @Router /user/login_info [get]
func (*AuthService) LoginHandler ¶
func (s *AuthService) LoginHandler(c *gin.Context)
@ID userLogin @Summary Log in @Param message body AuthenticateForm true "Credentials" @Success 200 {object} TokenResponse @Failure 401 {object} rest.ErrorResponse @Router /user/login [post]
func (*AuthService) MWAuthRequired ¶
func (s *AuthService) MWAuthRequired() gin.HandlerFunc
MWAuthRequired creates a middleware that verifies the authentication token (JWT) in the request. If the token is valid, identity information will be attached in the context. If there is no authentication token, or the token is invalid, subsequent handlers will be skipped and errors will be generated.
func (*AuthService) MWRequireSharePriv ¶
func (s *AuthService) MWRequireSharePriv() gin.HandlerFunc
TODO: Make these MWRequireXxxPriv more general to use.
func (*AuthService) MWRequireWritePriv ¶
func (s *AuthService) MWRequireWritePriv() gin.HandlerFunc
func (*AuthService) RegisterAuthenticator ¶
func (s *AuthService) RegisterAuthenticator(typeID utils.AuthType, a Authenticator)
RegisterAuthenticator registers an authenticator in the authenticate pipeline.
type AuthenticateForm ¶
type Authenticator ¶
type Authenticator interface { IsEnabled() (bool, error) Authenticate(form AuthenticateForm) (*utils.SessionUser, error) ProcessSession(u *utils.SessionUser) bool SignOutInfo(u *utils.SessionUser, redirectURL string) (*SignOutInfo, error) }
type BaseAuthenticator ¶
type BaseAuthenticator struct{}
func (BaseAuthenticator) IsEnabled ¶
func (a BaseAuthenticator) IsEnabled() (bool, error)
func (BaseAuthenticator) ProcessSession ¶
func (a BaseAuthenticator) ProcessSession(u *utils.SessionUser) bool
func (BaseAuthenticator) SignOutInfo ¶
func (a BaseAuthenticator) SignOutInfo(u *utils.SessionUser, redirectURL string) (*SignOutInfo, error)
type GetLoginInfoResponse ¶
type GetSignOutInfoRequest ¶
type GetSignOutInfoRequest struct {
RedirectURL string `json:"redirect_url" form:"redirect_url"`
}
type SignOutInfo ¶
type SignOutInfo struct {
EndSessionURL string `json:"end_session_url"`
}