Documentation ¶
Index ¶
- Constants
- func ContextMiddleware(tkReader *InternalTokenReader) fiber.Handler
- func EnsureAuthenticated(c *fiber.Ctx) error
- func EnsureGrantedPerm(c *fiber.Ctx, key string, val any) error
- func ReadJwt[T jwt.Claims](v *JwtReader, in string, out T) (T, error)
- func ValidatorMiddleware(c *fiber.Ctx) error
- func WriteJwt[T jwt.Claims](v *JwtWriter, in T) (string, error)
- type InternalTokenReader
- type InternalTokenWriter
- type JwtClaims
- type JwtReader
- type JwtWriter
- type UserInfo
Constants ¶
const ( CookieAccessToken = "nex_atk" CookieRefreshToken = "nex_rtk" )
const ( TokenTypeAccess = "access_token" RefreshTokenType = "refresh_token" IdTokenType = "id_token" )
Variables ¶
This section is empty.
Functions ¶
func ContextMiddleware ¶
func ContextMiddleware(tkReader *InternalTokenReader) fiber.Handler
ContextMiddleware provide a middleware to receive the userinfo from the nexus. It only works on the client-side of nexus. It will NOT validate the auth status if you need to validate the status of current authorization, refer to ValidatorMiddleware. To get the userinfo, call `c.Locals('nex_user').(sec.UserInfo)` Make sure you got the right public key, otherwise the auth will fail.
func EnsureAuthenticated ¶
func EnsureAuthenticated(c *fiber.Ctx) error
func EnsureGrantedPerm ¶
func ReadJwt ¶
ReadJwt is the helper method to help me validate and parse jwt. To use it, pass the initialized jwt reader which contains a public key. And pass the token string and a pointer struct (you must initialize it, which it cannot be nil) of your claims
func ValidatorMiddleware ¶
func ValidatorMiddleware(c *fiber.Ctx) error
ValidatorMiddleware will ensure the request is authenticated Make sure call this middleware after ContextMiddleware
Types ¶
type InternalTokenReader ¶
type InternalTokenReader struct {
// contains filtered or unexported fields
}
func NewInternalTokenReader ¶
func NewInternalTokenReader(fp string) (*InternalTokenReader, error)
func (*InternalTokenReader) ReadUserInfoJwt ¶
func (v *InternalTokenReader) ReadUserInfoJwt(in string) (*UserInfo, error)
type InternalTokenWriter ¶
type InternalTokenWriter struct {
// contains filtered or unexported fields
}
func NewInternalTokenWriter ¶
func NewInternalTokenWriter(fp string) (*InternalTokenWriter, error)
func (*InternalTokenWriter) WriteUserInfoJwt ¶
func (v *InternalTokenWriter) WriteUserInfoJwt(in UserInfo, audiences ...string) (string, error)
type JwtClaims ¶
type JwtClaims struct { jwt.RegisteredClaims // Nexus Standard Session string `json:"sed"` CacheTTL time.Duration `json:"ttl,omitempty"` // OIDC Standard Name string `json:"name,omitempty"` Nick string `json:"preferred_username,omitempty"` Email string `json:"email,omitempty"` // OAuth2 Standard AuthorizedParties string `json:"azp,omitempty"` Nonce string `json:"nonce,omitempty"` // The usage of this token // Can be access_token, refresh_token or id_token Type string `json:"typ"` }
type JwtReader ¶
type JwtReader struct {
// contains filtered or unexported fields
}
func NewJwtReader ¶
type JwtWriter ¶
type JwtWriter struct {
// contains filtered or unexported fields
}
func NewJwtWriter ¶
type UserInfo ¶
type UserInfo struct { ID uint `json:"id"` Name string `json:"name"` PermNodes datatypes.JSONMap `json:"perm_nodes" gorm:"-"` Metadata datatypes.JSONMap `json:"metadata"` }
UserInfo is the basic of userinfo, you can add anything above it. Full data from id service was stored in the metadata field.