auth

package
v0.0.0-...-addf352 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 14, 2025 License: CC0-1.0 Imports: 25 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	SSAS = "ssas"
)

Variables

View Source 
var (
	TokenContextKey    = &contextKey{"token"}
	AuthDataContextKey = &contextKey{"ad"}
)

Functions

func CheckBlacklist 

func CheckBlacklist(next http.Handler) http.Handler

CheckBlacklist checks the auth data is associated with a blacklisted entity

func GetAuthToken 

func GetAuthToken(w http.ResponseWriter, r *http.Request)

func GetProviderName 

func GetProviderName() string

func NewAuthRouter 

func NewAuthRouter(middlewares ...func(http.Handler) http.Handler) http.Handler

func ParseToken 

func ParseToken(next http.Handler) http.Handler

ParseToken puts the decoded token and AuthData value into the request context. Decoded values come from tokens verified by our provider as correct and unexpired. Tokens may be presented in requests to unauthenticated endpoints (mostly swagger?). We still want to extract the token data for logging purposes, even when we don't use it for authorization. Authorization for protected endpoints occurs in RequireTokenAuth(). Only auth code should look at the token claims; API code should rely on the values in AuthData. We use AuthData to insulate API code from the differences among Provider tokens.

func RequireTokenAuth 

func RequireTokenAuth(next http.Handler) http.Handler

Verify that a token was verified and stored in the request context. This depends on ParseToken being called beforehand in the routing middleware.

func RequireTokenJobMatch 

func RequireTokenJobMatch(next http.Handler) http.Handler

func SetMockProvider 

func SetMockProvider(t *testing.T, other *MockProvider)

SetMockProvider sets the current provider to the one that's supplied in this function. It leverages the Cleanup() func to ensure the original provider is restored at the end of the test.

func Welcome 

func Welcome(w http.ResponseWriter, r *http.Request)

swagger:route GET /auth/welcome auth welcome

Test authentication

If a valid token is presented, show a welcome message.

Produces: - application/json

Schemes: http, https

Security: 

bearer_token:

Responses: 

200: welcome
401: invalidCredentials

Types

type AuthData 

type AuthData struct {
	ACOID       string
	TokenID     string
	ClientID    string
	SystemID    string
	CMSID       string
	Blacklisted bool
}

func AuthorizeAccess 

func AuthorizeAccess(tokenString string) (*jwt.Token, AuthData, error)

AuthorizeAccess asserts that a base64 encoded token string is valid for accessing the BCDA API.

type CommonClaims 

type CommonClaims struct {
	ClientID string   `json:"cid,omitempty"`
	SystemID string   `json:"sys,omitempty"`
	Data     string   `json:"dat,omitempty"`
	Scopes   []string `json:"scp,omitempty"`
	ACOID    string   `json:"aco,omitempty"`
	UUID     string   `json:"id,omitempty"`
	jwt.StandardClaims
}

type Credentials 

type Credentials struct {
	ClientID     string    `json:"client_id"`
	ClientSecret string    `json:"client_secret"`
	ClientName   string    `json:"client_name"`
	SystemID     string    `json:"system_id"`
	Token        string    `json:"token"`
	ExpiresAt    time.Time `json:"expires_at"`
}

type MockProvider 

type MockProvider struct {
	mock.Mock
}

MockProvider is an autogenerated mock type for the Provider type

func NewMockProvider 

func NewMockProvider(t mockConstructorTestingTNewMockProvider) *MockProvider

NewMockProvider creates a new instance of MockProvider. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations.

func (*MockProvider) GetVersion 

func (_m *MockProvider) GetVersion() (string, error)

GetVersion provides a mock function with given fields:

func (*MockProvider) MakeAccessToken 

func (_m *MockProvider) MakeAccessToken(credentials Credentials, r *http.Request) (string, error)

MakeAccessToken provides a mock function with given fields: credentials

func (*MockProvider) RegisterSystem 

func (_m *MockProvider) RegisterSystem(localID string, publicKey string, groupID string, ips ...string) (Credentials, error)

RegisterSystem provides a mock function with given fields: localID, publicKey, groupID, ips

func (*MockProvider) ResetSecret 

func (_m *MockProvider) ResetSecret(clientID string) (Credentials, error)

ResetSecret provides a mock function with given fields: clientID

func (*MockProvider) RevokeAccessToken 

func (_m *MockProvider) RevokeAccessToken(tokenString string) error

RevokeAccessToken provides a mock function with given fields: tokenString

func (*MockProvider) RevokeSystemCredentials 

func (_m *MockProvider) RevokeSystemCredentials(clientID string) error

RevokeSystemCredentials provides a mock function with given fields: clientID

func (*MockProvider) VerifyToken 

func (_m *MockProvider) VerifyToken(tokenString string) (*jwt.Token, error)

VerifyToken provides a mock function with given fields: tokenString

type Provider 

type Provider interface {
	// RegisterSystem adds a software client for the ACO identified by localID.
	RegisterSystem(localID, publicKey, groupID string, ips ...string) (Credentials, error)

	// ResetSecret new or replace existing Credentials for the given clientID
	ResetSecret(clientID string) (Credentials, error)

	// RevokeSystemCredentials any existing Credentials for the given clientID
	RevokeSystemCredentials(clientID string) error

	// MakeAccessToken mints an access token for the given credentials
	MakeAccessToken(credentials Credentials, r *http.Request) (string, error)

	// RevokeAccessToken a specific access token identified in a base64 encoded token string
	RevokeAccessToken(tokenString string) error

	// VerifyToken decodes a base64 encoded token string into a structured token
	VerifyToken(tokenString string) (*jwt.Token, error)

	// GetVersion gets the version of the provider
	GetVersion() (string, error)
	// contains filtered or unexported methods
}

Provider defines operations performed through an authentication provider.

func GetProvider 

func GetProvider() Provider

type SSASPlugin 

type SSASPlugin struct {
	// contains filtered or unexported fields
}

SSASPlugin is an implementation of Provider that uses the SSAS API.

func (SSASPlugin) GetVersion 

func (s SSASPlugin) GetVersion() (string, error)

GetVersion gets the version of the SSAS client

func (SSASPlugin) MakeAccessToken 

func (s SSASPlugin) MakeAccessToken(credentials Credentials, r *http.Request) (string, error)

MakeAccessToken mints an access token for the given credentials.

func (SSASPlugin) RegisterSystem 

func (s SSASPlugin) RegisterSystem(localID, publicKey, groupID string, ips ...string) (Credentials, error)

RegisterSystemWithIPs adds a software client for the ACO identified by localID.

func (SSASPlugin) ResetSecret 

func (s SSASPlugin) ResetSecret(clientID string) (Credentials, error)

ResetSecret creates new or replaces existing credentials for the given ssasID.

func (SSASPlugin) RevokeAccessToken 

func (s SSASPlugin) RevokeAccessToken(tokenString string) error

RevokeAccessToken revokes a specific access token identified in a base64-encoded token string.

func (SSASPlugin) RevokeSystemCredentials 

func (s SSASPlugin) RevokeSystemCredentials(ssasID string) error

RevokeSystemCredentials revokes any existing credentials for the given clientID.

func (SSASPlugin) VerifyToken 

func (sSASPlugin SSASPlugin) VerifyToken(tokenString string) (*jwt.Token, error)

VerifyToken decodes a base64-encoded token string into a structured token, verifies token with SSAS and calls check for token expiration.

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.