sec

package
v0.0.0-...-4675b65 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Feb 4, 2025 License: AGPL-3.0 Imports: 18 Imported by: 5

Documentation

Index

Constants

View Source
const (
	CookieAccessToken  = "nex_atk"
	CookieRefreshToken = "nex_rtk"
)
View Source
const (
	TokenTypeAccess  = "access_token"
	RefreshTokenType = "refresh_token"
	IdTokenType      = "id_token"
)

Variables

This section is empty.

Functions

func ContextMiddleware

func ContextMiddleware(tkReader *InternalTokenReader) fiber.Handler

ContextMiddleware provide a middleware to receive the userinfo from the nexus. It only works on the client-side of nexus. It will NOT validate the auth status if you need to validate the status of current authorization, refer to ValidatorMiddleware. To get the userinfo, call `c.Locals('nex_user').(sec.UserInfo)` Make sure you got the right public key, otherwise the auth will fail.

func EnsureAuthenticated

func EnsureAuthenticated(c *fiber.Ctx) error

func EnsureGrantedPerm

func EnsureGrantedPerm(c *fiber.Ctx, key string, val any) error

func ReadJwt

func ReadJwt[T jwt.Claims](v *JwtReader, in string, out T) (T, error)

ReadJwt is the helper method to help me validate and parse jwt. To use it, pass the initialized jwt reader which contains a public key. And pass the token string and a pointer struct (you must initialize it, which it cannot be nil) of your claims

func ValidatorMiddleware

func ValidatorMiddleware(c *fiber.Ctx) error

ValidatorMiddleware will ensure the request is authenticated Make sure call this middleware after ContextMiddleware

func WriteJwt

func WriteJwt[T jwt.Claims](v *JwtWriter, in T) (string, error)

Types

type InternalTokenReader

type InternalTokenReader struct {
	// contains filtered or unexported fields
}

func NewInternalTokenReader

func NewInternalTokenReader(fp string) (*InternalTokenReader, error)

func (*InternalTokenReader) ReadUserInfoJwt

func (v *InternalTokenReader) ReadUserInfoJwt(in string) (*UserInfo, error)

type InternalTokenWriter

type InternalTokenWriter struct {
	// contains filtered or unexported fields
}

func NewInternalTokenWriter

func NewInternalTokenWriter(fp string) (*InternalTokenWriter, error)

func (*InternalTokenWriter) WriteUserInfoJwt

func (v *InternalTokenWriter) WriteUserInfoJwt(in UserInfo, audiences ...string) (string, error)

type JwtClaims

type JwtClaims struct {
	jwt.RegisteredClaims

	// Nexus Standard
	Session  string        `json:"sed"`
	CacheTTL time.Duration `json:"ttl,omitempty"`

	// OIDC Standard
	Name  string `json:"name,omitempty"`
	Nick  string `json:"preferred_username,omitempty"`
	Email string `json:"email,omitempty"`

	// OAuth2 Standard
	AuthorizedParties string `json:"azp,omitempty"`
	Nonce             string `json:"nonce,omitempty"`

	// The usage of this token
	// Can be access_token, refresh_token or id_token
	Type string `json:"typ"`
}

type JwtReader

type JwtReader struct {
	// contains filtered or unexported fields
}

func NewJwtReader

func NewJwtReader(fp string) (*JwtReader, error)

func (*JwtReader) BuildJwk

func (v *JwtReader) BuildJwk(kid string) map[string]any

type JwtWriter

type JwtWriter struct {
	// contains filtered or unexported fields
}

func NewJwtWriter

func NewJwtWriter(fp string) (*JwtWriter, error)

type UserInfo

type UserInfo struct {
	ID        uint              `json:"id"`
	Name      string            `json:"name"`
	PermNodes datatypes.JSONMap `json:"perm_nodes" gorm:"-"`
	Metadata  datatypes.JSONMap `json:"metadata"`
}

UserInfo is the basic of userinfo, you can add anything above it. Full data from id service was stored in the metadata field.

func NewUserInfoFromBytes

func NewUserInfoFromBytes(in []byte) (UserInfo, error)

func NewUserInfoFromProto

func NewUserInfoFromProto(in *proto.UserInfo) UserInfo

func (UserInfo) Encode

func (v UserInfo) Encode() []byte

func (UserInfo) HasPermNode

func (v UserInfo) HasPermNode(requiredKey string, requiredValue any) bool

func (UserInfo) HasPermNodeWithDefault

func (v UserInfo) HasPermNodeWithDefault(requiredKey string, requiredValue any, defaultValue any) bool

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL