The highest tagged major version is v3.

httpbakery

package

v0.0.0-...-7ab5879 Latest Latest Go to latest Published: Apr 17, 2015 License: LGPL-3.0 Imports: 22 Imported by: 6

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/go-macaroon-bakery/macaroon-bakery

Documentation ¶

Index ¶

Constants
func AddDischargeHandler(mux *http.ServeMux, rootPath string, svc *bakery.Service, ...)
func CheckRequest(svc *bakery.Service, req *http.Request, assert map[string]string, ...) (map[string]string, error)
func Checkers(req *http.Request) checkers.Checker
func DischargeAll(m *macaroon.Macaroon, client *http.Client, ...) (macaroon.Slice, error)
func Do(client *http.Client, req *http.Request, visitWebPage func(url *url.URL) error) (*http.Response, error)
func DoWithBody(client *http.Client, req *http.Request, getBody BodyGetter, ...) (*http.Response, error)
func ErrorToResponse(err error) (int, interface{})
func IsDischargeError(err error) bool
func IsInteractionError(err error) bool
func NewCookie(ms macaroon.Slice) (*http.Cookie, error)
func NewDischargeRequiredError(m *macaroon.Macaroon, path string, originalErr error) error
func NewHTTPClient() *http.Client
func OpenWebBrowser(url *url.URL) error
func PublicKeyForLocation(client *http.Client, url string) (*bakery.PublicKey, error)
func RequestMacaroons(req *http.Request) []macaroon.Slice
func SameClientIPAddrCaveat(req *http.Request) checkers.Caveat
func SetCookie(jar http.CookieJar, url *url.URL, ms macaroon.Slice) error
func WriteDischargeRequiredError(w http.ResponseWriter, m *macaroon.Macaroon, path string, originalErr error)
type BodyGetter
- func SeekerBody(r io.ReadSeeker) BodyGetter
type DischargeError
- func (e *DischargeError) Error() string
type Error
- func (e *Error) Error() string
- func (e *Error) ErrorCode() ErrorCode
- func (e *Error) ErrorInfo() *ErrorInfo
type ErrorCode
- func (e ErrorCode) Error() string
- func (e ErrorCode) ErrorCode() ErrorCode
type ErrorInfo
type InteractionError
- func (e *InteractionError) Error() string
type WaitResponse

Constants ¶

View Source

const (
	ErrBadRequest          = ErrorCode("bad request")
	ErrDischargeRequired   = ErrorCode("macaroon discharge required")
	ErrInteractionRequired = ErrorCode("interaction required")
)

Variables ¶

This section is empty.

Functions ¶

func AddDischargeHandler ¶

func AddDischargeHandler(mux *http.ServeMux, rootPath string, svc *bakery.Service, checker func(req *http.Request, cavId, cav string) ([]checkers.Caveat, error))

AddDischargeHandler adds handlers to the given ServeMux to serve third party caveat discharges using the given service.

The handlers are added under the given rootPath, which must be non-empty.

The check function is used to check whether a client making the given request should be allowed a discharge for the given caveat. If it does not return an error, the caveat will be discharged, with any returned caveats also added to the discharge macaroon. If it returns an error with a *Error cause, the error will be marshaled and sent back to the client.

The name space served by DischargeHandler is as follows. All parameters can be provided either as URL attributes or form attributes. The result is always formatted as a JSON object.

On failure, all endpoints return an error described by the Error type.

POST /discharge

params:
	id: id of macaroon to discharge
	location: location of original macaroon (optional (?))
	?? flow=redirect|newwindow
result on success (http.StatusOK):
	{
		Macaroon *macaroon.Macaroon
	}

POST /create

params:
	condition: caveat condition to discharge
	rootkey: root key of discharge caveat
result:
	{
		CaveatID: string
	}

GET /publickey

result:
	public key of service
	expiry time of key

func CheckRequest ¶

func CheckRequest(svc *bakery.Service, req *http.Request, assert map[string]string, checker checkers.Checker) (map[string]string, error)

CheckRequest checks that the given http request contains at least one valid macaroon minted by the given service, using checker to check any first party caveats. It returns an error with a *bakery.VerificationError cause if the macaroon verification failed.

