Documentation
¶
Index ¶
- Variables
- func AddTokenToContext(c *gin.Context, cookieToken string)
- func AssertSameOrigin(c *gin.Context) error
- func Authenticate() gin.HandlerFunc
- func Authorize() gin.HandlerFunc
- func CSRF() gin.HandlerFunc
- func CompareCSRFTokens(requestToken, cookieToken string) error
- func ExemptFromAuth(c *gin.Context) bool
- func GetCSRFCookieToken(c *gin.Context) (string, error)
- func GetCSRFRequestToken(c *gin.Context) string
- func GetUser(c *gin.Context) (user *pgmodels.User, err error)
- func GetUserFromAPIHeaders(c *gin.Context) (user *pgmodels.User, err error)
- func GetUserFromSession(c *gin.Context) (user *pgmodels.User, err error)
- func IsAPIRequest(c *gin.Context) bool
- func IsAPIRoute(c *gin.Context) bool
- func IsCSRFSafeMethod(method string) bool
- func LoadCookie(c *gin.Context, name string) error
- func LoadCookies(c *gin.Context) error
- func SetDefaultHeaders(c *gin.Context)
- func XorStrings(input, key string) string
- type AuthMetadata
- type ResourceAuthorization
Constants ¶
This section is empty.
Variables ¶
var AuthMap = map[string]AuthMetadata{}/* 113 elements not displayed */
AuthMap maps HTTP handler names to the permissions required to access that handler. We want to be explicit about permissions because explicitness is much easier to debug than assumptions and magic methods.
When permissions are explicitly defined, we can check them in middleware instead of polluting request handler code with lots of security logic. We know that middleware always runs and cannot be accidentally omitted by the developer.
We also have a failsafe built in to our Authorize middleware that raises an error if permissions are not checked and explicitly granted. If we forget to map a controller action to permission metadata below, requests that hit an unguarded route will return an internal server error.
Functions ¶
func AddTokenToContext ¶
AddTokenToContext adds an xor'ed version of the CSRF token to the context, so we can pass it into forms. This is to thwart BREACH attacks.
func AssertSameOrigin ¶
func Authenticate ¶
func Authenticate() gin.HandlerFunc
Authenticate ensures the current user is logged in for all requests other than those going to "/" or static resources.
func Authorize ¶
func Authorize() gin.HandlerFunc
Authorize ensures that a user is authorized to commit a specific action on a specific resource. This function uses a ResourceAuthorization struct to figure out what's being requested, what action the user wants to take on the resource, and whether the user has sufficient permissions.
With the exception of the login page and static resources such as images, scripts, and stylesheets, all endpoints require an authorization check. Failure to perform the check is itself an error.
func CSRF ¶
func CSRF() gin.HandlerFunc
func CompareCSRFTokens ¶
func ExemptFromAuth ¶
func GetCSRFCookieToken ¶
GetCSRFCookieToken returns the csrf token set in the cookie.
func GetCSRFRequestToken ¶
GetCSRFRequestToken returns the token set in the request form or header.
func GetUserFromAPIHeaders ¶
GetUserFromAPIHeaders returns the current user based on the API auth headers.
func GetUserFromSession ¶
GetUserFromSession returns the User for the current session.
func IsAPIRequest ¶
func IsAPIRoute ¶
IsAPIRoute returns true if the requested route matches one of our API prefixes. This uses c.Request.URL.Path because c.FullPath() can return an empty string if the path does not match any known routes.
func IsCSRFSafeMethod ¶
func LoadCookie ¶
LoadCookie loads a cookie's value into the request context.
func LoadCookies ¶
LoadCookies loads the user's flash and preference cookes into the request context.
func SetDefaultHeaders ¶
SetDefaultHeaders sets headers that we want to include with every response. Note that it's OK for client to cache and store static resources such as images, scripts and stylesheets. Those are public resources containing no sensitive info. All other resources must use no-cache/no-store.
func XorStrings ¶
XorStrings scrambles the CSRF token that appears in the header and in forms on each request. This is for BREACH attack prevention.
Types ¶
type AuthMetadata ¶
type AuthMetadata struct {
// ResourceType is the type of resource the user is requesting.
// E.g. "IntellectualObject", "GenericFile", etc.
ResourceType string
// Permission is the name of the permission required to access
// the requested resources. E.g. "PremisEventCreate".
Permission constants.Permission
// PageTitle is the title of the page. This goes into the
// HTML title element. This is a late addition to address
// accessibility issues in the web UI.
PageTitle string
}
AuthMetadata contains information about what type of resource is being requested, and what action the user wants to take on that resource.
type ResourceAuthorization ¶
type ResourceAuthorization struct {
Handler string
ResourceID int64
ResourceIdentifier string
ResourceInstID int64
ResourceType string
PageTitle string
Permission constants.Permission
Checked bool
Approved bool
Error error
// contains filtered or unexported fields
}
ResourceAuthorization contains information about the current request handler, the resource and action being requested, and whether the current user is authorized to do what they're trying to do.
func AuthorizeResource ¶
func AuthorizeResource(c *gin.Context) *ResourceAuthorization
AuthorizeResource returns a ResourceAuthorization struct describing what is being authorized and whether the current user is allowed to do what they're trying to do.
func (*ResourceAuthorization) CurrentUser ¶
func (r *ResourceAuthorization) CurrentUser() *pgmodels.User
func (*ResourceAuthorization) GetError ¶
func (r *ResourceAuthorization) GetError() string
GetError returns an error message with detailed information. This is primarily for logging.
func (*ResourceAuthorization) GetNotAuthorizedMessage ¶
func (r *ResourceAuthorization) GetNotAuthorizedMessage() string
GetNotAuthorizedMessage returns a message describing what was not authorized, and for whom.
func (*ResourceAuthorization) NonAdminIsRequestingAdminAPI ¶
func (r *ResourceAuthorization) NonAdminIsRequestingAdminAPI() bool
NonAdminIsRequestingAdminAPI returns true if a non-admin user is requesting a resource from the admin API. Although the admin and member APIs share some common handlers, we want to force members to access features through member-api endpoints.
This test is a shortcut that allows us to skip more complicated checks.
func (*ResourceAuthorization) String ¶
func (r *ResourceAuthorization) String() string
String returns this object in string format, suitable for debugging.
Source Files