README
¶
EchoSec
A Golang middleware for the Labstack Echo Server that simplifies the process of describing the prerequisites for a request to access combinations of endpoints and methods. The most common application is to offload boring and copy-paste security constraints to a middleware.
Ie. Can a user with a given JWT token perform DELETE /user/:id?
Example
Premises:
GetClaims(c)is a dummy function that represents, in the example, the retrieval of JWT claims.
import "github.com/theirish81/echosec"
/*...*/
m := echosec.Middleware(echosec.Config{
PathMapping: echosec.PathItems{
{
Patterns: echosec.Patterns{"/api/v1/user"},
PathValidation: func(c echo.Context) error {
if GetClaims(c).Admin {
return nil
}
return errors.NewForbiddenError()
},
},
{
Patterns: echosec.Patterns{"/api/v1/user/:userId"},
PathValidation: func(c echo.Context) error {
if GetClaims(c).CanAdminUserData(c.Param("userId")) {
return nil
}
return errors.NewForbiddenError()
},
},
{
Patterns: echosec.Patterns{"/api/v1/workspace"},
Methods: echosec.ValidationMap{
"GET": func(c echo.Context) error {
if GetClaims(c).Admin {
return nil
}
return errors.NewForbiddenError()
},
},
PathValidation: func(c echo.Context) error {
return nil
},
},
{
Patterns: echosec.Patterns{"/api/v1/workspace/:workspaceId",
"/api/v1/workspace/:workspaceId/membership",
"/api/v1/workspace/:workspaceId/membership/:membershipId"},
Methods: echosec.ValidationMap{
"GET": func(c echo.Context) error {
if GetClaims(c).CanAccessWorkspace(c.Param("workspaceId")) {
return nil
}
return errors.NewForbiddenError()
},
"PUT,DELETE": func(c echo.Context) error {
if GetClaims(c).CanAdminWorkspace(c.Param("workspaceId")) {
return nil
}
return errors.NewForbiddenError()
},
},
},
},
})
/*...*/
e := echo.New()
e.Use(m)
Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func WithManualConfig ¶ added in v0.3.0
func WithManualConfig(cfg ManualConfig) echo.MiddlewareFunc
WithManualConfig returns an echo.MiddlewareFunc for the echo server cfg is the ManualConfig of the middleware
func WithOpenApiConfig ¶ added in v0.3.0
func WithOpenApiConfig(cfg OApiConfig) echo.MiddlewareFunc
Types ¶
type ManualConfig ¶ added in v0.3.0
type ManualConfig struct {
BasePath string
PathMapping PathItems
DefaultValidation ValidationFunc
}
ManualConfig is the middleware configuration. BasePath a baseURL to apply to each PathItem to simplify and cleanup mappings PathMapping contains a list of validation functions, grouped by path and method. DefaultValidation is the default validation action taken if no mapping is matched
type OApiConfig ¶ added in v0.3.0
type OApiConfig struct {
// contains filtered or unexported fields
}
func NewOApiConfig ¶ added in v0.3.0
func NewOApiConfig(openapi []byte, validators map[string]OApiValidationFunc) (OApiConfig, error)
type OApiEchoSec ¶ added in v0.3.0
type OApiValidationFunc ¶ added in v0.3.0
type PathItem ¶
type PathItem struct {
Methods ValidationMap
Patterns Patterns
PathValidation ValidationFunc
}
PathItem is a validation item. Patterns is a list of URL patterns to which this validation PathItem responds to Methods is a list of mappings based on methods. This can be NIL. PathValidation is the default validation for this path, if all Methods validations did not find a match
func (PathItem) FindMethodValidator ¶
func (i PathItem) FindMethodValidator(method string) ValidationFunc
FindMethodValidator looks for a method validator that matches the provided method. It will return NIL if Methods is NIL or if no method matchers are found
type ValidationFunc ¶
type ValidationFunc func(c echo.Context) error
ValidationFunc is any function meant to validate access to a path or method
type ValidationMap ¶
type ValidationMap map[string]ValidationFunc
ValidationMap maps string keys to validation functions
Source Files