bascule: github.com/xmidt-org/bascule/basculehttp Index | Files

package basculehttp

import "github.com/xmidt-org/bascule/basculehttp"

package basculehttp contains some basic http middleware (in the form of Alice-style decorators) that can be used to extract and parse a Token from an http header, validate the Token, and allow for the consumer to add additional logs or metrics upon an error or a valid Token.

Index

Package Files

constructor.go enforcer.go errorResponseReason.go errorresponsereason_string.go http.go listener.go notfoundbehavior_string.go tokenFactory.go

Constants

const (
    // DefaultHeaderName is the http header to get the authorization
    // information from.
    DefaultHeaderName = "Authorization"

    // DefaultHeaderDelimiter is the character between the authorization and
    // its key.
    DefaultHeaderDelimiter = " "
)

Variables

var (
    ErrorMalformedValue    = errors.New("expected <user>:<password> in decoded value")
    ErrorPrincipalNotFound = errors.New("principal not found")
    ErrorInvalidPassword   = errors.New("invalid password")
    ErrorNoProtectedHeader = errors.New("missing protected header")
    ErrorNoSigningMethod   = errors.New("signing method (alg) is missing or unrecognized")
    ErrorUnexpectedPayload = errors.New("payload isn't a map of strings to interfaces")
    ErrorInvalidPrincipal  = errors.New("principal must be a non-empty string")
    ErrorInvalidToken      = errors.New("token isn't valid")
    ErrorUnexpectedClaims  = errors.New("claims wasn't MapClaims as expected")
)

func DefaultOnErrorResponse Uses

func DefaultOnErrorResponse(_ ErrorResponseReason, _ error)

default function does nothing

func DefaultParseURLFunc Uses

func DefaultParseURLFunc(u *url.URL) (*url.URL, error)

DefaultParseURLFunc does nothing. It returns the same url it received.

func NewConstructor Uses

func NewConstructor(options ...COption) func(http.Handler) http.Handler

NewConstructor creates an Alice-style decorator function that acts as middleware: parsing the http request to get a Token, which is added to the context.

func NewEnforcer Uses

func NewEnforcer(options ...EOption) func(http.Handler) http.Handler

NewListenerDecorator creates an Alice-style decorator function that acts as middleware, allowing for Listeners to be called after a token has been authenticated.

func NewErrorHeaderer Uses

func NewErrorHeaderer(err error, headers map[string][]string) error

func NewListenerDecorator Uses

func NewListenerDecorator(listeners ...Listener) func(http.Handler) http.Handler

NewListenerDecorator creates an Alice-style decorator function that acts as middleware, allowing for Listeners to be called after a token has been authenticated.

func WriteResponse Uses

func WriteResponse(response http.ResponseWriter, defaultStatusCode int, v interface{})

WriteResponse performs some basic reflection on v to allow it to modify responses written to an HTTP response. Useful mainly for errors.

type BasicTokenFactory Uses

type BasicTokenFactory map[string]string

BasicTokenFactory parses a basic auth and verifies it is in a map of valid basic auths.

func (BasicTokenFactory) ParseAndValidate Uses

func (btf BasicTokenFactory) ParseAndValidate(ctx context.Context, _ *http.Request, _ bascule.Authorization, value string) (bascule.Token, error)

ParseAndValidate expects the given value to be a base64 encoded string with the username followed by a colon and then the password. The function checks that the username password pair is in the map and returns a Token if it is.

type BearerTokenFactory Uses

type BearerTokenFactory struct {
    DefaultKeyId string
    Resolver     key.Resolver
    Parser       bascule.JWTParser
    Leeway       bascule.Leeway
}

BearerTokenFactory parses and does basic validation for a JWT token.

func (BearerTokenFactory) ParseAndValidate Uses

func (btf BearerTokenFactory) ParseAndValidate(ctx context.Context, _ *http.Request, _ bascule.Authorization, value string) (bascule.Token, error)

ParseAndValidate expects the given value to be a JWT with a kid header. The kid should be resolvable by the Resolver and the JWT should be Parseable and pass any basic validation checks done by the Parser. If everything goes well, a Token of type "jwt" is returned.

type COption Uses

type COption func(*constructor)

COption is any function that modifies the constructor - used to configure the constructor.

func WithCErrorResponseFunc Uses

func WithCErrorResponseFunc(f OnErrorResponse) COption

WithCErrorResponseFunc sets the function that is called when an error occurs.