The assert map holds any required attributes of "declared" attributes, overriding any inferences made from the macaroons themselves. It has a similar effect to adding a checkers.DeclaredCaveat for each key and value, but the error message will be more useful.

It adds all the standard caveat checkers to the given checker.

It returns any attributes declared in the successfully validated request.

func Checkers ¶

func Checkers(req *http.Request) checkers.Checker

Checkers implements the standard HTTP-request checkers. It does not include the "declared" checker, as that must be added for each individual set of macaroons that are checked.

func DischargeAll ¶

func DischargeAll(m *macaroon.Macaroon, client *http.Client, visitWebPage func(url *url.URL) error) (macaroon.Slice, error)

DischargeAll attempts to acquire discharge macaroons for all the third party caveats in m, and returns a slice containing all of them bound to m.

If the discharge fails because a third party refuses to discharge a caveat, the returned error will have a cause of type *DischargeError. If the discharge fails because visitWebPage returns an error, the returned error will have a cause of *InteractionError.

The returned macaroon slice will not be stored in the client cookie jar (see SetCookie if you need to do that).

func Do ¶

func Do(client *http.Client, req *http.Request, visitWebPage func(url *url.URL) error) (*http.Response, error)

Do makes an http request to the given client. If the request fails with a discharge-required error, any required discharge macaroons will be acquired, and the request will be repeated with those attached.

If the required discharges were refused by a third party, an error with a *DischargeError cause will be returned.

Note that because the request may be retried, no body may be provided in the http request (otherwise the contents will be lost when retrying). For requests with a body (for example PUT or POST methods), use DoWithBody instead.

If the client.Jar field is non-nil, the macaroons will be stored there and made available to subsequent requests.

If interaction is required by the user, the visitWebPage function is called with a URL to be opened in a web browser. If visitWebPage returns an error, an error with a *InteractionError cause will be returned. See OpenWebBrowser for a possible implementation of visitWebPage.

func DoWithBody ¶

func DoWithBody(client *http.Client, req *http.Request, getBody BodyGetter, visitWebPage func(url *url.URL) error) (*http.Response, error)

DoWithBody is like Do except that the given getBody function is called to obtain the body for the HTTP request. Any returned body will be closed after each request is made.

func ErrorToResponse ¶

func ErrorToResponse(err error) (int, interface{})

ErrorToResponse returns the HTTP status and an error body to be marshaled as JSON for the given error. This allows a third party package to integrate bakery errors into their error responses when they encounter an error with a *bakery.Error cause.

func IsDischargeError ¶

func IsDischargeError(err error) bool

IsDischargeError reports whether err is a *DischargeError.

func IsInteractionError ¶

func IsInteractionError(err error) bool

IsInteractionError reports whether err is a *DischargeError.

func NewCookie ¶

func NewCookie(ms macaroon.Slice) (*http.Cookie, error)

NewCookie takes a slice of macaroons and returns them encoded as a cookie. The slice should contain a single primary macaroon in its first element, and any discharges after that.

func NewDischargeRequiredError ¶

func NewDischargeRequiredError(m *macaroon.Macaroon, path string, originalErr error) error

NewDischargeRequiredError returns an error of type *Error that reports the given original error and includes the given macaroon.

The returned macaroon will be declared as valid for the given URL path and may be relative. When the client stores the discharged macaroon as a cookie this will be the path associated with the cookie. See ErrorInfo.MacaroonPath for more information.

func NewHTTPClient ¶

func NewHTTPClient() *http.Client

NewHTTPClient returns an http.Client that ensures that headers are sent to the server even when the server redirects a GET request. The returned client also contains an empty in-memory cookie jar.

