security

package

v0.0.0-...-d841f61 Latest Latest Go to latest Published: Jun 11, 2021 License: AGPL-3.0 Imports: 9 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

git.canopsis.net/canopsis/go-engines

Documentation ¶

Overview ¶

security contains implementation of authentication and authorization methods.

Index ¶

Constants
type CasConfig
type Config
- func LoadConfig(configDir string) (*Config, error)
type ConfigProvider
type Enforcer
- func NewEnforcer(configDir string, client mongo.DbClient) (Enforcer, error)
type HttpProvider
type LdapConfig
type Provider
type Source
type User
type UserProvider

Constants ¶

View Source

const (
	// QueryParamApiKey is the user api key for auth.
	QueryParamApiKey = "authkey"
	// HeaderApiKey is the user api key for auth.
	HeaderApiKey = "x-canopsis-authkey"
	// QueryParamCasTicket is CAS ticket for auth.
	QueryParamCasTicket = "ticket"
	// QueryParamCasService is CAS service for auth.
	QueryParamCasService = "service"
	// SessionKey is the session name in cookies.
	SessionKey = "session-id"
)

View Source

const AuthMethodApiKey = "apikey"

View Source

const AuthMethodBasic = "basic"

View Source

const AuthMethodCas = "cas"

View Source

const AuthMethodLdap = "ldap"

View Source

const AuthMethodSaml = "saml"

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type CasConfig ¶

type CasConfig struct {
	LoginUrl    string `bson:"login_url"`
	ValidateUrl string `bson:"validate_url"`
	DefaultRole string `bson:"default_role"`
}

type Config ¶

type Config struct {
	Security struct {
		AuthProviders []string `yaml:"auth_providers"`
		Saml          struct {
			X509Cert                string            `yaml:"x509_cert"`
			X509Key                 string            `yaml:"x509_key"`
			IdpMetadataUrl          string            `yaml:"idp_metadata_url"`
			IdpMetadataXml          string            `yaml:"idp_metadata_xml"`
			IdpAttributesMap        map[string]string `yaml:"idp_attributes_map"`
			CanopsisSamlUrl         string            `yaml:"canopsis_saml_url"`
			DefaultRole             string            `yaml:"default_role"`
			InsecureSkipVerify      bool              `yaml:"skip_verify"`
			CanopsisSSOBinding      string            `yaml:"canopsis_sso_binding"`
			CanopsisACSBinding      string            `yaml:"canopsis_acs_binding"`
			SignAuthRequest         bool              `yaml:"sign_auth_request"`
			NameIdFormat            string            `yaml:"name_id_format"`
			SkipSignatureValidation bool              `yaml:"skip_signature_validation"`
			ACSIndex                *int              `yaml:"acs_index"`
			AutoUserRegistration    bool              `yaml:"auto_user_registration"`
		} `yaml:"saml"`
	} `yaml:"security"`
	Session struct {
		StatsFrame time.Duration `yaml:"stats_frame"`
	} `yaml:"session"`
}

Config providers which auth methods must be used.

func LoadConfig ¶

func LoadConfig(configDir string) (*Config, error)

LoadConfig creates Config by config file.

type ConfigProvider ¶

type ConfigProvider interface {
	LoadLdapConfig() (*LdapConfig, error)
	LoadCasConfig() (*CasConfig, error)
}

ConfigProvider provides config from storage.

type Enforcer ¶

type Enforcer interface {
	Enforce(rvals ...interface{}) (bool, error)
	StartAutoLoadPolicy(context.Context)
	LoadPolicy() error
	GetRolesForUser(name string, domain ...string) ([]string, error)
	GetPermissionsForUser(user string, domain ...string) [][]string
}

Enforcer is the API interface of casbin enforcer. Interface casbin.IEnforcer is not used because if cannot be mocked by mockgen.

func NewEnforcer ¶

func NewEnforcer(configDir string, client mongo.DbClient) (Enforcer, error)

NewEnforcer creates new synced enforcer with mongo adapter.

type HttpProvider ¶

type HttpProvider interface {
	Auth(*http.Request) (*User, error, bool)
}

HttpProvider interface is used to implement user authentication by credentials which are retrieved from http request.

type LdapConfig ¶

type LdapConfig struct {
	Url                string            `bson:"ldap_uri"`
	Host               string            `bson:"host"`
	Port               int64             `bson:"port"`
	AdminUsername      string            `bson:"admin_dn"`
	AdminPassword      string            `bson:"admin_passwd"`
	BaseDN             string            `bson:"user_dn"`
	Attributes         map[string]string `bson:"attrs"`
	UsernameAttr       string            `bson:"username_attr"`
	Filter             string            `bson:"ufilter"`
	DefaultRole        string            `bson:"default_role"`
	InsecureSkipVerify bool              `bson:"skip_verify"`
}

type Provider ¶

type Provider interface {
	Auth(username, password string) (*User, error)
}

Provider interface is used to implement user authentication by username and password.

type Source ¶

type Source string

const SourceCas Source = "cas"

const SourceLdap Source = "ldap"

const SourceSaml Source = "saml"

type User ¶

type User struct {
	ID             string
	Name           string
	Firstname      string
	Lastname       string
	Email          string
	HashedPassword string
	AuthApiKey     string
	Role           string
	Contact        struct {
		Name    string
		Address string
	}
	IsEnabled  bool
	ExternalID string
	Source     Source
}

User represents user model.

type UserProvider ¶

type UserProvider interface {
	// FindByUsername returns user with username or nil.
	FindByUsername(string) (*User, error)
	// FindByAuthApiKey returns user with api key or nil.
	FindByAuthApiKey(string) (*User, error)
	// FindByID returns user with ID or nil.
	FindByID(string) (*User, error)
	// FindByExternalSource returns user with ID from source or nil.
	FindByExternalSource(externalID string, source Source) (*User, error)
	// Save updates user or inserts user if not exist.
	Save(user *User) error
}

UserProvider is decorator for requests to user storage.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
configprovider
httpprovider httpprovider contains http authentication methods.	httpprovider contains http authentication methods.
model
mongoadapter mongoadapter contains casbin mongo adapter.	mongoadapter contains casbin mongo adapter.
password password contains password encoders.	password contains password encoders.
provider provider contains authentication methods.	provider contains authentication methods.
proxy
session Package session contains implementation of http session.	Package session contains implementation of http session.
mongostore mongostore contains gorilla session store.	mongostore contains gorilla session store.
stats stats contains implementation of http session statistics.	stats contains implementation of http session statistics.
userprovider userprovider contains user storages.	userprovider contains user storages.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL