Documentation ¶
Overview ¶
Flatten makes flat, one-dimensional maps from arbitrarily nested ones.
Map keys turn into compound names, like `a.b.1.c` (dotted style) or `a[b][1][c]` (Rails style). It takes input as either JSON strings or Go structures. It (only) knows how to traverse JSON types: maps, slices and scalars.
Or Go maps directly.
t := map[string]interface{}{ "a": "b", "c": map[string]interface{}{ "d": "e", "f": "g", }, "z": 1.4567, } flat, err := Flatten(nested, "", RailsStyle) // output: // map[string]interface{}{ // "a": "b", // "c[d]": "e", // "c[f]": "g", // "z": 1.4567, // }
Index ¶
- Constants
- Variables
- func AssertHmacToken(token *jwt.Token) error
- func AssertPublicKeyAndTokenCombination(publicKey interface{}, token *jwt.Token) error
- func ExtractToken(tss []TokenSource, r *http.Request) (string, error)
- func Flatten(nested map[string]interface{}, prefix string, style SeparatorStyle) (map[string]interface{}, error)
- func IsEcdsaPublicKey(key interface{}) bool
- func IsEcdsaToken(token *jwt.Token) bool
- func IsHmacToken(token *jwt.Token) bool
- func IsRsaPublicKey(key interface{}) bool
- func IsRsaToken(token *jwt.Token) bool
- func ParsePublicKey(pem []byte) (interface{}, error)
- func ReadPublicKeyFile(filepath string) (interface{}, error)
- func Setup(c *caddy.Controller) error
- func ValidateToken(uToken string, keyBackend KeyBackend) (*jwt.Token, error)
- type AccessRule
- type Auth
- type CookieTokenSource
- type EncryptionType
- type HeaderTokenSource
- type HmacKeyBackend
- type KeyBackend
- type LazyHmacKeyBackend
- type LazyPublicKeyBackend
- type NoopKeyBackend
- type PublicKeyBackend
- type QueryTokenSource
- type Rule
- type RuleType
- type SeparatorStyle
- type TokenSource
Constants ¶
const ENV_PUBLIC_KEY = "JWT_PUBLIC_KEY"
const ENV_SECRET = "JWT_SECRET"
Variables ¶
var ( // Default TokenSources to be applied in the given order if the // user did not explicitly configure them via the token_source option DefaultTokenSources = []TokenSource{ &HeaderTokenSource{ HeaderName: "Bearer", }, &CookieTokenSource{ CookieName: "jwt_token", }, &QueryTokenSource{ ParamName: "token", }, } )
var NotValidInputError = errors.New("Not a valid input: map or slice")
Nested input must be a map or slice
Functions ¶
func AssertHmacToken ¶
func AssertHmacToken(token *jwt.Token) error
func AssertPublicKeyAndTokenCombination ¶
func AssertPublicKeyAndTokenCombination(publicKey interface{}, token *jwt.Token) error
func ExtractToken ¶
func ExtractToken(tss []TokenSource, r *http.Request) (string, error)
ExtractToken will find a JWT token in the token sources specified. If tss is empty, the DefaultTokenSources are used.
func Flatten ¶
func Flatten(nested map[string]interface{}, prefix string, style SeparatorStyle) (map[string]interface{}, error)
Flatten generates a flat map from a nested one. The original may include values of type map, slice and scalar, but not struct. Keys in the flat map will be a compound of descending map keys and slice iterations. The presentation of keys is set by style. A prefix is joined to each key.
func IsEcdsaPublicKey ¶
func IsEcdsaPublicKey(key interface{}) bool
func IsEcdsaToken ¶
func IsEcdsaToken(token *jwt.Token) bool
func IsHmacToken ¶
func IsHmacToken(token *jwt.Token) bool
func IsRsaPublicKey ¶
func IsRsaPublicKey(key interface{}) bool
func IsRsaToken ¶
func IsRsaToken(token *jwt.Token) bool
func ParsePublicKey ¶
func ReadPublicKeyFile ¶
func Setup ¶
func Setup(c *caddy.Controller) error
Setup is called by Caddy to parse the config block
func ValidateToken ¶
func ValidateToken(uToken string, keyBackend KeyBackend) (*jwt.Token, error)
ValidateToken will return a parsed token if it passes validation, or an error if any part of the token fails validation. Possible errors include malformed tokens, unknown/unspecified signing algorithms, missing secret key, tokens that are not valid yet (i.e., 'nbf' field), tokens that are expired, and tokens that fail signature verification (forged)
Types ¶
type AccessRule ¶
AccessRule represents a single ALLOW/DENY rule based on the value of a claim in a validated token
type Auth ¶
type Auth struct { Rules []Rule Next httpserver.Handler Realm string }
Auth represents configuration information for the middleware
type CookieTokenSource ¶
type CookieTokenSource struct {
CookieName string
}
Extracts a token from a cookie named `CookieName`.
