basculehttp

package
v2.0.0-...-b8c5826 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 4, 2024 License: Apache-2.0 Imports: 7 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	BasicScheme  bascule.Scheme = "Basic"
	BearerScheme bascule.Scheme = "Bearer"

	// WwwAuthenticateHeaderName is the HTTP header used for StatusUnauthorized challenges.
	WwwAuthenticateHeaderName = "WWW-Authenticate"

	// DefaultBasicRealm is the realm used for a basic challenge
	// when no realm is supplied.
	DefaultBasicRealm string = "bascule"

	// DefaultBearerRealm is the realm used for a bearer challenge
	// when no realm is supplied.
	DefaultBearerRealm string = "bascule"
)
View Source 
const DefaultAuthorizationHeader = "Authorization"

Variables

This section is empty.

Functions

func NewJwtTokenParser 

func NewJwtTokenParser(opts ...jwt.ParseOption) (bascule.TokenParser, error)

func NewTokenFactory 

func NewTokenFactory(opts ...bascule.TokenFactoryOption) (bascule.TokenFactory, error)

NewTokenFactory builds a bascule.TokenFactory with useful defaults for an HTTP environment.

A default CredentialParser and TokenParser schemes are prepended to the supplied option. This function will not return an error if those options are omitted. Any options supplied explicitly to this function can override those defaults.

Types

type Accessor 

type Accessor interface {
	// GetCredentials obtains the raw, serialized credentials from the request.
	GetCredentials(*http.Request) (string, error)
}

Accessor is the strategy for extracting the raw, serialized credentials from an HTTP request.

func DefaultAccessor 

func DefaultAccessor() Accessor

type AuthorizationAccessor 

type AuthorizationAccessor struct {
	// Header is the name of the Authorization header.  If unset, then
	// DefaultAuthorizationHeader is used.
	Header string
}

AuthorizationAccessor is an Accessor that pulls the serialized credentials from an HTTP header of the format defined by https://www.rfc-editor.org/rfc/rfc7235#section-4.2. Only the single header is considered.

func (AuthorizationAccessor) GetCredentials 

func (aa AuthorizationAccessor) GetCredentials(r *http.Request) (serialized string, err error)

type BasicChallenge 

type BasicChallenge struct {
	// Scheme is the name of scheme supplied in the challenge.  If this
	// field is unset, BasicScheme is used.
	Scheme bascule.Scheme

	// Realm is the name of the realm for the challenge.  If this field
	// is unset, DefaultBasicRealm is used.
	//
	// Note that this field should always be set.  The default isn't very
	// useful outside of development.
	Realm string

	// UTF8 indicates whether "charset=UTF-8" is appended to the challenge.
	// This is the only charset allowed for a Basic challenge.
	UTF8 bool
}

BasicChallenge represents a WWW-Authenticate basic auth challenge.

func (BasicChallenge) FormatAuthenticate 

func (bc BasicChallenge) FormatAuthenticate(o strings.Builder)

type BearerChallenge 

type BearerChallenge struct {
	// Scheme is the name of scheme supplied in the challenge.  If this
	// field is unset, BearerScheme is used.
	Scheme bascule.Scheme

	// Realm is the name of the realm for the challenge.  If this field
	// is unset, DefaultBearerRealm is used.
	//
	// Note that this field should always be set.  The default isn't very
	// useful outside of development.
	Realm string
}

func (BearerChallenge) FormatAuthenticate 

func (bc BearerChallenge) FormatAuthenticate(o strings.Builder)

type Challenge 

type Challenge interface {
	// FormatAuthenticate formats the authenticate string.
	FormatAuthenticate(strings.Builder)
}

Challenge represents a WWW-Authenticate challenge.

type Challenges 

type Challenges []Challenge

Challenges represents a sequence of challenges to associated with a StatusUnauthorized response.

func (Challenges) WriteHeader 

func (chs Challenges) WriteHeader(h http.Header) int

WriteHeader inserts one WWW-Authenticate header per challenge in this set. If this set is empty, the given http.Header is not modified.

This method returns the count of headers added, which will be zero (0) for an empty Challenges.

type FrontDoor 

type FrontDoor interface {
	Then(next http.Handler) http.Handler
}

FrontDoor is a server middleware that handles the full authentication workflow. Authorization is handled separately.

func NewFrontDoor 

func NewFrontDoor(opts ...FrontDoorOption) (FrontDoor, error)

NewFrontDoor constructs a FrontDoor middleware using the supplied options.

type FrontDoorOption 

type FrontDoorOption interface {
	// contains filtered or unexported methods
}

func WithAccessor 

func WithAccessor(a Accessor) FrontDoorOption

WithAccessor associates a strategy for extracting the raw, serialized token from a request. If this option is not supplied, DefaultAccessor() is used.

func WithChallenges 

func WithChallenges(c ...Challenge) FrontDoorOption

WithChallenges describes challenges to be issued when no credentials are supplied. If no challenges are associated with a FrontDoor, then http.StatusForbidden is returned whenever credentials are not found in the request. Otherwise, http.StatusUnauthorized is returned along with a WWW-Authenticate header for each challenge.

func WithTokenFactory 

func WithTokenFactory(tf bascule.TokenFactory) FrontDoorOption

WithTokenFactory associates the given token factory with a front door.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.