Documentation ¶
Index ¶
- Constants
- Variables
- func MinValidationTime() time.Time
- type BackgroundWorker
- type CachedToken
- type CaddyHandleFunc
- type CallbackError
- type Config
- type HeaderOption
- type MiniConfig
- type MiniTransport
- type Path
- type RemoteConfig
- type StateIDSession
- type StatusResponse
- type Tmpauth
- func (t *Tmpauth) CookieName() string
- func (t *Tmpauth) DebugLog(str string)
- func (t *Tmpauth) Matches(urlPath, base string) bool
- func (t *Tmpauth) ParseAuthJWT(tokenStr string, minValidationTime time.Time) (*CachedToken, error)
- func (t *Tmpauth) ParseWrappedAuthJWT(tokenStr string) (*CachedToken, error)
- func (t *Tmpauth) ParseWrappedMicrotoken(tokenStr string) (*CachedToken, error)
- func (t *Tmpauth) ReauthMini() error
- func (t *Tmpauth) ServeHTTP(w http.ResponseWriter, r *http.Request) (int, error)
- func (t *Tmpauth) SetHeaders(token *CachedToken, headers http.Header) error
- func (t *Tmpauth) Shutdown()
- func (t *Tmpauth) StartAuth(w http.ResponseWriter, r *http.Request) (int, error)
- func (t *Tmpauth) StateIDCookieName(id string) string
- func (t *Tmpauth) Stdlib() *TmpauthStdlib
- func (t *Tmpauth) VerifyWithPublicKey(token *jwt.Token) (interface{}, error)
- func (t *Tmpauth) VerifyWithSecret(token *jwt.Token) (interface{}, error)
- func (t *Tmpauth) Whomst() (map[string]json.RawMessage, error)
- type TmpauthStdlib
- type Transport
- type UnserializableConfig
Constants ¶
const ConfigIDHeader = "X-Tmpauth-Config-Id"
const HostHeader = "X-Tmpauth-Host"
const RequestURIHeader = "X-Tmpauth-Request-URI"
const (
TmpAuthHost = "auth.tmpim.pw"
)
Variables ¶
var ( DefaultLogger = log.New(os.Stderr, "tmpauth", log.Ldate|log.Ltime|log.Lmicroseconds|log.Lshortfile) NoLogger = log.New(io.Discard, "", 0) )
var ErrInvalidCallbackToken = &CallbackError{
errorCode: "invalid_token",
humanMessage: "The callback token from tmpauth failed to be validated",
}
Functions ¶
func MinValidationTime ¶
Types ¶
type BackgroundWorker ¶
type BackgroundWorker struct {
// contains filtered or unexported fields
}
func (*BackgroundWorker) DebugLog ¶
func (w *BackgroundWorker) DebugLog(str string)
func (*BackgroundWorker) MinValidationTime ¶
func (w *BackgroundWorker) MinValidationTime() time.Time
type CachedToken ¶
type CaddyHandleFunc ¶
func FromHTTPHandleFunc ¶
func FromHTTPHandleFunc(h http.HandlerFunc) CaddyHandleFunc
func FromHTTPHandler ¶
func FromHTTPHandler(h http.Handler) CaddyHandleFunc
type CallbackError ¶
type CallbackError struct {
// contains filtered or unexported fields
}
func (*CallbackError) Error ¶
func (c *CallbackError) Error() string
type Config ¶
type Config struct { PublicKey *ecdsa.PublicKey ClientID string Secret []byte Token string Redirect string AllowedUsers []string IDFormats []string Except []string Include []string Headers map[string]*HeaderOption Host *url.URL CaseSensitiveMatching bool // Advanced settings, default zero values are sane. Debug bool BaseHTTPClient *http.Client Logger *log.Logger // If nil, DefaultLogger is used. Set to NoLogger to disable logging. UseFinalizer bool // Use the finalizer to clean up background workers. }
type HeaderOption ¶
type MiniConfig ¶
type MiniConfig struct { PublicKey string `json:"publicKey"` Secret string `json:"secret"` AllowedUsers []string `json:"allowedUsers"` IDFormats []string `json:"idFormats"` Except []string `json:"except"` Include []string `json:"include"` Headers map[string]*HeaderOption `json:"headers"` Redirect string `json:"redirect"` Host string `json:"host"` Debug bool `json:"debug"` CaseSensitiveMatching bool `json:"caseSensitiveMatching"` MiniServerHost string `json:"miniServerHost,omitempty"` }