func (*CookieTokenSource) ExtractToken ¶
func (cts *CookieTokenSource) ExtractToken(r *http.Request) string
type EncryptionType ¶
type EncryptionType int
EncryptionType specifies the valid configuration for a path
const ( // HS family of algorithms HMAC EncryptionType = iota + 1 // RS and ES families of algorithms PKI )
type HeaderTokenSource ¶
type HeaderTokenSource struct {
HeaderName string
}
Extracts a token from the Authorization header in the form `Bearer <JWT Token>`
func (*HeaderTokenSource) ExtractToken ¶
func (hts *HeaderTokenSource) ExtractToken(r *http.Request) string
type HmacKeyBackend ¶
type HmacKeyBackend struct {
// contains filtered or unexported fields
}
HmacKeyBacked is an HMAC-SHA key provider
func (*HmacKeyBackend) ProvideKey ¶
func (instance *HmacKeyBackend) ProvideKey(token *jwt.Token) (interface{}, error)
ProvideKey will assert that the token signing algorithm and the configured key match
type KeyBackend ¶
type KeyBackend interface {
ProvideKey(token *jwt.Token) (interface{}, error)
}
KeyBackend provides a generic interface for providing key material for HS, RS, and ES algorithms
func NewDefaultKeyBackends ¶
func NewDefaultKeyBackends() ([]KeyBackend, error)
NewDefaultKeyBackends will read from the environment and return key backends based on values from environment variables JWT_SECRET or JWT_PUBLIC_KEY. An error is returned if the keys are not able to be parsed or if an inconsistent configuration is found.
type LazyHmacKeyBackend ¶
type LazyHmacKeyBackend struct {
// contains filtered or unexported fields
}
LazyHmacKeyBackend contains state to manage lazy key loading for HS family algorithms
func NewLazyHmacKeyBackend ¶
func NewLazyHmacKeyBackend(value string) (*LazyHmacKeyBackend, error)
NewLazyHmacKeyBackend creates a new LazyHmacKeyBackend
func (*LazyHmacKeyBackend) ProvideKey ¶
func (instance *LazyHmacKeyBackend) ProvideKey(token *jwt.Token) (interface{}, error)
ProvideKey will lazily load a secret key in a file, using a cached value if the key material has not changed. An error is returned if the token does not match the expected signing algorithm.
type LazyPublicKeyBackend ¶
type LazyPublicKeyBackend struct {
// contains filtered or unexported fields
}
LazyPublicKeyBackend contains state to manage lazy key loading for RS and ES family algorithms
func NewLazyPublicKeyFileBackend ¶
func NewLazyPublicKeyFileBackend(value string) (*LazyPublicKeyBackend, error)
NewLazyPublicKeyFileBackend returns a new LazyPublicKeyBackend
func (*LazyPublicKeyBackend) ProvideKey ¶
func (instance *LazyPublicKeyBackend) ProvideKey(token *jwt.Token) (interface{}, error)
ProvideKey will lazily load a secret key in a file, using a cached value if the key material has not changed. An error is returned if the token does not match the expected signing algorithm.
type NoopKeyBackend ¶
type NoopKeyBackend struct{}
NoopKeyBackend always returns an error when no key signing method is specified
func (*NoopKeyBackend) ProvideKey ¶
func (instance *NoopKeyBackend) ProvideKey(token *jwt.Token) (interface{}, error)
ProvideKey always returns an error when no key signing method is specified
type PublicKeyBackend ¶
type PublicKeyBackend struct {
// contains filtered or unexported fields
}
PublicKeyBackend is an RSA or ECDSA key provider
func (*PublicKeyBackend) ProvideKey ¶
func (instance *PublicKeyBackend) ProvideKey(token *jwt.Token) (interface{}, error)
ProvideKey will asssert that the token signing algorithm and the configured key match
type QueryTokenSource ¶
type QueryTokenSource struct {
ParamName string
}
Extracts a token from a URL query parameter of the form https://example.com?ParamName=<JWT token>
func (*QueryTokenSource) ExtractToken ¶
func (qts *QueryTokenSource) ExtractToken(r *http.Request) string
type Rule ¶
type Rule struct { Path string ExceptedPaths []string AccessRules []AccessRule Redirect string AllowRoot bool KeyBackends []KeyBackend Passthrough bool StripHeader bool TokenSources []TokenSource }
Rule represents the configuration for a site
type SeparatorStyle ¶
type SeparatorStyle int
The presentation style of keys.
const ( // Separate nested key components with dots, e.g. "a.b.1.c.d" DotStyle SeparatorStyle // Separate ala Rails, e.g. "a[b][c][1][d]" RailsStyle )