func WithCLogger Uses

func WithCLogger(getLogger func(context.Context) bascule.Logger) COption

WithCLogger sets the function to use to get the logger from the context. If no logger is set, nothing is logged.

func WithHeaderDelimiter Uses

func WithHeaderDelimiter(delimiter string) COption

WithHeaderDelimiter sets the value expected between the authorization key and token.

func WithHeaderName Uses

func WithHeaderName(headerName string) COption

WithHeaderName sets the headername and verifies it's valid. The headername is the name of the header to get the authorization information from.

func WithParseURLFunc Uses

func WithParseURLFunc(parseURL ParseURL) COption

WithParseURLFunc sets the function to use to make any changes to the URL before it is added to the context.

func WithTokenFactory Uses

func WithTokenFactory(key bascule.Authorization, tf TokenFactory) COption

WithTokenFactory sets the TokenFactory for the constructor to use.

type EOption Uses

type EOption func(*enforcer)

EOption is any function that modifies the enforcer - used to configure the enforcer.

func WithEErrorResponseFunc Uses

func WithEErrorResponseFunc(f OnErrorResponse) EOption

WithEErrorResponseFunc sets the function that is called when an error occurs.

func WithELogger Uses

func WithELogger(getLogger func(context.Context) bascule.Logger) EOption

WithELogger sets the function to use to get the logger from the context. If no logger is set, nothing is logged.

func WithNotFoundBehavior Uses

func WithNotFoundBehavior(behavior NotFoundBehavior) EOption

WithNotFoundBehavior sets the behavior upon not finding the Authorization value in the rules map.

func WithRules Uses

func WithRules(key bascule.Authorization, v bascule.Validator) EOption

WithRules sets the validator to be used for a given Authorization value.

type ErrorHeaderer Uses

type ErrorHeaderer struct {
    // contains filtered or unexported fields
}

ErrorHeaderer implements headerer, allowing an error to supply http headers in an error response.

func (ErrorHeaderer) Error Uses

func (e ErrorHeaderer) Error() string

func (ErrorHeaderer) Headers Uses

func (e ErrorHeaderer) Headers() http.Header

type ErrorResponseReason Uses

type ErrorResponseReason int

ErrorResponseReason is an enum that specifies the reason parsing/validating a token failed. Its primary use is for metrics and logging.

const (
    MissingHeader ErrorResponseReason = iota
    InvalidHeader
    KeyNotSupported
    ParseFailed
    GetURLFailed
    MissingAuthentication
    ChecksNotFound
    ChecksFailed
)

func (ErrorResponseReason) String Uses

func (i ErrorResponseReason) String() string

type Listener Uses

type Listener interface {
    OnAuthenticated(bascule.Authentication)
}

Listener is anything that takes the Authentication information of an authenticated Token.

type NotFoundBehavior Uses

type NotFoundBehavior int

NotFoundBehavior is an enum that specifies what to do when the Authorization used isn't found in the map of rules.

const (
    Forbid NotFoundBehavior = iota
    Allow
)

func (NotFoundBehavior) String Uses

func (i NotFoundBehavior) String() string

type OnErrorResponse Uses

type OnErrorResponse func(ErrorResponseReason, error)

OnErrorResponse is a function that takes the error response reason and the error and can do something with it. This is useful for adding additional metrics or logs.

type ParseURL Uses

type ParseURL func(*url.URL) (*url.URL, error)

ParseURL is a function that modifies the url given then returns it.

func CreateRemovePrefixURLFunc Uses

func CreateRemovePrefixURLFunc(prefix string, next ParseURL) ParseURL

CreateRemovePrefixURLFunc parses the URL by removing the prefix specified.

type TokenFactory Uses

type TokenFactory interface {
    ParseAndValidate(context.Context, *http.Request, bascule.Authorization, string) (bascule.Token, error)
}

TokenFactory is a strategy interface responsible for creating and validating a secure Token.

type TokenFactoryFunc Uses

type TokenFactoryFunc func(context.Context, *http.Request, bascule.Authorization, string) (bascule.Token, error)

TokenFactoryFunc makes it so any function that has the same signature as TokenFactory's ParseAndValidate function implements TokenFactory.

func (TokenFactoryFunc) ParseAndValidate Uses

func (tff TokenFactoryFunc) ParseAndValidate(ctx context.Context, r *http.Request, a bascule.Authorization, v string) (bascule.Token, error)

Package basculehttp imports 16 packages (graph) and is imported by 5 packages. Updated 2020-02-06. Refresh now. Tools for package owners.