chain

package

v1.1.0 Latest Latest Go to latest Published: Dec 24, 2019 License: Apache-2.0 Imports: 7 Imported by: 3

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/Microkubes/microservice-security

Links

Open Source Insights

Documentation ¶

Index ¶

Variables
func AsGoaMiddleware(chain SecurityChain) goa.Middleware
func BreakChain(message string) error
func CheckAuth(ctx context.Context, rw http.ResponseWriter, req *http.Request) (context.Context, http.ResponseWriter, error)
func NewSecuirty(mechanismType string, builder MiddlewareBuilder) error
type BreakChainError
- func (b *BreakChainError) Error() string
type Chain
type MiddlewareBuilder
- func GetSecurityBuilder(mechanismType string) (MiddlewareBuilder, error)
type SecurityChain
- func NewSecurityChain() SecurityChain
type SecurityChainMiddleware
type SecurityMiddlewareBuilders

Constants ¶

This section is empty.

Variables ¶

View Source

var ErrAuthRequired = goa.NewErrorClass("authentication-required", 401)

ErrAuthRequired is a an error builder for HTTP Authentication Required class of errors.

Functions ¶

func AsGoaMiddleware ¶

func AsGoaMiddleware(chain SecurityChain) goa.Middleware

AsGoaMiddleware wraps a SecurityChain as a goa.Middleware that can later be used with goa service and registered as a standard goa.Middleware.

func BreakChain ¶

func BreakChain(message string) error

BreakChain returns a BreakChainError with the message given.

func CheckAuth ¶

func CheckAuth(ctx context.Context, rw http.ResponseWriter, req *http.Request) (context.Context, http.ResponseWriter, error)

CheckAuth is a basic chain.SecurityChainMiddleware that checks if an auth.Auth object is set in context.

func NewSecuirty ¶

func NewSecuirty(mechanismType string, builder MiddlewareBuilder) error

NewSecuirty registers a MiddlewareBuilder for a specific security mechanism type (ex "JWT" "OAuth2", "SAML").

Types ¶

type BreakChainError ¶

type BreakChainError struct {
	// contains filtered or unexported fields
}

BreakChainError is a custom error for breaking the middleware chain. When returned by a middleware, no error is thrown back but the handlers chain is not continued.

func (*BreakChainError) Error ¶

func (b *BreakChainError) Error() string

Error returns the actual message for breaking the chain.

type Chain ¶

type Chain struct {
	MiddlewareList     []SecurityChainMiddleware
	IgnorePatterns     []*regexp.Regexp
	IgnoredHTTPMethods []string
}

Chain represents a SecurityChain and holds a list of all SecurityChainMiddleware in the order as they are added.

func (*Chain) AddIgnorePattern ¶

func (chain *Chain) AddIgnorePattern(pattern string) error

AddIgnorePattern adds an ignore pattern to this security chain. The pattern is compiled to a regular expression and must be valid regular expression. If the pattern is not valid, an error will be returned and the pattern is not added to the list of ignore patterns.

func (*Chain) AddMiddleware ¶

func (chain *Chain) AddMiddleware(middleware SecurityChainMiddleware) SecurityChain

AddMiddleware appends a SecurityChainMiddleware to the end of middleware list in the chain.

func (*Chain) AddMiddlewareType ¶

func (chain *Chain) AddMiddlewareType(middlewareType string) (SecurityChain, error)

AddMiddlewareType appends a SecurityChainMiddleware to the end of the middleware in the chain. The SecurityChainMiddleware is build using MiddlewareBuilder factory. If there is no MiddlewareBuilder registered for the specific type or an error occurs while calling the builder, an error is returned.

func (*Chain) Execute ¶

func (chain *Chain) Execute(ctx context.Context, rw http.ResponseWriter, req *http.Request) (context.Context, http.ResponseWriter, *http.Request, error)

Execute executes the security chain by calling all SecurityChainMiddleware in the middleware list in the order as they are added.

func (*Chain) IgnoreHTTPMethod ¶

func (chain *Chain) IgnoreHTTPMethod(method string)

IgnoreHTTPMethod add an HTTP method to be ignored by the security chain.

type MiddlewareBuilder ¶

type MiddlewareBuilder func() SecurityChainMiddleware

MiddlewareBuilder is a builder/factory for a particular SecurityChainMiddleware. Returns a function of type SecurityChainMiddleware.

func GetSecurityBuilder ¶

func GetSecurityBuilder(mechanismType string) (MiddlewareBuilder, error)

GetSecurityBuilder returns a MiddlewareBuilder for the security mechanism from the global registry. If no builder exists for that type of security, an error is returned.

type SecurityChain ¶

type SecurityChain interface {

	// AddMiddleware adds new SecurityChainMiddleware to the end of the security chain.
	AddMiddleware(middleware SecurityChainMiddleware) SecurityChain

	// AddMiddlewareType adds a middleware to the end of the chain. The actual SecurityChainMiddleware
	// is build by calling the MiddlewareBuilder for the specific registered type of middleware.
	// See NewSecurity function for registering MiddlewareBuilder for a specific security middleware.
	AddMiddlewareType(middlewareType string) (SecurityChain, error)

	// Execute executes the security chain.
	// It takes context.Context http.ResponseWriter and a pointer to http.Request as arguments.
	// After executing all SecurityChainMiddleware in the chain, it returns the resulting context.Context,
	// http.ResponseWriter and *http.Request. This may be different from the parameters passed to the function.
	// If an error occurred during executing the chain, and error is returned.
	Execute(ctx context.Context, rw http.ResponseWriter, req *http.Request) (context.Context, http.ResponseWriter, *http.Request, error)

	// AddIgnorePattern adds a pattern for the request path that will be ignored by this chain.
	// The request path will be matched against the ignore patterns and if match is found, then
	// the chain will not be executed and the request processing will be passed through.
	// This is useful for public resources for which we don't check the auth.
	// If the pattern is invalid, an error will be returned and the pattern is not added to the
	// list of ignore patterns.
	AddIgnorePattern(pattern string) error

	// IgnoreHTTPMethod add an HTTP method that will be ignored. Every HTTP request with this method (verb) shall
	// be passed through and ignored by the security chain.
	IgnoreHTTPMethod(method string)
}

SecurityChain represents the full security chain and exposes functions for adding SecurityChainMiddleware to the chain. It also exposes a function for executing the chain.

func NewSecurityChain ¶

func NewSecurityChain() SecurityChain

NewSecurityChain creates a new SecurityChain.

type SecurityChainMiddleware ¶

type SecurityChainMiddleware func(context.Context, http.ResponseWriter, *http.Request) (context.Context, http.ResponseWriter, error)

SecurityChainMiddleware is the basic constituent of the security chain. It acts as filter processing the incoming Request. Each request is passed to a SecurityChainMiddleware along with a context and ResponseWriter. After processing, the SecurityChainMiddleware should return the context and the ResponseWriter which will be passed to the next SecurityChainMiddleware in the security chain. This gives an option of modifying the context by adding some information in it (usually Auth) and optinally modifying the ResponseWriter itself. The SecurityChainMiddleware must return non-nil values for the context and the ResponseWriter. If an error is returned, the security chain terminates - no other middleware handlers are going to be called next.

func AsSecurityMiddleware ¶

func AsSecurityMiddleware(chain SecurityChain) SecurityChainMiddleware

AsSecurityMiddleware wraps a SecurityChain into a SecurityChainMiddleware which later can be used as part of another SecurityChain.

func FromGoaMiddleware ¶

func FromGoaMiddleware(middleware goa.Middleware) SecurityChainMiddleware

FromGoaMiddleware wraps a goa.Middleware into a SecurityChainMiddleware. This SecurityChainMiddleware can then be used as a standard SecurityChainMiddleware in the security chain. This is useful for wrapping the generated security middlewares of goadesign into a SecurityChainMiddleware and registered with the full security chain.

func ToSecurityChainMiddleware ¶

func ToSecurityChainMiddleware(securityType string, middleware goa.Middleware) SecurityChainMiddleware

ToSecurityChainMiddleware wraps a goa.Middleware into SecurityChainMiddleware. The middleware represents a specific security mechanism middleware specified by the securityType parameter. When executing this middleware, if the middleware retuns an error, the error is NOT propagated down the chain, but instead is set in the auth.SecurityContext in the SecurityErrors map under securityType.

type SecurityMiddlewareBuilders ¶

type SecurityMiddlewareBuilders map[string]MiddlewareBuilder

SecurityMiddlewareBuilders is a map that maps a security type to a specific MiddlewareBuilder.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL