auth

package

v0.0.0-...-212369e Latest Latest Go to latest Published: Mar 18, 2024 License: Apache-2.0 Imports: 3 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/MTudorrrr/distribution

Documentation ¶

Overview ¶

Package auth defines a standard interface for request access controllers.

An access controller has a simple interface with a single `Authorized` method which checks that a given request is authorized to perform one or more actions on one or more resources. This method should return a non-nil error if the request is not authorized.

An implementation registers its access controller by name with a constructor which accepts an options map for configuring the access controller.

options := map[string]interface{}{"sillySecret": "whysosilly?"}
accessController, _ := auth.GetAccessController("silly", options)

This `accessController` can then be used in a request handler like so:

func updateOrder(w http.ResponseWriter, r *http.Request) {
	orderNumber := r.FormValue("orderNumber")
	resource := auth.Resource{Type: "customerOrder", Name: orderNumber}
	access := auth.Access{Resource: resource, Action: "update"}

	if ctx, err := accessController.Authorized(r, access); err != nil {
		if challenge, ok := err.(auth.Challenge) {
			// Let the challenge write the response.
			challenge.SetHeaders(r, w)
			w.WriteHeader(http.StatusUnauthorized)
			return
		} else {
			// Some other error.
		}
	}
}

Index ¶

Variables
func Register(name string, initFunc InitFunc) error
type Access
type AccessController
- func GetAccessController(name string, options map[string]interface{}) (AccessController, error)
type Challenge
type CredentialAuthenticator
type Grant
type InitFunc
type Resource
type UserInfo

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	// ErrInvalidCredential is returned when the auth token does not authenticate correctly.
	ErrInvalidCredential = errors.New("invalid authorization credential")

	// ErrAuthenticationFailure returned when authentication fails.
	ErrAuthenticationFailure = errors.New("authentication failure")
)

Functions ¶

func Register ¶

func Register(name string, initFunc InitFunc) error

Register is used to register an InitFunc for an AccessController backend with the given name.

Types ¶

type Access ¶

type Access struct {
	Resource
	Action string
}

Access describes a specific action that is requested or allowed for a given resource.

type AccessController ¶

type AccessController interface {
	// Authorized determines if the request is granted access. If one or more
	// Access structs are provided, the requested access will be compared with
	// what is available to the request.
	//
	// Return a Grant to grant the request access. Return an error to deny
	// access. The error may be of type Challenge, in which case the caller may
	// have the Challenge handle the request or choose what action to take based
	// on the Challenge header or response status.
	Authorized(r *http.Request, access ...Access) (*Grant, error)
}

AccessController controls access to registry resources based on a request and required access levels for a request. Implementations can support both complete denial and http authorization challenges.

func GetAccessController ¶

func GetAccessController(name string, options map[string]interface{}) (AccessController, error)

GetAccessController constructs an AccessController with the given options using the named backend.

type Challenge ¶

type Challenge interface {
	error

	// SetHeaders prepares the request to conduct a challenge response by
	// adding the an HTTP challenge header on the response message. Callers
	// are expected to set the appropriate HTTP status code (e.g. 401)
	// themselves.
	SetHeaders(r *http.Request, w http.ResponseWriter)
}

Challenge is a special error type which is used for HTTP 401 Unauthorized responses and is able to write the response with WWW-Authenticate challenge header values based on the error.

type CredentialAuthenticator ¶

type CredentialAuthenticator interface {
	AuthenticateUser(username, password string) error
}

CredentialAuthenticator is an object which is able to authenticate credentials

type Grant ¶

type Grant struct {
	User      UserInfo   // The authenticated user for the request.
	Resources []Resource // The list of resources which have been authorized for the request.
}

Grant describes the permitted level of access for an authorized request.

type InitFunc ¶

type InitFunc func(options map[string]interface{}) (AccessController, error)

InitFunc is the type of an AccessController factory function and is used to register the constructor for different AccesController backends.

type Resource ¶

type Resource struct {
	Type  string
	Class string
	Name  string
}

Resource describes a resource by type and name.

type UserInfo ¶

type UserInfo struct {
	Name string
}

UserInfo carries information about an autenticated/authorized client.

Source Files ¶

View all Source files

auth.go

Directories ¶

Path	Synopsis
htpasswd Package htpasswd provides a simple authentication scheme that checks for the user credential hash in an htpasswd formatted file in a configuration-determined location.	Package htpasswd provides a simple authentication scheme that checks for the user credential hash in an htpasswd formatted file in a configuration-determined location.
silly Package silly provides a simple authentication scheme that checks for the existence of an Authorization header and issues access if is present and non-empty.	Package silly provides a simple authentication scheme that checks for the existence of an Authorization header and issues access if is present and non-empty.
token

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL