README
¶
tmpauth-go
A tmpauth library for Go.
go get -u github.com/tmpim/tmpauth-go
Documentation
¶
Index ¶
- Constants
- Variables
- func MinValidationTime() time.Time
- type BackgroundWorker
- type CachedToken
- type CaddyHandleFunc
- type CallbackError
- type Config
- type HeaderOption
- type MiniConfig
- type MiniTransport
- type Path
- type RemoteConfig
- type StateIDSession
- type StatusResponse
- type Tmpauth
- func (t *Tmpauth) CookieName() string
- func (t *Tmpauth) DebugLog(str string)
- func (t *Tmpauth) Matches(urlPath, base string) bool
- func (t *Tmpauth) ParseAuthJWT(tokenStr string, minValidationTime time.Time) (*CachedToken, error)
- func (t *Tmpauth) ParseWrappedAuthJWT(tokenStr string) (*CachedToken, error)
- func (t *Tmpauth) ParseWrappedMicrotoken(tokenStr string) (*CachedToken, error)
- func (t *Tmpauth) ReauthMini() error
- func (t *Tmpauth) ServeHTTP(w http.ResponseWriter, r *http.Request) (int, error)
- func (t *Tmpauth) SetHeaders(token *CachedToken, headers http.Header) error
- func (t *Tmpauth) Shutdown()
- func (t *Tmpauth) StartAuth(w http.ResponseWriter, r *http.Request) (int, error)
- func (t *Tmpauth) StateIDCookieName(id string) string
- func (t *Tmpauth) Stdlib() *TmpauthStdlib
- func (t *Tmpauth) VerifyWithPublicKey(token *jwt.Token) (interface{}, error)
- func (t *Tmpauth) VerifyWithSecret(token *jwt.Token) (interface{}, error)
- func (t *Tmpauth) Whomst() (map[string]json.RawMessage, error)
- type TmpauthStdlib
- type Transport
- type UnserializableConfig
Constants ¶
View Source
const ConfigIDHeader = "X-Tmpauth-Config-Id"
View Source
const HostHeader = "X-Tmpauth-Host"
View Source
const RequestURIHeader = "X-Tmpauth-Request-URI"
View Source
const (
TmpAuthHost = "auth.tmpim.pw"
)
Variables ¶
View Source
var ( DefaultLogger = log.New(os.Stderr, "tmpauth", log.Ldate|log.Ltime|log.Lmicroseconds|log.Lshortfile) NoLogger = log.New(io.Discard, "", 0) )
View Source
var ErrInvalidCallbackToken = &CallbackError{
errorCode: "invalid_token",
humanMessage: "The callback token from tmpauth failed to be validated",
}
Functions ¶
func MinValidationTime ¶
Types ¶
type BackgroundWorker ¶
type BackgroundWorker struct {
// contains filtered or unexported fields
}
func (*BackgroundWorker) DebugLog ¶
func (w *BackgroundWorker) DebugLog(str string)
func (*BackgroundWorker) MinValidationTime ¶
func (w *BackgroundWorker) MinValidationTime() time.Time
type CachedToken ¶
type CaddyHandleFunc ¶
func FromHTTPHandleFunc ¶
func FromHTTPHandleFunc(h http.HandlerFunc) CaddyHandleFunc
func FromHTTPHandler ¶
func FromHTTPHandler(h http.Handler) CaddyHandleFunc
type CallbackError ¶
type CallbackError struct {
// contains filtered or unexported fields
}
func (*CallbackError) Error ¶
func (c *CallbackError) Error() string
type Config ¶
type Config struct {
PublicKey *ecdsa.PublicKey
ClientID string
Secret []byte
Token string
Redirect string
AllowedUsers []string
IDFormats []string
Except []string
Include []string
Headers map[string]*HeaderOption
Host *url.URL
CaseSensitiveMatching bool
// Advanced settings, default zero values are sane.
Debug bool
BaseHTTPClient *http.Client
Logger *log.Logger // If nil, DefaultLogger is used. Set to NoLogger to disable logging.
UseFinalizer bool // Use the finalizer to clean up background workers.
