auth

package

v0.43.3 Latest Latest Go to latest Published: Apr 19, 2024 License: Apache-2.0 Imports: 35 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/rilldata/rill

Links

Open Source Insights

Documentation ¶

Index ¶

type Authenticator
- func NewAuthenticator(logger *zap.Logger, adm *admin.Service, cookieStore *cookies.Store, ...) (*Authenticator, error)
type AuthenticatorOptions
type Claims
- func GetClaims(ctx context.Context) Claims
type DeviceCodeResponse
type OwnerType
type TokenRequest

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Authenticator ¶

type Authenticator struct {
	// contains filtered or unexported fields
}

Authenticator wraps functionality for admin server auth. It provides endpoints for login/logout, creates users, issues cookie-based auth tokens, and provides middleware for authenticating requests. The implementation was derived from: https://auth0.com/docs/quickstart/webapp/golang/01-login.

func NewAuthenticator ¶

func NewAuthenticator(logger *zap.Logger, adm *admin.Service, cookieStore *cookies.Store, opts *AuthenticatorOptions) (*Authenticator, error)

NewAuthenticator creates an Authenticator.

func (*Authenticator) Annotator ¶

func (a *Authenticator) Annotator(ctx context.Context, r *http.Request) metadata.MD

Annotator is a gRPC-gateway annotator that moves access tokens in HTTP cookies to the "authorization" gRPC metadata.

func (*Authenticator) HTTPMiddleware ¶

func (a *Authenticator) HTTPMiddleware(next http.Handler) http.Handler

HTTPMiddleware is a HTTP middleware variant of UnaryServerInterceptor. It additionally supports reading access tokens from cookies. It should be used for non-gRPC HTTP endpoints (CookieAuthAnnotator takes care of handling cookies in gRPC-gateway requests).

func (*Authenticator) HTTPMiddlewareLenient ¶ added in v0.42.0

func (a *Authenticator) HTTPMiddlewareLenient(next http.Handler) http.Handler

HTTPMiddlewareLenient is a lenient variant of HTTPMiddleware. If the authoriztion header is malformed or invalid, it will still succeed, setting anonClaims on the request.

func (*Authenticator) RegisterEndpoints ¶

func (a *Authenticator) RegisterEndpoints(mux *http.ServeMux, limiter ratelimit.Limiter)

RegisterEndpoints adds HTTP endpoints for auth. The mux must be served on the ExternalURL of the Authenticator since the logic in these handlers relies on knowing the full external URIs. Note that these are not gRPC handlers, just regular HTTP endpoints that we mount on the gRPC-gateway mux.

func (*Authenticator) StreamServerInterceptor ¶

func (a *Authenticator) StreamServerInterceptor() grpc.StreamServerInterceptor

StreamServerInterceptor is the streaming variant of UnaryServerInterceptor.

func (*Authenticator) UnaryServerInterceptor ¶

func (a *Authenticator) UnaryServerInterceptor() grpc.UnaryServerInterceptor

UnaryServerInterceptor is a middleware for setting claims on runtime server requests. It authenticates the user and acquires the claims using the bearer token in the "authorization" request metadata field. If no bearer token is found, it will still succeed, setting anonClaims on the request. The assigned claims can be retrieved using GetClaims. If the interceptor succeeds, a Claims value is guaranteed to be set on the ctx.

type AuthenticatorOptions ¶

type AuthenticatorOptions struct {
	AuthDomain       string
	AuthClientID     string
	AuthClientSecret string
	ExternalURL      string
	FrontendURL      string
}

AuthenticatorOptions provides options for Authenticator

type Claims ¶

type Claims interface {
	OwnerType() OwnerType
	OwnerID() string
	AuthTokenID() string
	Superuser(ctx context.Context) bool
	OrganizationPermissions(ctx context.Context, orgID string) *adminv1.OrganizationPermissions
	ProjectPermissions(ctx context.Context, orgID, projectID string) *adminv1.ProjectPermissions
}

Claims resolves permissions for a requester.

func GetClaims ¶

func GetClaims(ctx context.Context) Claims

GetClaims retrieves Claims from a request context. It should only be used in handlers intercepted by UnaryServerInterceptor or StreamServerInterceptor.

type DeviceCodeResponse ¶

type DeviceCodeResponse struct {
	DeviceCode              string `json:"device_code"`
	UserCode                string `json:"user_code"`
	VerificationURI         string `json:"verification_uri"`
	VerificationCompleteURI string `json:"verification_uri_complete"`
	ExpiresIn               int    `json:"expires_in"`
	PollingInterval         int    `json:"interval"`
}

DeviceCodeResponse encapsulates the response for obtaining a device code.

type OwnerType ¶

type OwnerType string

OwnerType is an enum of types of claim owners

const (
	OwnerTypeAnon       OwnerType = "anon"
	OwnerTypeUser       OwnerType = "user"
	OwnerTypeService    OwnerType = "service"
	OwnerTypeDeployment OwnerType = "deployment"
)

type TokenRequest ¶

type TokenRequest struct {
	GrantType  string `json:"grant_type"`
	DeviceCode string `json:"device_code"`
	ClientID   string `json:"client_id"`
}

TokenRequest encapsulates the request for obtaining an access token.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL