Documentation
¶
Overview ¶
Package auth provides basic authentication and authorization primitives for use elsewhere in the application. TODO: Maybe move this into auth/jwt
Index ¶
Constants ¶
This section is empty.
Variables ¶
var ( // Permission for reading app users PermUserRead = gorbac.NewStdPermission("user_read") // Permissions for editing app users PermUserWrite = gorbac.NewStdPermission("user_write") PermChallengeAdmin = gorbac.NewStdPermission("challenge") PermCertAdmin = gorbac.NewStdPermission("cert") // Role that has User Read permission RoleUserReader = "user_reader" // Role that has User Write and Read permissions RoleUserAdmin = "user_admin" // Role that will have all permissions. RoleSuperAdmin = "super_admin" )
Create separate read and write permissions
var ErrInvalidToken = errors.New("invalid JWT")
ErrInvalidToken is returned if the passed in JWT is unable to be parsed by the library.
var ErrSecretTooShort = errors.New("secret length must be at least 32 bytes")
ErrSecretTooShort is an signaling the provided secret must be longer.
var ExpiryDuration = 24 * time.Hour
ExpiryDuration determines that all tokens expire 24 hours after minting.
var MinBytes = 32
MinBytes is the minimum amount of bytes for secret allowed.
Functions ¶
func NewPassword ¶
func NewPassword() string
NewPassword generates cryptographically secure random bytes, base64 encodes it, and returns it.
Types ¶
type JWTSecret ¶
type JWTSecret struct {
Secret []byte
}
JWTSecret is the type for holding the signing secret of a JWT.
func (*JWTSecret) SetSecret ¶
SetSecret allows for the secret of the signer to be set with a copied byte slice for safety.
func (*JWTSecret) Sign ¶
Sign takes a role string to be stored in the JWT and signed. WARNING: This method is dangerous to call with a cryptographically insecure secret.
func (*JWTSecret) ValidSecret ¶
ValidSecret returns an error if the secret is not long enough. Must be MinBytes long at minimum to be safe.