Documentation ¶
Overview ¶
Authenticators interface and implementations.
A goal of authenicator is to identify how to extract a user from the request and checks if it is possible to proceed next. As you see, we intentionally mix authentication and authorization here because everyone does it. And if we start to distringuish these 2 different concepts, people will immediately start to be confused.
So that's why a package name is auth. We do auth here.
Index ¶
Constants ¶
This section is empty.
Variables ¶
var ( // ErrFailedAuth is returned if authorization is failed. It means that // we were able to reach it but a core logic has failed. ErrFailedAuth = &errors.Error{ Message: "authorization failed", Code: "bad_auth", StatusCode: fasthttp.StatusProxyAuthRequired, } // ErrAuthRequired means that user gave no credentials. ErrAuthRequired = &errors.Error{ Message: "authentication is required", Code: "auth_required", StatusCode: fasthttp.StatusProxyAuthRequired, } )
Functions ¶
This section is empty.
Types ¶
type Interface ¶
type Interface interface { // Authenticate does auth based on given context. Authenticate(*fasthttp.RequestCtx) (string, error) }
Interface defines a set of methods which are mandatory for each authenicator to implement.
Authenticator goal is to take a 'raw' fasthttp's context and return a pair of username and error. If error is not nil, it means authentication has failed. If nil, then everything is fine and username value contains a name (or identifier of the user to use next).
All implementation SHOULD work with RequestCtx where normalization is disabled.
func NewBasicAuth ¶
NewBasicAuth returns an implementation of authenticator which does proxy authorization in a basic auth fashion. Please see RFC2617 for the reference:
https://tools.ietf.org/html/rfc2617#section-2
Parameter is a map of user to password. Key is the username, password is a password.
This authenticator is implemented to work with RequestCtx with no normalization.
func NewIPWhitelist ¶
NewIPWhitelist returns an implementation of authenicator which does auth based on a user IP address.
An input parameter is a map where key is the name of the user and values - an array of subnets which are associated with that user. So, if incoming request is established from that subnet, we associate it with a user.
This authenticator is implemented to work with RequestCtx with no normalization.
type NoopAuth ¶
type NoopAuth struct{}
NoopAuth is a dummy implementation which always welcomes everyone. A username is empty though.
func (NoopAuth) Authenticate ¶
func (n NoopAuth) Authenticate(_ *fasthttp.RequestCtx) (string, error)
Authenticate does auth based on given context.