type MiniTransport ¶
type MiniTransport struct {
// contains filtered or unexported fields
}
type RemoteConfig ¶
type StateIDSession ¶
type StatusResponse ¶
type StatusResponse struct { Tmpauth bool `json:"tmpauth"` ClientID string `json:"clientID"` IsLoggedIn bool `json:"isLoggedIn"` UserDescriptor json.RawMessage `json:"loggedInUser,omitempty"` }
type Tmpauth ¶
type Tmpauth struct { // We use a Caddy style HandleFunc for middleware. Next CaddyHandleFunc Config *Config TokenCache map[[32]byte]*CachedToken HttpClient *http.Client HMAC hash.Hash // contains filtered or unexported fields }
func NewMini ¶
func NewMini(config MiniConfig, next CaddyHandleFunc) (*Tmpauth, error)
func NewTmpauth ¶
func NewTmpauth(cfg *Config, next CaddyHandleFunc) *Tmpauth
NewTmpauth creates a new tmpauth handler. Although this can be used as a middleware, it doesn't have to be. For example you can leave most Config options unset, and use ParseWrappedAuthJWT to validate tokens.
func (*Tmpauth) CookieName ¶
func (*Tmpauth) Matches ¶
Matches checks to see if base matches p. The correct usage of this method sets p as the request path, and base as a Casketfile (user-defined) rule path.
Path matching will probably not always be a direct comparison; this method assures that paths can be easily and consistently matched.
Multiple slashes are collapsed/merged. Lifted from https://github.com/tmpim/casket/blob/v1.2.11/caskethttp/httpserver/path.go This code sample may be considered to be licensed under the Apache License 2.0 which can be found at https://github.com/tmpim/casket/blob/master/LICENSE.txt
func (*Tmpauth) ParseAuthJWT ¶
func (*Tmpauth) ParseWrappedAuthJWT ¶
func (t *Tmpauth) ParseWrappedAuthJWT(tokenStr string) (*CachedToken, error)
func (*Tmpauth) ParseWrappedMicrotoken ¶
func (t *Tmpauth) ParseWrappedMicrotoken(tokenStr string) (*CachedToken, error)
func (*Tmpauth) ReauthMini ¶
func (*Tmpauth) SetHeaders ¶
func (t *Tmpauth) SetHeaders(token *CachedToken, headers http.Header) error
func (*Tmpauth) Shutdown ¶
func (t *Tmpauth) Shutdown()
Shutdown signals background workers in tmpauth to stop. This is required for all use cases of tmpauth as it's used to stop the cache janitor.
func (*Tmpauth) StateIDCookieName ¶
func (*Tmpauth) Stdlib ¶
func (t *Tmpauth) Stdlib() *TmpauthStdlib
Stdlib returns a http.Handler compatible version of the Tmpauth middleware.
func (*Tmpauth) VerifyWithPublicKey ¶
func (*Tmpauth) VerifyWithSecret ¶
type TmpauthStdlib ¶
type TmpauthStdlib struct {
// contains filtered or unexported fields
}
func (*TmpauthStdlib) ServeHTTP ¶
func (t *TmpauthStdlib) ServeHTTP(w http.ResponseWriter, r *http.Request)
type Transport ¶
type Transport struct {
// contains filtered or unexported fields
}
Transport represents the transport that injects credentials.
type UnserializableConfig ¶
type UnserializableConfig struct { PublicKey string `json:"publicKey"` Secret string `json:"secret"` AllowedUsers []string `json:"allowedUsers"` IDFormats []string `json:"idFormats"` Except []string `json:"except"` Include []string `json:"include"` Headers map[string]*HeaderOption `json:"headers"` Redirect string `json:"redirect"` Host string `json:"host"` Debug bool `json:"debug"` CaseSensitiveMatching bool `json:"caseSensitiveMatching"` }
UnserializableConfig is a convenience struct for unmarshalling config from JSON like formats and validating them into a Config.
func (*UnserializableConfig) Parse ¶
func (c *UnserializableConfig) Parse() (*Config, error)