Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func GetAuthorizedPrincipal ¶
GetAuthorizedPrincipal returns the user principal object from the request context and casts it correctly. Will return error if there is no principal or if the principal is of the incorrect type.
Note that use of this function implies that AuthenticationMiddleware is used somewhere in the stack before the handler calling this function is dispatched.
func RequireAdminPrivileges ¶
func RequireAdminPrivileges(next echo.HandlerFunc) echo.HandlerFunc
Types ¶
type AuthenticationMiddleware ¶
type AuthenticationMiddleware struct { Store models.UserStore JWTManager *auth.JWTManager GitHub *github.GitHubAuthenticator CookieDuration time.Duration }
func (*AuthenticationMiddleware) HandleCompleteLogin ¶
func (m *AuthenticationMiddleware) HandleCompleteLogin(c echo.Context) error
HandleCompleteLogin handles the Oauth 2 code flow. It receives the auth code and uses that to retrieve the auth token. This sets the user's auth cookie to a authenticated JWT.
This is redirected-to by the Oauth authorization server and should never be hit directly by a user or script.
func (*AuthenticationMiddleware) Middleware ¶
func (m *AuthenticationMiddleware) Middleware(next echo.HandlerFunc) echo.HandlerFunc
Middleware does user authentication based on either an X-API-Key header, Authorization header, or GitHub cookie depending on how the request is phrased.
If the request has either an X-API-Key or an Authorization Bearer header then that must pass validation with the downstream validation logic. Failures through this path are hard failures and the only way to re-try them is to authenticate with a new token. The underlying assumption is that only programmatic access goes through this path so redirecting to interactive authentication is pointless.
In the absence of those headers it's assumed that the user is interactive and their auth cookie will be read and validated (by the exact same logic that an API key is validated, they're the same format) but the failure case here will redirect the user to GitHub for interactive auth.
X-API-Key should be considered deprecated and the Authorization header with a type of Bearer should be used instead. This is more in-line with Oauth 2 style authentication. However, for now this middleware continues to support X-API-Key for to not break legacy API clients.
func (*AuthenticationMiddleware) RegisterUrls ¶
func (m *AuthenticationMiddleware) RegisterUrls(e glecho.URLRouter)
RegisterUrls registers the URLs required by this middleware and handler with an echo instance.
This is here instead of in the web main because these paths are encoded in the configuration for the GitHub application so changing them requires addition changes to that configuration.