auth

package
v0.13.16 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 5, 2024 License: AGPL-3.0 Imports: 15 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var ErrDeactivated = fmt.Errorf("deactivated")

ErrDeactivated indicates, that the user is deactivated.

View Source 
var ErrInvalidCredentials = fmt.Errorf("invalid credentials")

ErrInvalidCredentials is the error, that gets returned by the login method, when the provided credentials where invalid.

View Source 
var ErrRoleFromContext = fmt.Errorf("failed to retrieve authorization role from context")

ErrRoleFromContext is the error, that gets returned by RoleFromRequest, when the retrieval fails.

View Source 
var ErrUnauthorized = xerror.AuthError{Err: fmt.Errorf("unauthorized")}

ErrUnauthorized indicates an unauthorized action.

View Source 
var ErrUserIDFromContext = fmt.Errorf("failed to retrieve user id from context")

ErrUserIDFromContext is the error, that gets returned by UserIDFromRequest, when the retrieval fails.

Functions

func ContextWithID 

func ContextWithID(ctx context.Context, id string) context.Context

ContextWithID adds the given id to the context.

func ContextWithRole 

func ContextWithRole(ctx context.Context, role Role) context.Context

ContextWithRole adds the given role to the context.

func CreateAuthKeys 

func CreateAuthKeys() ([]byte, []byte, error)

CreateAuthKeys creates a PEM encoded private and public rsa key pair.

func Middleware 

func Middleware(service Service) func(next http.Handler) http.Handler

Middleware returns a new validating middleware. Calls MiddlewareWithOpts.

func MiddlewareWithOpts 

func MiddlewareWithOpts(service Service, opts MiddlewareOpts) func(next http.Handler) http.Handler

MiddlewareWithOpts returns a new middleware, that adds user information from the "Authorization" header to the request context. If opts.Validate is set to true, it validates the user authorization and aborts for invalid authorization headers.

func ParseAuthKeys 

func ParseAuthKeys(privateKey, publicKey []byte) (*rsa.PrivateKey, *rsa.PublicKey, error)

ParseAuthKeys parses a PEM encoded private and public rsa key pair.

func Router 

func Router(service Service) func(chi.Router)

Router returns a new auth router.

func UserIDFromContext 

func UserIDFromContext(ctx context.Context) (string, error)

UserIDFromContext retrieves the user id from the given context. Returns an error on failure.

Types

type Authenticator 

type Authenticator interface {
	// Validate takes an email and password and checks if they are valid.
	// If it is valid it returns a unique identifier corresponding to that
	// identifier.
	// It might return an error, when something unexpected happens during
	// validation.
	Validate(ctx context.Context, email, password string) (id string, err error)
}

Authenticator determines wether a set of credentials are valid.

type Authorizer 

type Authorizer interface {
	// Role returns the role for the given identifier.
	Role(ctx context.Context, id string) (role Role, err error)
}

Authorizer checks the authorization for a given identifier.

type Credentials 

type Credentials struct {

	// required:true
	Email string `json:"email"`

	// required:true
	Password string `json:"password"`
}

Credentials define the login credentials.

type LoginResponsePayload 

type LoginResponsePayload struct {
	Token string `json:"token"`
	ID    string `json:"id"`
	Role  Role   `json:"role"`
}

LoginResponsePayload describes the payload of a succesful login xhttp.

type MiddlewareOpts 

type MiddlewareOpts struct {
	Validate bool
}

MiddlewareOpts are options used by the authorization middleware.

type Role 

type Role string

Role defines an authorization role. 

const (
	RoleInternal  Role = "internal"
	RoleAdmin     Role = "admin"
	RoleModerator Role = "moderator"
	RoleNormal    Role = "normal"
)

Authorization roles.

func RoleFromContext 

func RoleFromContext(ctx context.Context) (Role, error)

RoleFromContext retrieves the authorization role from the given context. Returns an error on failure.

type Service 

type Service interface {
	// Login takes an email and a password. When valid returns a new JWT.
	Login(ctx context.Context, email, password string) (token string, err error)

	// Authenticate takes a JWT and checks wether it's valid.
	// If it is valid. It returns the stored id.
	Authenticate(token string) (id string, err error)

	// Authorize authorizes the given user identifier by returning its
	// authorization role.
	Authorize(ctx context.Context, id string) (role Role, err error)
}

Service defines an authentication service. -go:generate go run github.com/petergtz/pegomock/pegomock generate eintopf.info/service/auth Service --output=../../internal/mock/auth_service.go --package=mock --mock-name=AuthService

func NewService 

func NewService(authenticator Authenticator, authorizer Authorizer, privateKey, publicKey []byte, tz *time.Location) (Service, error)

NewService returns a new authentication service.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.