See https://github.com/golang/go/issues/4677

func OpenWebBrowser ¶

func OpenWebBrowser(url *url.URL) error

OpenWebBrowser opens a web browser at the given URL. If the OS is not recognised, the URL is just printed to standard output.

func PublicKeyForLocation ¶

func PublicKeyForLocation(client *http.Client, url string) (*bakery.PublicKey, error)

PublicKeyForLocation returns the public key from a macaroon discharge server running at the given location URL. Note that this is insecure if an http: URL scheme is used.

func RequestMacaroons ¶

func RequestMacaroons(req *http.Request) []macaroon.Slice

RequestMacaroons returns any collections of macaroons from the cookies found in the request. By convention, each slice will contain a primary macaroon followed by its discharges.

func SameClientIPAddrCaveat ¶

func SameClientIPAddrCaveat(req *http.Request) checkers.Caveat

SameClientIPAddrCaveat returns a caveat that will check that the remote IP address is the same as that in the given HTTP request.

func SetCookie ¶

func SetCookie(jar http.CookieJar, url *url.URL, ms macaroon.Slice) error

SetCookie sets a cookie for the given URL on the given cookie jar that will holds the given macaroon slice. The macaroon slice should contain a single primary macaroon in its first element, and any discharges after that.

func WriteDischargeRequiredError ¶

func WriteDischargeRequiredError(w http.ResponseWriter, m *macaroon.Macaroon, path string, originalErr error)

WriteDischargeRequiredError creates an error using NewDischargeRequiredError and writes it to the given response writer, indicating that the client should discharge the macaroon to allow the original request to be accepted.

Types ¶

type BodyGetter ¶

type BodyGetter func() (io.ReadCloser, error)

func SeekerBody ¶

func SeekerBody(r io.ReadSeeker) BodyGetter

SeekerBody returns a body getter function suitable for passing to DoWithBody that always returns the given reader, first seeking to its start.

type DischargeError ¶

type DischargeError struct {
	// Reason holds the underlying remote error that caused the
	// discharge to fail.
	Reason *Error
}

DischargeError represents the error when a third party discharge is refused by a server.

func (*DischargeError) Error ¶

func (e *DischargeError) Error() string

type Error ¶

type Error struct {
	Code    ErrorCode  `json:",omitempty"`
	Message string     `json:",omitempty"`
	Info    *ErrorInfo `json:",omitempty"`
}

Error holds the type of a response from an httpbakery HTTP request, marshaled as JSON.

func (*Error) Error ¶

func (e *Error) Error() string

func (*Error) ErrorCode ¶

func (e *Error) ErrorCode() ErrorCode

func (*Error) ErrorInfo ¶

func (e *Error) ErrorInfo() *ErrorInfo

ErrorInfo returns additional information about the error. TODO return interface{} here?

type ErrorCode ¶

type ErrorCode string

ErrorCode holds an error code that classifies an error returned from a bakery HTTP handler.

func (ErrorCode) Error ¶

func (e ErrorCode) Error() string

func (ErrorCode) ErrorCode ¶

func (e ErrorCode) ErrorCode() ErrorCode

type ErrorInfo ¶

type ErrorInfo struct {
	// Macaroon may hold a macaroon that, when
	// discharged, may allow access to a service.
	// This field is associated with the ErrDischargeRequired
	// error code.
	Macaroon *macaroon.Macaroon `json:",omitempty"`

	// MacaroonPath holds the URL path to be associated
	// with the macaroon. The macaroon is potentially
	// valid for all URLs under the given path.
	// If it is empty, the macaroon will be associated with
	// the original URL from which the error was returned.
	MacaroonPath string `json:",omitempty"`

	// VisitURL holds a URL that the client should visit
	// in a web browser to authenticate themselves.
	VisitURL string `json:",omitempty"`

	// WaitURL holds a URL that the client should visit
	// to acquire the discharge macaroon. A GET on
	// this URL will block until the client has authenticated,
	// and then it will return the discharge macaroon.
	WaitURL string `json:",omitempty"`
}

ErrorInfo holds additional information provided by an error.

type InteractionError ¶

type InteractionError struct {
	// Reason holds the actual error returned from visitWebPage.
	Reason error
}

InteractionError wraps an error returned by a call to visitWebPage.

func (*InteractionError) Error ¶

func (e *InteractionError) Error() string

type WaitResponse ¶

type WaitResponse struct {
	Macaroon *macaroon.Macaroon
}

WaitResponse holds the type that should be returned by an HTTP response made to a WaitURL (See the ErrorInfo type).

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL