Documentation
¶
Index ¶
- Constants
- Variables
- func ParticipantAuthorization(w http.ResponseWriter, r *http.Request, next http.HandlerFunc)
- func SuperAuthorization(w http.ResponseWriter, r *http.Request, next http.HandlerFunc)
- type AuthOperations
- func (op *AuthOperations) AuthenticateUser(next http.Handler) http.Handler
- func (op *AuthOperations) CheckAccountNameMiddleWare(next http.Handler) http.Handler
- func (op *AuthOperations) CheckPermissions(next http.Handler) http.Handler
- func (op *AuthOperations) CheckTOTPMiddleWareIBMIdUser(next http.Handler) http.Handler
- func (op *AuthOperations) CheckTOTPMiddleWarePortalUser(next http.Handler) http.Handler
- func (op *AuthOperations) ExtractJWTClaims(tokenStr string, r *http.Request) (jwt.IJWTTokenClaim, bool)
- func (op *AuthOperations) HandleGenerateIDToken(w http.ResponseWriter, r *http.Request)
- func (op *AuthOperations) HandleJWTApprove(w http.ResponseWriter, r *http.Request)
- func (op *AuthOperations) HandleJWTGenerate(w http.ResponseWriter, r *http.Request)
- func (op *AuthOperations) HandleJWTRefresh(w http.ResponseWriter, r *http.Request)
- func (op *AuthOperations) HandleJWTRequest(w http.ResponseWriter, r *http.Request)
- func (op *AuthOperations) HandleJWTRevoke(w http.ResponseWriter, r *http.Request)
- func (op *AuthOperations) HandleJWTVerify(w http.ResponseWriter, r *http.Request)
- func (op *AuthOperations) HandlePermissionParticipantUpdate(w http.ResponseWriter, r *http.Request)
- func (op *AuthOperations) HandlePermissionSuperUpdate(w http.ResponseWriter, r *http.Request)
- func (op *AuthOperations) HandlePortalLoginTOTP(w http.ResponseWriter, r *http.Request)
- func (op *AuthOperations) HandleSSOToken(w http.ResponseWriter, r *http.Request)
- func (op *AuthOperations) HandleTOTPConfirm(w http.ResponseWriter, r *http.Request)
- func (op *AuthOperations) HandleTOTPCreate(w http.ResponseWriter, r *http.Request)
- func (op *AuthOperations) MiddlewareCheck(w http.ResponseWriter, r *http.Request)
- func (op *AuthOperations) ServiceCheck(w http.ResponseWriter, r *http.Request)
- type IRoutePermissions
- type MakerRequestData
Constants ¶
const ( // Mongo database name AuthDBName = "auth" PortalDBName = "portal-db" // Mongo collection name UserCollection = "users" JWTInfoCollection = "jwt_info" JWTSecureCollection = "jwt_secure" InstitutionsCollection = "institutions" ParticipantPermissionsCollection = "participant_permissions" ParticipantApprovalsCollection = "participant_approvals" SuperApprovalsCollection = "super_approvals" IDTokenSecureCollection = "id_token_secure" TOTPCollection = "totp" )
Variables ¶
var LOGGER = logging.MustGetLogger("auth-handlers")
Functions ¶
func ParticipantAuthorization ¶
func ParticipantAuthorization(w http.ResponseWriter, r *http.Request, next http.HandlerFunc)
* ParticipantAuthorization : Authorization for client portal * If JWT is not enabled, the next handler is served. * If JWT is enabled, database ID, institution ID, permission (request/approve), requestID (if permission is approve), participantID are expected in the headers. * The error message can be relayed back with NotifyWWError but it seems sensible to log it.
func SuperAuthorization ¶
func SuperAuthorization(w http.ResponseWriter, r *http.Request, next http.HandlerFunc)
* SuperAuthorization : Authorization for client portal for super users * If JWT is not enabled, the next handler is served. * If JWT is enabled, database ID, institution ID, permission (request/approve), requestID (if permission is approve), participantID are expected in the headers. * Participant ID and Institution ID are no longer mandatory because at the time it wont be necessary that those are available. * All GET requests are direct access, if there is access :- No maker checker * All POSTS are maker-checker except payout point which needs the current security lead/team member to validate before it gets merged in
Types ¶
type AuthOperations ¶
type AuthOperations struct {
// contains filtered or unexported fields
}
func CreateAuthServiceOperations ¶
func CreateAuthServiceOperations() (AuthOperations, error)
func (*AuthOperations) AuthenticateUser ¶
func (op *AuthOperations) AuthenticateUser(next http.Handler) http.Handler
This middleware will check if the provided ID token contained the user ID and will use this ID to query the record in the DB to check if this user exist. Later on, set the email in the header for later use.
func (*AuthOperations) CheckAccountNameMiddleWare ¶
func (op *AuthOperations) CheckAccountNameMiddleWare(next http.Handler) http.Handler
func (*AuthOperations) CheckPermissions ¶
func (op *AuthOperations) CheckPermissions(next http.Handler) http.Handler
This middleware will extract the request path and check if this user has the permission to access this endpoint
func (*AuthOperations) CheckTOTPMiddleWareIBMIdUser ¶
func (op *AuthOperations) CheckTOTPMiddleWareIBMIdUser(next http.Handler) http.Handler
func (*AuthOperations) CheckTOTPMiddleWarePortalUser ¶
func (op *AuthOperations) CheckTOTPMiddleWarePortalUser(next http.Handler) http.Handler
func (*AuthOperations) ExtractJWTClaims ¶
func (op *AuthOperations) ExtractJWTClaims(tokenStr string, r *http.Request) (jwt.IJWTTokenClaim, bool)
ExtractJWTClaims : parses (decodes) jwt token using secret and returns claims if successful
func (*AuthOperations) HandleGenerateIDToken ¶
func (op *AuthOperations) HandleGenerateIDToken(w http.ResponseWriter, r *http.Request)
func (*AuthOperations) HandleJWTApprove ¶
func (op *AuthOperations) HandleJWTApprove(w http.ResponseWriter, r *http.Request)
#2 Second step for JWT creation
func (*AuthOperations) HandleJWTGenerate ¶
func (op *AuthOperations) HandleJWTGenerate(w http.ResponseWriter, r *http.Request)
#3 Third step for JWT creation
func (*AuthOperations) HandleJWTRefresh ¶
func (op *AuthOperations) HandleJWTRefresh(w http.ResponseWriter, r *http.Request)
func (*AuthOperations) HandleJWTRequest ¶
func (op *AuthOperations) HandleJWTRequest(w http.ResponseWriter, r *http.Request)
#1 First step for JWT creation
func (*AuthOperations) HandleJWTRevoke ¶
func (op *AuthOperations) HandleJWTRevoke(w http.ResponseWriter, r *http.Request)
func (*AuthOperations) HandleJWTVerify ¶
func (op *AuthOperations) HandleJWTVerify(w http.ResponseWriter, r *http.Request)
func (*AuthOperations) HandlePermissionParticipantUpdate ¶
func (op *AuthOperations) HandlePermissionParticipantUpdate(w http.ResponseWriter, r *http.Request)
func (*AuthOperations) HandlePermissionSuperUpdate ¶
func (op *AuthOperations) HandlePermissionSuperUpdate(w http.ResponseWriter, r *http.Request)
func (*AuthOperations) HandlePortalLoginTOTP ¶
func (op *AuthOperations) HandlePortalLoginTOTP(w http.ResponseWriter, r *http.Request)
func (*AuthOperations) HandleSSOToken ¶
func (op *AuthOperations) HandleSSOToken(w http.ResponseWriter, r *http.Request)
func (*AuthOperations) HandleTOTPConfirm ¶
func (op *AuthOperations) HandleTOTPConfirm(w http.ResponseWriter, r *http.Request)
func (*AuthOperations) HandleTOTPCreate ¶
func (op *AuthOperations) HandleTOTPCreate(w http.ResponseWriter, r *http.Request)
func (*AuthOperations) MiddlewareCheck ¶
func (op *AuthOperations) MiddlewareCheck(w http.ResponseWriter, r *http.Request)
func (*AuthOperations) ServiceCheck ¶
func (op *AuthOperations) ServiceCheck(w http.ResponseWriter, r *http.Request)
type IRoutePermissions ¶
type MakerRequestData ¶
type MakerRequestData struct {
ID primitive.ObjectID `json:"_id" bson:"_id"`
RequestUserID string `json:"uid_request,omitempty" bson:"uid_request"`
ApproveUserID string `json:"uid_approve" bson:"uid_approve"`
InstitutionID string `json:"iid,omitempty" bson:"iid"`
ParticipantID string `json:"pid,omitempty" bson:"pid"`
Status string `json:"status,omitempty" bson:"status"`
Endpoint string `json:"endpoint,omitempty" bson:"endpoint"`
Method string `json:"method,omitempty" bson:"method"`
Timestamp int64 `json:"timestamp_request,omitempty" bson:"timestamp_request"`
}
MakerRequestData is a json-serializable type. This is the data structure that gets committed to database. The ApproveUserId is added from the beginning since altering types later is not possible.
Source Files