}
type HeaderOption ¶
type MiniConfig ¶
type MiniConfig struct {
PublicKey string `json:"publicKey"`
Secret string `json:"secret"`
AllowedUsers []string `json:"allowedUsers"`
IDFormats []string `json:"idFormats"`
Except []string `json:"except"`
Include []string `json:"include"`
Headers map[string]*HeaderOption `json:"headers"`
Redirect string `json:"redirect"`
Host string `json:"host"`
Debug bool `json:"debug"`
CaseSensitiveMatching bool `json:"caseSensitiveMatching"`
MiniServerHost string `json:"miniServerHost,omitempty"`
}
type MiniTransport ¶
type MiniTransport struct {
// contains filtered or unexported fields
}
type RemoteConfig ¶
type StateIDSession ¶
type StatusResponse ¶
type StatusResponse struct {
Tmpauth bool `json:"tmpauth"`
ClientID string `json:"clientID"`
IsLoggedIn bool `json:"isLoggedIn"`
UserDescriptor json.RawMessage `json:"loggedInUser,omitempty"`
}
type Tmpauth ¶
type Tmpauth struct {
// We use a Caddy style HandleFunc for middleware.
Next CaddyHandleFunc
Config *Config
TokenCache map[[32]byte]*CachedToken
HttpClient *http.Client
HMAC hash.Hash
// contains filtered or unexported fields
}
func NewMini ¶
func NewMini(config MiniConfig, next CaddyHandleFunc) (*Tmpauth, error)
func NewTmpauth ¶
func NewTmpauth(cfg *Config, next CaddyHandleFunc) *Tmpauth
NewTmpauth creates a new tmpauth handler. Although this can be used as a middleware, it doesn't have to be. For example you can leave most Config options unset, and use ParseWrappedAuthJWT to validate tokens.
func (*Tmpauth) CookieName ¶
func (*Tmpauth) Matches ¶
Matches checks to see if base matches p. The correct usage of this method sets p as the request path, and base as a Casketfile (user-defined) rule path.
Path matching will probably not always be a direct comparison; this method assures that paths can be easily and consistently matched.
Multiple slashes are collapsed/merged. Lifted from https://github.com/tmpim/casket/blob/v1.2.11/caskethttp/httpserver/path.go This code sample may be considered to be licensed under the Apache License 2.0 which can be found at https://github.com/tmpim/casket/blob/master/LICENSE.txt
func (*Tmpauth) ParseAuthJWT ¶
func (*Tmpauth) ParseWrappedAuthJWT ¶
func (t *Tmpauth) ParseWrappedAuthJWT(tokenStr string) (*CachedToken, error)
func (*Tmpauth) ParseWrappedMicrotoken ¶
func (t *Tmpauth) ParseWrappedMicrotoken(tokenStr string) (*CachedToken, error)
func (*Tmpauth) ReauthMini ¶
func (*Tmpauth) SetHeaders ¶
func (t *Tmpauth) SetHeaders(token *CachedToken, headers http.Header) error
func (*Tmpauth) Shutdown ¶
func (t *Tmpauth) Shutdown()
Shutdown signals background workers in tmpauth to stop. This is required for all use cases of tmpauth as it's used to stop the cache janitor.
func (*Tmpauth) StateIDCookieName ¶
func (*Tmpauth) Stdlib ¶
func (t *Tmpauth) Stdlib() *TmpauthStdlib
Stdlib returns a http.Handler compatible version of the Tmpauth middleware.
func (*Tmpauth) VerifyWithPublicKey ¶
func (*Tmpauth) VerifyWithSecret ¶
type TmpauthStdlib ¶
type TmpauthStdlib struct {
// contains filtered or unexported fields
}
func (*TmpauthStdlib) ServeHTTP ¶
func (t *TmpauthStdlib) ServeHTTP(w http.ResponseWriter, r *http.Request)
type Transport ¶
type Transport struct {
// contains filtered or unexported fields
}
Transport represents the transport that injects credentials.
type UnserializableConfig ¶
type UnserializableConfig struct {
PublicKey string `json:"publicKey"`
Secret string `json:"secret"`
AllowedUsers []string `json:"allowedUsers"`
IDFormats []string `json:"idFormats"`
Except []string `json:"except"`
Include []string `json:"include"`
Headers map[string]*HeaderOption `json:"headers"`
Redirect string `json:"redirect"`
Host string `json:"host"`
Debug bool `json:"debug"`
CaseSensitiveMatching bool `json:"caseSensitiveMatching"`
}
UnserializableConfig is a convenience struct for unmarshalling config from JSON like formats and validating them into a Config.
func (*UnserializableConfig) Parse ¶
func (c *UnserializableConfig) Parse() (*Config, error)
Source Files
¶
Directories
Click to show internal directories.
Click to hide internal directories.