authmw

package
v0.17.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 27, 2019 License: Apache-2.0 Imports: 11 Imported by: 0

README

Auth Middleware

The package core/middleware/authmw is used to attach authentication information to requests and responses for REST and gRPC. To learn more about how to use auth inside of your application you should read the documentation for the core/auth package.

Examples

Attach gRPC auth middlewares to server
server := grpc.NewServer(
    authmw.NewStreamServerInterceptor(broker),
    authmw.NewUnaryServerInterceptor(broker),
)

Documentation

Index

Examples

Constants

This section is empty.

Variables

View Source 
var (
	// ErrMetadataMissing happens when there is no metadata with the request
	ErrMetadataMissing = status.Error(codes.InvalidArgument, "metadata missing")

	// ErrAuthTokenMissing happens when there is no auth token in the metadata
	ErrAuthTokenMissing = status.Error(codes.InvalidArgument, "metadata missing: auth-token")
)

Functions

func ContextWithJWTMetadata 

func ContextWithJWTMetadata(ctx context.Context, jwt string) context.Context

ContextWithJWTMetadata will add a JWT to the client outgoing context metadata

func HandlerGrants 

func HandlerGrants(grants []string, next http.HandlerFunc) http.HandlerFunc

HandlerGrants is an HTTP handler to check that the consumer in the request context has the required grants.

func HandlerRoles added in v0.6.0 

func HandlerRoles(roles []string, next http.HandlerFunc) http.HandlerFunc

HandlerRoles is an HTTP handler to check that the consumer in the request context has the required roles.

func HandlerValidateJWT 

func HandlerValidateJWT(brk auth.RSAPublicKeyCopierRenewer, next http.HandlerFunc) http.HandlerFunc

HandlerValidateJWT takes a JWT from the request headers, attempts validation and returns a http handler.

Example 
package main

import (
	"crypto/rsa"
	"net/http"

	"github.com/LUSHDigital/core/auth"
	"github.com/LUSHDigital/core/middleware/authmw"
)

var broker auth.RSAPublicKeyCopierRenewer

func main() {
	http.Handle("/users", authmw.HandlerValidateJWT(broker, func(w http.ResponseWriter, r *http.Request) {
		consumer := auth.ConsumerFromContext(r.Context())
		if !consumer.HasAnyGrant("users.read") {
			http.Error(w, "access denied", http.StatusUnauthorized)
		}
	}))
}

Output:

func InterceptServerJWT 

func InterceptServerJWT(ctx context.Context, broker RSAPublicKeyCopierRenewer) (auth.Consumer, error)

InterceptServerJWT will check the context metadata for a JWT

func NewStreamServerInterceptor added in v0.5.2 

func NewStreamServerInterceptor(broker RSAPublicKeyCopierRenewer) grpc.ServerOption

NewStreamServerInterceptor creates a grpc server option with your key broker.

Example 
package main

import (
	"crypto/rsa"
	"log"
	"net"

	"github.com/LUSHDigital/core/auth"
	"github.com/LUSHDigital/core/middleware/authmw"
	"google.golang.org/grpc"
)

var broker auth.RSAPublicKeyCopierRenewer

func main() {
	srv := grpc.NewServer(
		authmw.NewStreamServerInterceptor(broker),
	)

	l, err := net.Listen("tpc", ":50051")
	if err != nil {
		log.Fatalln(err)
	}
	log.Fatalln(srv.Serve(l))
}

Output:

func NewUnaryServerInterceptor added in v0.5.2 

func NewUnaryServerInterceptor(broker RSAPublicKeyCopierRenewer) grpc.ServerOption

NewUnaryServerInterceptor creates a unary grpc server option with your key broker.

Example 
package main

import (
	"crypto/rsa"
	"log"
	"net"

	"github.com/LUSHDigital/core/auth"
	"github.com/LUSHDigital/core/middleware/authmw"
	"google.golang.org/grpc"
)

var broker auth.RSAPublicKeyCopierRenewer

func main() {
	srv := grpc.NewServer(
		authmw.NewUnaryServerInterceptor(broker),
	)

	l, err := net.Listen("tpc", ":50051")
	if err != nil {
		log.Fatalln(err)
	}
	log.Fatalln(srv.Serve(l))
}

Output:

func StreamClientInterceptor 

func StreamClientInterceptor(jwt string) func(ctx context.Context, desc *grpc.StreamDesc, cc *grpc.ClientConn, method string, streamer grpc.Streamer, opts ...grpc.CallOption) (grpc.ClientStream, error)

StreamClientInterceptor is a gRPC client-side interceptor that provides Prometheus monitoring for Streaming RPCs.

func StreamServerInterceptor 

func StreamServerInterceptor(broker RSAPublicKeyCopierRenewer) func(srv interface{}, ss grpc.ServerStream, info *grpc.StreamServerInfo, handler grpc.StreamHandler) error

StreamServerInterceptor is a gRPC server-side interceptor that checks that JWT provided is valid for streaming procedures

func UnaryClientInterceptor 

func UnaryClientInterceptor(jwt string) func(ctx context.Context, method string, req, reply interface{}, cc *grpc.ClientConn, invoker grpc.UnaryInvoker, opts ...grpc.CallOption) error

UnaryClientInterceptor is a gRPC client-side interceptor that provides Prometheus monitoring for Unary RPCs.

func UnaryServerInterceptor 

func UnaryServerInterceptor(broker RSAPublicKeyCopierRenewer) func(ctx context.Context, req interface{}, info *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (interface{}, error)

UnaryServerInterceptor is a gRPC server-side interceptor that checks that JWT provided is valid for unary procedures

Types

type RSAPublicKeyCopierRenewer added in v0.5.2 

type RSAPublicKeyCopierRenewer interface {
	Copy() rsa.PublicKey
	Renew()
}

RSAPublicKeyCopierRenewer represents the combination of a Copier and Renewer interface

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.