auth

package
v0.0.0-...-e10842c Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 9, 2023 License: MIT Imports: 11 Imported by: 0

Documentation

Overview

Package auth holds some standard auth functionalities. It provides us middleware easily into our routers, and manage access control of our apis.

Index

Constants

This section is empty.

Variables

View Source 
var (
	// APIKeyHeader The API key header name
	APIKeyHeader = "x-api-key"

	// TokenHeadName is a string in the header. Default value is "Bearer"
	TokenHeadName = "Bearer"

	// APIKeyLookup is a string in the form of "<source>:<name>" that is used
	// to extract token from the request.
	// Optional. Default value "header:Authorization".
	// Possible values:
	// - "header:<name>"
	// - "query:<name>"
	// - "cookie:<name>"
	APIKeyLookup = "param:api_key,query:api_key,cookie:api_key,header:" + APIKeyHeader

	// TokenLookup is a string in the form of "<source>:<name>" that is used
	// to extract token from the request.
	// Optional. Default value "header:Authorization".
	// Possible values:
	// - "header:<name>"
	// - "query:<name>"
	// - "cookie:<name>"
	TokenLookup = "param:api_key,query:token,cookie:jwt,header:Authorization"

	// ErrNoClaims when HTTP status 403 is given
	ErrNoClaims = errors.New("invalid token")

	// ErrForbidden when HTTP status 403 is given
	ErrForbidden = errors.New("you don't have permission to access this resource")

	// ErrExpiredToken indicates JWT token has expired. Can't refresh.
	ErrExpiredToken = errors.New("token is expired")

	// ErrEmptyAuthHeader can be thrown if authing with a HTTP header, the Auth header needs to be set
	ErrEmptyAuthHeader = errors.New("auth header is empty")

	// ErrEmptyAPIKeyHeader can be thrown if authing with a HTTP header, the Auth header needs to be set
	ErrEmptyAPIKeyHeader = errors.New("api key header is empty")

	// ErrMissingExpField missing exp field in token
	ErrMissingExpField = errors.New("missing exp field")

	// ErrInvalidAuthHeader indicates auth header is invalid, could for example have the wrong Realm name
	ErrInvalidAuthHeader = errors.New("auth header is invalid")

	// ErrEmptyQueryToken can be thrown if authing with URL Query, the query token variable is empty
	ErrEmptyQueryToken = errors.New("query token is empty")

	// ErrEmptyCookieToken can be thrown if authing with a cookie, the token cokie is empty
	ErrEmptyCookieToken = errors.New("cookie token is empty")

	// ErrEmptyParamToken can be thrown if authing with parameter in path, the parameter in path is empty
	ErrEmptyParamToken = errors.New("parameter token is empty")

	// ErrInvalidSigningAlgorithm indicates signing algorithm is invalid, needs to be HS256, HS384, HS512, RS256, RS384 or RS512
	ErrInvalidSigningAlgorithm = errors.New("invalid signing algorithm")
)

Functions

func Middleware 

func Middleware(path string, cfg *cfg.Server, orm *orm.ORM) gin.HandlerFunc

Middleware wraps the request with auth middleware

func ParseAPIKey 

func ParseAPIKey(c *gin.Context, sc *cfg.Server) (apiKey string, err error)

ParseAPIKey parse api key from gin context looks for x-api-key in header, query params, cookie

func ParseToken 

func ParseToken(c *gin.Context, sc *cfg.Server) (t *jwt.Token, err error)

ParseToken parse jwt token from gin context looks for token in header, query params, cookie

Types

This section is empty.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.