auth

package
v0.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Mar 2, 2024 License: GPL-3.0 Imports: 17 Imported by: 0

Documentation

Index

Constants

View Source
const (
	OAuthCookieName   = "oauth-state"
	SessionCookieName = "auth-session"
)
View Source
const HeaderAPIAccessToken = "X-Tavern-Access-Token"

HeaderAPIAccessToken is the name of the header clients should set to authenticate with personal access tokens.

View Source
const ParamTokenRedirPort = "redir_port"

ParamNameAuthRedirPort is the name of the query parameter PAT requests must set to indicate which local port the client should be redirected to.

View Source
const ParamTokenRedirToken = "access_token"

ParamTokenRedirToken is the name of the query parameter CLI OAuth http servers should parse to receive the Tavern API personal access token.

Variables

View Source
var (
	ErrOAuthNoStatePresented          = fmt.Errorf("no OAuth state presented")
	ErrOAuthNoCookieFound             = fmt.Errorf("no OAuth cookie found")
	ErrOAuthInvalidCookie             = fmt.Errorf("invalid OAuth cookie provided")
	ErrOAuthInvalidState              = fmt.Errorf("presented OAuth state is invalid")
	ErrOAuthExchangeFailed            = fmt.Errorf("failed to exchange authorization code for an access token from identity provider")
	ErrOAuthFailedToObtainProfileInfo = fmt.Errorf("failed to obtain profile information from identity provider")
	ErrOAuthFailedToParseProfileInfo  = fmt.Errorf("failed to parse profile information returned by identity provider")
	ErrOAuthInvalidProfileInfo        = fmt.Errorf("failed to parse profile information returned by identity provider")
	ErrOAuthFailedUserLookup          = fmt.Errorf("failed to lookup user account")
)
View Source
var (
	// ErrPermissionDenied indicates the identity did not have sufficient permissions to perform an action.
	ErrPermissionDenied = fmt.Errorf("permission denied")
)

Functions

func ContextFromAccessToken added in v0.0.6

func ContextFromAccessToken(ctx context.Context, graph *ent.Client, token string) (context.Context, error)

ContextFromAccessToken returns a copy of parent context with a user Identity associated with it (if it exists).

func ContextFromSessionToken

func ContextFromSessionToken(ctx context.Context, graph *ent.Client, token string) (context.Context, error)

ContextFromSessionToken returns a copy of parent context with a user Identity associated with it (if it exists).

func IsActivatedContext

func IsActivatedContext(ctx context.Context) bool

IsActivatedContext returns true if the context is associated with an activated identity, false otherwise.

func IsAdminContext

func IsAdminContext(ctx context.Context) bool

IsAdminContext returns true if the context is associated with an admin identity, false otherwise.

func IsAuthenticatedContext

func IsAuthenticatedContext(ctx context.Context) bool

IsAuthenticatedContext returns true if the context is associated with an authenticated identity, false otherwise.

func NewOAuthAuthorizationHandler

func NewOAuthAuthorizationHandler(cfg oauth2.Config, pubKey ed25519.PublicKey, graph *ent.Client, profileURL string) http.Handler

NewOAuthAuthorizationHandler returns an http endpoint that validates the request was redirected from the identity provider after a consent flow and initializes a user session

func NewOAuthLoginHandler

func NewOAuthLoginHandler(cfg oauth2.Config, privKey ed25519.PrivateKey) http.Handler

NewOAuthLoginHandler returns an http endpoint that redirects the user to the configured OAuth consent flow It will set a JWT in a cookie that will later be used to verify the OAuth state

func NewTokenRedirectHandler added in v0.0.6

func NewTokenRedirectHandler() http.HandlerFunc

NewTokenRedirectHandler returns a new http endpoint that redirects the requestor to http://127.0.0.1 at the port specified in the query parameters. This method requires an authenticated session, and will set the user's personal access token in the redirected URL query parameters intended for use by CLI applications authenticating to Tavern.

func UserFromContext

func UserFromContext(ctx context.Context) *ent.User

UserFromContext returns the user identity associated with the provided context, or nil if no user identity or a different identity type is associated.

Types

type Identity

type Identity interface {
	// String representation of the identity, used for logging
	String() string

	// IsAuthenticated should only return true if the identity has been authenticated.
	IsAuthenticated() bool

	// IsActivated should only return true if the identity is allowed to make sensitive API requests.
	IsActivated() bool

	// IsAdmin should only return true if the identity represents an administrator.
	IsAdmin() bool
}

An Identity making a request.

func IdentityFromContext

func IdentityFromContext(ctx context.Context) Identity

IdentityFromContext returns the identity associated with the provided context, or nil if no identity is associated.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL